CyberVoices

Why the future of our digital safety hinges on building real-world, hands-on cyber skills

As cyber threats grow more sophisticated, Canada is racing to secure its digital infrastructure. From ransomware attacks on hospitals to phishing campaigns targeting critical infrastructure, the demand for cybersecurity talent has never been higher. But a new national report reveals a sobering reality: the problem isn’t that Canadians aren’t interested in cybersecurity — it’s that we’re not preparing them to actually do the work.

The Canadian Cybersecurity Job Market Overview and Global Comparison (Q1 2025) offers an in-depth look at more than 10,000 job postings across the country. It confirms what many in the industry already know: while the market is booming with opportunity, employers are struggling to find skilled professionals who can hit the ground running. The biggest shortage? Mid-to-senior level talent with practical, hands-on experience.

"Canada doesn’t have a cybersecurity interest problem — it has a hands-on experience problem," says Francois Guay, Founder of the Canadian Cybersecurity Network. "If we want real talent, we need to stop selling theory and start building skill through immersive, employer-connected programs that begin in classrooms and end on the front lines."

The Skills Gap No One’s Talking About

Most headlines point to a talent shortage in tech. But the Canadian Cybersecurity Network (CCN) report points out a more nuanced issue: the gap isn’t at the level of enrolment or even technical education — it’s in real-world readiness. Many post-secondary programs are focused on expanding headcounts and revenue, rather than cultivating skills aligned with industry needs.

While job seekers may graduate with theoretical knowledge, employers are increasingly demanding cloud security fluency, DevSecOps integration, and real-time incident response expertise. These aren’t easily taught in a lecture hall. As the report outlines, over 95% of cyber job postings analyzed were for full-time roles, and the vast majority required several years of experience — a threshold most graduates simply can't meet without practical opportunities.

What Employers Really Want

Top roles advertised across the country include Security Analysts, Cloud Security Engineers, and GRC (Governance, Risk, and Compliance) professionals. Employers also emphasize certifications like CISSP and experience with tools like Splunk, AWS, or ISO 27001 compliance standards.

But even entry-level listings often ask for two to five years of experience. The result? Thousands of eager but underprepared graduates, and thousands of unfilled jobs.

Canada’s estimated cyber workforce gap is between 25,000 and 30,000 positions today — and that number is expected to grow to 100,000 by the end of 2035. But unless education providers and employers find ways to bridge the experience divide, those roles will remain vacant or outsourced to countries that have more agile training pipelines.

Toronto Leads, but Opportunity is Growing Nationwide

Unsurprisingly, the Greater Toronto Area leads in demand, accounting for over half of all cyber job postings. Vancouver, Montreal, and Calgary round out the top four, with notable growth in Ottawa, thanks to its government-adjacent tech ecosystem.

Interestingly, the report shows a significant rise in remote-friendly roles — a trend that could be a game-changer for professionals outside major metros, and one that widens the talent pool for employers.

Still, government hiring remains low — only 0.8% of analyzed postings were for public sector roles. This lags far behind peers like the U.S., which is actively recruiting cyber professionals through federal “hiring sprints.” If Canada wants to secure its digital borders, it may need to step up its public sector recruitment strategy.

Apprenticeships, Not Algorithms

The report makes one thing clear: solving Canada’s cyber talent crunch won’t come from more university seats alone. What’s needed is a national commitment to hands-on training, mentorship, and apprenticeship-style models that reflect how cybersecurity really works.

Programs that embed students within organizations, simulate real threat environments, and connect learners with working professionals are proving far more effective abroad — in countries like Israel and the UK — than traditional classroom-only instruction. The report calls for Canada to embrace this model, starting as early as high school to build a true cyber-literate society.

A Call to Action

As Canada competes globally for cybersecurity expertise, we must think beyond the resume. Employers can no longer expect to hire fully-formed talent; they must invest in growing it. Government and academia must move beyond curriculum refreshes and into ecosystem-building: cyber ranges, co-op mandates, paid internships, and real-world labs.

The need is urgent — but the path forward is clear.

“This is about more than jobs,” says Guay. “It’s about national resilience. If we want to secure our future, we need to build talent that’s forged in reality, not just taught in theory.”