Across every industry, from financial services to healthcare to government, a dangerous pattern is accelerating. Organisations are laying off hundreds of thousands of skilled cyber security and AI professionals, the very people who stand between them and catastrophic failure. The logic behind these decisions is almost always the same: automation can replace people.
It cannot. And the consequences of believing otherwise will be measured in breaches, regulatory penalties, reputational collapse, and operational shutdowns.
The Numbers Tell a Clear Story
I have spent over 40 years working in cyber security. Within that, 36 years have been spent teaching, delivering courses from major vendors and developing my own certified programmes. In that time, I have never seen the threat landscape evolve as fast, or organisations respond as poorly, as they are doing right now.
a data breach
(expected to rise to 12M by end of 2027)
roles globally
(10.2M needed by end of 2027)
The gap between the threats organisations face and the expertise they retain is widening at an alarming rate. Every layoff of an experienced security analyst, every "cost optimisation" that eliminates a threat hunter, every restructuring that removes an AI ethics specialist, these are not savings. They are debts. And the interest rate on those debts is compounding daily.
AI Automates Tasks, Not Judgment
Let me be direct about something the boardroom presentations rarely mention: AI is a tool, not a replacement for industry knowledge. Large language models can summarise threat intelligence reports. Automated systems can flag anomalous network behaviour. Machine learning can accelerate log analysis.
But none of these systems can make the call on whether a particular pattern represents a genuine advanced persistent threat or a benign infrastructure change. None of them can navigate the politics of incident response at three in the morning when a nation-state actor has breached your supply chain. None of them understand the regulatory landscape well enough to advise the board on their disclosure obligations under GDPR, NIS2, or DORA.
When experienced professionals are made redundant, they do not wait in reserve. They leave the industry entirely. They move into consulting, change careers, or retire early. When things go wrong, and they will, the organisation cannot simply rehire its way out of the problem. The knowledge has left the building permanently.
What Happens When It Goes Wrong
The pattern is predictable because I have watched it repeat across four decades. An organisation reduces its security team. For six months, perhaps a year, nothing visibly breaks. Leadership congratulates itself on the efficiency gains. The AI monitoring dashboards show green.
Then a sophisticated threat actor finds the gap that only a human analyst would have caught. The automated system flags it as low severity, because it has never seen this specific pattern before. By the time anyone qualified looks at it, the attacker has been inside for weeks. The breach costs ten times what the "saved" salaries would have been. Often, it costs the business entirely.
This is not hypothetical. This is happening right now, across multiple sectors, in multiple countries.
The Solution Is Training, Not Termination
Decision-makers have a choice. They can continue cutting the people who protect them, or they can invest in making those people more effective. The answer is not fewer professionals, it is better-equipped professionals who understand both the legacy landscape and the new AI-driven reality.
Training is not a cost line. It is a risk-mitigation strategy. Every pound or dollar spent upskilling your existing team returns multiples in reduced breach likelihood, faster incident response, better regulatory compliance, and the retention of institutional knowledge that no AI model can replicate.
This is precisely what motivated me to build Obi.Academy. I saw, and continue to see, a critical gap: professionals who need practical, self-paced, self-study programmes that cover the ground between where they are and where the threat landscape demands they be. These courses did not exist in the form they needed to. So I created them.
The Obi.Academy Pathway
Every course in the Obi.Academy catalogue is designed to stack. You start where you need to start, and each certification builds capability toward the next. Whether you are an individual professional investing in your own career, or a decision-maker responsible for your organisation's technical workforce, this is a complete system.
Not Sure Where to Start?
If you are looking at this list and wondering which course is right for you, or for your team, I built a tool for exactly that question.
Take the Starting Point Quiz
Answer a few questions about your experience and goals, and get a personalised recommendation on where to begin your pathway.
Find Your Starting PointA Message to Decision-Makers
If you are a CTO, CISO, Head of Engineering, or anyone with budget responsibility for technical teams, I am asking you to reconsider before signing that next round of redundancies. The threat landscape is not slowing down. Ransomware groups are becoming more sophisticated. AI-powered social engineering is already outperforming traditional phishing. Supply chain attacks are multiplying. Regulatory requirements are tightening.
You do not need fewer people. You need your people to know more. Train them. Give them the tools and the knowledge to protect what you have built. The alternative, hoping that automation and a skeleton crew will be enough, is a bet you will lose.
And when you do lose it, the professionals who could have helped will already be gone.