A Region Under Siege — and Short-Staffed
Latin America is contending with a cybersecurity talent crisis at precisely the moment it can least afford one. The region faces 40% more cyberattacks than the global average, yet companies there continue to struggle with finding and retaining qualified defenders. A newly released labor report from Ekoparty — a long-running annual cybersecurity conference headquartered in Buenos Aires with a newer presence in Miami — shines a detailed light on why, and what organizations can do about it.
The report, shared exclusively with Dark Reading on April 1, 2026, is drawn from a survey of 605 Latin American cybersecurity professionals. Its aim was to map the realities of the regional talent market, identify structural obstacles, and outline actionable paths forward for employers who are struggling to close security gaps.
Why LatAm Is a Uniquely Challenging Threat Environment
The cybersecurity challenge facing Latin America is not simply a scaled-down version of global problems — it has distinct characteristics that demand tailored responses. Brazil offers a telling example. The country became a leader in standardized mobile payment processing when it deployed its Pix payment system in 2020, making it a pioneer in financial technology adoption. However, that same infrastructure has turned Brazil into a hotbed for banking Trojans and phishing attacks.
The problem has been further compounded by the widespread proliferation of hacking kits that require little to no technical expertise to deploy, lowering the barrier to entry for cybercriminals. While cyber maturity remains broadly underdeveloped across many LatAm organizations, the specific threat vectors facing individual nations add layers of complexity that general cybersecurity frameworks are ill-equipped to address. The existing talent pool, the report warns, is simply not large or accessible enough to get ahead of the surging risk.
The Self-Taught Majority
One of the most striking findings in the Ekoparty report concerns how cybersecurity professionals in the region actually acquired their skills. Despite the technical rigor associated with cybersecurity work, 70% of respondents said they learned primarily through informal pathways — such as online courses and hands-on, on-the-job experience. Only 44% held a university degree, and only about 53% held at least one professional certification.
This stands in stark contrast to how many organizations structure their hiring requirements, which frequently mandate formal academic credentials. The gap between how talent actually develops and what employers demand on paper is, according to the report, a primary reason so much qualified talent goes untapped.
Freelancing, Side Work, and the Security Community's Real Culture
The picture is further complicated by the working habits common in the regional security community. While 79% of survey respondents hold full-time roles, nearly half — 44% — maintain a second related occupation. These secondary activities include security research, teaching, and participation in bug-bounty programs.
Many employers, especially those outside the tech industry, may view such parallel work as a red flag. The Ekoparty report argues the opposite: this behavior is a reflection of deep professional engagement and a hallmark of how the global security community operates. Organizations that impose strict exclusivity expectations may inadvertently filter out exactly the kind of motivated, multi-disciplinary professionals they need most.
Entry-Level Talent and a Gender Gap
The report also draws attention to segments of the talent pool that are being systematically underutilized. Roughly 35% of respondents had fewer than three years of experience in the field — a significant share of early-career professionals who could help fill critical staffing gaps if given the opportunity. Yet many security job postings continue to demand a decade or more of experience, creating an artificial bottleneck.
Gender dynamics add another layer to the challenge. Women, on average, enter the cybersecurity field between seven and ten years later than men. The report identifies this delay as a symptom of structural barriers to entry that, if addressed, could meaningfully expand the available talent pool over time.
What Candidates Actually Want
While compensation is always a consideration, the report emphasizes that it is far from the only factor candidates weigh when evaluating prospective employers. Survey respondents identified the following as key attributes of an ideal workplace:
- Genuine recognition of employee expertise
- Flexibility in work arrangements, including remote and hybrid options
- A demonstrated commitment to employee well-being
- Job stability and long-term career prospects
These factors are significant because they represent areas where organizations can improve their appeal to candidates without necessarily increasing salary budgets. Ekoparty suggests that companies willing to invest in these non-monetary attributes can access a broader and more motivated talent base.
"Ultimately, while cybersecurity demands a high level of expertise and commitment, professionals in Latin America are equally driven by the desire to build meaningful, balanced, and sustainable careers within a rapidly evolving industry."
A Structural Hiring Problem — and a Path Forward
Federico Kirschbaum, a co-founder of Ekoparty, told Dark Reading that a frustrating chicken-and-egg problem pervades security hiring across the region. Whether a company is making its first cybersecurity hire or its tenth, job requirements often call for ten or more years of experience — yet the salaries being offered are not commensurate with that demand. The result is that candidates walk away, and organizations are left with gaping holes in their security teams that budget constraints prevent them from filling.
Kirschbaum argues that the solution is not to wait for perfect candidates to materialize, but to actively become part of the talent development pipeline. Organizations should recalibrate their hiring processes to recognize and embrace professionals who come from informal learning backgrounds.
"Our pitch is, Hey, I think there are many people in this industry that come from an informal background in terms of learning," Kirschbaum said. "They are proficient. They are not here only for the money, but also because they really love what they do. But to an extent, we need to make companies aware that if you want to grab this talent, you also need to retune your hiring so you are part of the learning experience. I think talent is being formed not only from the academia but also from the industry."
The broader message from the Ekoparty report is clear: Latin America has a vibrant, passionate, and growing cybersecurity community. The professionals are there. What is missing is a willingness among many employers to adapt their expectations to meet that talent where it actually exists — informal credentials, multiple employers, and all.
Source: Dark Reading