To effectively staff cybersecurity teams, organizations in Latin America have a clear mandate to expand their search and engage the region's diverse, non-traditional talent pool. This adjustment is increasingly necessary as local threat activity outpaces global averages, requiring well-resourced teams to maintain solid defense postures.
These findings stem from an employment report released by Ekoparty, an annual cybersecurity conference hosted in Buenos Aires and Miami. The organization shared its analysis, based on a survey of 605 Latin American security professionals, to identify structural hiring challenges and offer practical guidance for security leaders looking to grow their teams.
Latin American organizations experience roughly 40% more security incidents than the global average, requiring proactive defense strategies tailored to the region. The security requirements in these countries are highly specific. For example, Brazil successfully deployed its standardized Pix mobile payment system in 2020. While a major technological advancement, the platform's wide adoption introduced new security demands, as the system became a frequent target for banking Trojans and phishing campaigns. The availability of automated threat tools that require minimal technical knowledge has further complicated this environment. Relying solely on traditional, formal talent pipelines is no longer sufficient to manage these specific risks and ensure organizational resilience.
A community built on self-directed learning and independent research
Many organizations assume that technical security roles require formal university degrees. However, the survey data shows a different reality: 70% of respondents developed their capabilities through informal pathways, such as online courses and hands-on experience. Only 44% hold a university degree, and roughly half (53%) possess at least one industry certification.
Work arrangements within the community also differ from traditional corporate expectations. While 79% of respondents work in full-time roles, 44% maintain a second, related occupation. These secondary roles frequently include security research, teaching, or participating in vulnerability reward programs. Security professionals often split their time across different community projects, a reality that hiring organizations can accommodate to attract highly skilled individuals.
These data points indicate substantial, underutilized opportunities for security leaders to connect with a broader segment of the practitioner community.
This is particularly relevant for entry-level professionals. About 35% of respondents had fewer than three years of experience. This is a critical metric for hiring managers to consider, given that many job descriptions request a decade of experience for roles that could be filled by developing practitioners. Furthermore, women enter the security field between seven and 10 years later than men on average. Addressing the structural barriers that cause this delay provides a direct path to expanding the talent pool and building more capable, diverse teams.
Fostering developing talent
While security budgets often require careful management, financial compensation is not the only factor candidates evaluate when considering an employer. The survey shows that professionals highly value employee well-being, flexible work arrangements (such as remote or hybrid schedules), recognition of their expertise, and job stability. By prioritizing these elements, organizations can build appealing environments for candidates while remaining conscious of financial constraints.
"Ultimately, while cybersecurity demands a high level of expertise and commitment, professionals in Latin America are equally driven by the desire to build meaningful and sustainable careers within a rapidly evolving industry," the report noted.
Federico Kirschbaum, a co-founder of Ekoparty, observed that the industry often struggles with a cyclical hiring problem. Organizations frequently require 10 or more years of experience for early security hires, but offer compensation misaligned with that level of seniority. This mismatch deters qualified candidates and leaves security teams understaffed if organizations cannot adjust their salary bands.
To resolve this, companies can meet professionals where they are by fostering developing talent and integrating with the community.
"Our pitch is, Hey, I think there are many people in this industry that come from an informal background in terms of learning," Kirschbaum says. "They are proficient. They are not here only for the money, but also because they really love what they do. But to an extent, we need to make companies aware that if you want to grab this talent, you also need to retune your hiring so you are part of the learning experience. I think talent is being formed not only from the academia but also from the industry."
About the author
Alexander Culafi is a Senior News Writer based in Boston. After beginning his career writing for independent gaming publications, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts a weekly podcast and works on personal writing projects, including two previously self-published science fiction novels.