RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Mario Vuksan

Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

SSCS is a footnote that grew up, moved out, and got its own report. 

Read More about Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 
Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
Events
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
Security OperationsJuly 1, 2026

AI use in cybersecurity is on the rise — and so is burnout

The Life and Times of Cybersecurity Professionals study highlights a trend that has accelerated as cyber has become more complex.

John P. Mello Jr.
John P. Mello Jr., Freelance technology writer.John P. Mello Jr.
FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
AI secops burnout

More than 80% of organizations’ cybersecurity operations are currently getting an assist from AI or are planning to adopt it, but nearly seven out of 10 security pros say their jobs have gotten harder since the widespread adoption of AI began. That’s a finding from the latest cybersecurity report from the Information Systems Security Association (ISSA) and research and consulting firm Omdia.

The Life and Times of Cybersecurity Professionals study noted that job satisfaction numbers have been consistent throughout its eight-year history. Nearly half of respondents have thought about leaving their role in the past 18 months, the ISSA and Omdia researchers found. And among those contemplating a change, 57% have considered leaving cybersecurity entirely.

When asked why they would leave the cybersecurity profession, 53% cited job stress, 37% complained that they have no career advancement opportunities, 34% want better  work-life balance, and 33% decried their organization’s lackluster commitment to cybersecurity, said Shawn Murray, ISSA’s chief information security officer (CISO) and former president. 

“Burnout is a significant factor in our industry right now because of lean IT and cybersecurity staffs and the demands the business is putting on cyber teams and professionals.”
—Shawn Murray

The researchers also found that more than two-thirds (68%) of respondents agreed that being a cybersecurity professional has become more difficult over the past two years. Of those, more than half (55%) put the blame on the increase in cybersecurity complexity and workloads, and 52% pointed to cyberthreats and expansion of the attack surface.

Here are key takeaways from the study — and insights from experts to put them into context.

[ See webinar: How to Build High-Fidelity Threat Intel Feeds for Agentic AI ]

Effects of the skills shortage

The study found that 75% of information security pros said the global cybersecurity skills shortage has impacted their organizations to some extent. That’s a higher share than in previous years, the researchers wrote, although the study didn’t show that the cybersecurity skills shortage has gotten worse. Nonetheless, respondents reported significant effects on their security programs, including redirected time (44%), increased workload on existing staff (42%), increased burnout and attrition of staff (37%), increased human errors associated with cybersecurity tasks (27%), and the need for more budget for services or consultants (24%).

Infosec pros offered the researchers a number of ideas for addressing the skills shortage in their industry. The top recommendation, cited by 42%, was a greater organizational commitment to training candidates in what security teams need them to do, followed by higher compensation levels (40%) and keeping HR personnel and recruiters informed about cybersecurity needs so they can better target recruitment (36%). There was less enthusiasm forincreasing adoption of AI (24%) and delegating some cybersecurity tasks and processes to IT (17%).

Increasing training investment was endorsed by ISSA President Jimmy Sanders, who  said in a statement:

“The profession is struggling not because talent is scarce, but because organizations are not investing enough in the people they already have.”

Despite the lack of enthusiasm forAI, the researchers argued that it might help alleviate cybersecurity professionals’ heavy workloads. For example, they noted, AI can help automate tedious, time-consuming tasks, including data gathering and analysis, and could speed up response time and simplify remediation.

The researchers also noted that half of organizations are already using AI to automate scanning and testing, with 48% leveraging the technology for predictive analysis. Those use cases help, but they aren’t the answer to the skills shortage, said Melinda Marks, practice director for cybersecurity at Omdia.

“AI will not close the cybersecurity skills gap on its own. Organizations getting the most from their security programs need to invest in their people first. Training, inclusion, and clear career paths are not soft benefits. They are what make everything else work.”
—Melinda Marks

And while new AI tools should help, ISSA’s Murray cautioned that not all of them are equal. “CISOs have to do their due diligence to ensure that they’re adopting that automation through vendors with proven tools that have been vetted, that are meeting design constraints, that are approved by the industry,” he said.

AI seen as a disruptive force

To this year’s survey respondents, AI is foremost a disruptive technology that adversaries are wielding to their advantage. Marks characterized the resulting struggle. 

“It’s a war right now, and war requires strategy and tactical approaches.”
—Melinda Marks

Defenders will need AI to fight AI, she said “because only machines can scale like machines. Cybersecurity professionals still need a really strong skill set, but they need to be able to use AI to stay ahead of the AI.”

AI’s effects are far-reaching, she said, and permeate the survey’s results. 

“It’s affecting jobs. It’s affecting skill sets. It’s affecting workplace evolution, and just about everything else that we’re talking about.”
—Melinda Marks

The rise of the virtual CISO

On the leadership front, the survey found that nearly two-thirds (63%) of organizations have CISOs, a smaller percentage than what was reported in 2024 (76%). However, there was a noticeable jump in the number of virtual CISOs, from 5% in 2024 to 16% in 2025.

Virtual CISOs appeal to organizations whose size doesn’twarrant the expense of a full-time CISO (48%), to those exploring whether they need a full-time CISO (40%), to those who see a need only for an experienced advisor (37%), and to those that are between full-time CISOs (28%).

The role itself is seeing more emphasis on soft skills. Security pros told researchers that they considered leadership skills the most important quality of a successful CISO (37%), followed by business skills (22%), technical skills (13%), and management skills (13%). 

Leadership skills such as the ability to communicate to the board are in ascendance, Murray said.

“A lot of it is just relationship building, understanding the business, [and] being able to communicate.”
—Shawn Murray

Keep learning

  • Learn how Gartner® named RL a supply chain security 'visionary.' Download: Gartner® Magic Quadrant™ for Software Supply Chain Security.
  • Get key insights into why Gartner® identified binary analysis as a must-have control in its recent CISO Playbook for Commercial Software Supply Chain Security.
  • Get up to speed on the Agentic Development Security tools landscape in this webinar with Forrester Sr. Analyst Janet Worthington.
  • Take a deep dive on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar discussing the findings.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Plus: Join the free Spectra Assure Community today to get hands-on with RL's binary analysis-based software supply chain security platform.

Tags:Security OperationsArtificial Intelligence (AI)/Machine Learning (ML)

More Blog Posts

AI vs AI robots

Can AI beat AI? 3 challenges with VulnOps adoption

SecOps leaders must tackle cost and risk to deliver autonomous vulnerability operations. But with frontier AI, it's critical.

Learn More about Can AI beat AI? 3 challenges with VulnOps adoption
Can AI beat AI? 3 challenges with VulnOps adoption
SecOps and AI

Working with agentic AI: A SecOps survival guide

Agentic AI will disrupt how SOC teams are built — and the way CISOs hire. Here’s how to embrace AI.

Learn More about Working with agentic AI: A SecOps survival guide
Working with agentic AI: A SecOps survival guide
Post-quantum security

Crypto group ushers in post-quantum security

Here’s a look at the Ethereum Foundation’s new PQC security effort — and why you need to modernize your SecOps.

Learn More about Crypto group ushers in post-quantum security
Crypto group ushers in post-quantum security
Cybercrime-as-a-service

Cybercrime-as-a-service forces a security rethink

With AI-powered tools readily available, sophisticated attacks no longer require sophisticated attackers.

Learn More about Cybercrime-as-a-service forces a security rethink
Cybercrime-as-a-service forces a security rethink

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top