Cybersecurity isn’t just a technology challenge—it’s a human one.
Every year, organizations invest billions in tools, platforms, and AI-driven defenses. Yet breaches persist, ransomware evolves, and the talent needed to secure digital environments remains elusive. Ask any CISO or hiring manager what keeps them up at night, and you’ll likely hear the same refrain: We can’t find the right people.
But maybe the problem isn’t the people. Maybe it’s the system being used to find them.
The Real Issue Isn’t a Talent Gap—It’s a Hiring Breakdown
For over a decade, we’ve heard the myth of the “cybersecurity skills gap.” But the more I’ve seen—and the more I’ve experienced firsthand—it seems to me there are plenty of qualified individuals out there. The issue is deeper than a pipeline problem.
The way we hire cybersecurity professionals is fundamentally flawed.
Employers post unicorn job descriptions that combine three roles’ worth of responsibilities into one. Qualified candidates are filtered out by automated scans or rejected because their resumes don’t match unrealistic expectations. Interviews are rushed, mismatched, or even faked—literally, in some cases.
On the other side, skilled professionals—many of whom are eager to work—find themselves lost in a sea of noise, unable to connect with the opportunities that align with their capabilities and career goals. Add in economic uncertainty, AI disruption, and changing work preferences, and it’s clear the traditional hiring playbook simply isn’t working anymore.
The Workforce Has Evolved
Remote work, freelance flexibility, and the rise of the gig economy have reshaped what the cybersecurity workforce looks like. Many professionals no longer want—or need—a traditional 9-to-5 role. Some are supplementing income. Some are between jobs. Others just want the freedom to choose what they work on, and when.
But most hiring systems still operate on rigid assumptions. You’re either “in” or “out.” You either fit the job description or you don’t. This inflexibility often forces organizations to over-hire, under-resource, or delay critical security work while they search for “the right fit.”
Worse, the influx of AI-generated resumes and fake profiles has made trust harder to come by. It’s not just about whether a candidate looks good on paper—it’s whether the person showing up to do the work is really the person you vetted.
In an industry built on defending trust, this hiring environment is increasingly untenable.
Rethinking the Model: Trust, Flexibility, and Domain Expertise
We need a new approach—one that puts trust at the center of the hiring process, embraces flexible engagement models, and focuses on actual cybersecurity expertise.
That’s what platforms like 909Select are starting to offer. Built by seasoned security leaders, 909Select is a U.S.-based freelancer marketplace for cybersecurity professionals. Unlike mass-scale gig platforms, it’s intentionally focused, intentionally vetted, and intentionally secure.
Freelancers are identity-verified, background-checked, interviewed by real recruiters, and assessed by cybersecurity practitioners—not just keyword-matching algorithms. Anti-fraud tools like proxy-proof interview recording (via partner InterviewSafe) and a mutual rating system bring accountability to both sides of the equation.
That model struck a personal chord with me.
Over the years, I’ve used services like Fiverr and Upwork when I’ve needed fast help within a set budget. Occasionally, I’ve found someone who delivered exactly what I needed. But more often than not, I found myself sifting through a flood of responses—many of them off the mark or overselling their capabilities. Sure, there are rating systems, but in my experience, those are frequently gamed or misleading.
In a recent podcast episode, Launa Rich, a staffing and recruiting professional, shared similar thoughts. “I’m on Upwork every day. It is savage out there. Every cybersecurity job I keep an eye on, they get like 70 responses and they ping none of them. It’s overwhelming. There’s people from all over the world sending spammy stuff, not trusted. And it’s a headache.”
The most consistent, high-quality work I’ve ever received didn’t come from a search bar—it came from word-of-mouth recommendations from people I know and trust.
909Select feels like an attempt to digitize that experience—to create a curated cybersecurity talent network where trust is earned, verified, and built into the platform itself.
“In cybersecurity, we operate in a zero-trust world—yet the hiring process has historically relied on blind trust,” says Den Jones, Founder and CEO of 909Cyber. “At 909Cyber, we built 909Select to flip that script. We believe trust should be earned, verified, and built into every step of how companies connect with talent. This isn’t just about filling roles—it’s about securing your organization from the inside out.”
From Unicorns to Right-Fit Resourcing
Part of fixing this broken system means rethinking what we expect from roles in the first place.
Instead of packing every security function into a single job description and hoping for a miracle, organizations should modularize their needs. Need a penetration tester for one month? A compliance SME for two weeks? A security architect to review your Zero Trust strategy? You shouldn’t have to hire full-time just to get those tasks done.
Platforms like 909Select allow employers to engage trusted professionals for specific needs—hourly, part-time, or project-based. It’s a model that offers more control for employers, more opportunity for talent, and more resilience for security teams.
Building a More Trusted Cyber Talent Ecosystem
Solving the cybersecurity workforce challenge won’t come from doubling down on job boards or resume filters. It will come from reimagining the way we connect people to the work that matters—with clarity, flexibility, and mutual trust.
Whether through new platforms, new partnerships, or new internal hiring strategies, employers need to think more like CISOs when building their teams. Don’t assume. Validate. Trust—but verify.
The stakes are too high to keep playing the old hiring game. It’s time to build something better—for employers, for professionals, and for the future of cybersecurity.
