On 20 March 2025, I had the honor of moderating an amazing panel of experts during an event co-organized by JOIST Innovation Park, ISC2 Hellenic Chapter, Homo Digitalis, and Charisma Works.
I am also grateful that the cybersecurity marketing agency Bora sponsored the event! It was a vivid discussion with the audience asking not only many, but in-depth questions, proving once more that people are eager to learn more and see themselves in cybersecurity and data protection.
After the event, while we were having a nice dinner accompanied by fine local rose wine, I recently asked Michail Bletsas, Governor of the Greek Cybersecurity Agency, what he saw as the biggest cybersecurity threat on the horizon. I expected the usual suspects: AI-fueled attacks, quantum computing disruptions, or the ever-evolving ransomware economy.
Instead, he surprised me.
He leaned back and said plainly: “The greatest risk to cybersecurity isn’t technology—it’s the skills gap.”
It’s a bold statement. But the more I think about it, the more I see it as an undeniable truth.
Beyond the Hype: The Real Risk We’re Not Talking About
The cybersecurity world is quick to chase the next big threat. We pour resources into threat intel platforms, AI-based detection tools, and zero trust architectures. All important. All necessary. The same happens with businesses – they adopt the latest technology trend at the blink of the eye hoping to innovate and gain that competitive advantage that will make them finish first in an undeclared arms race.
But none of these matter if we don’t have the people to operate, interpret, and evolve these security and technology tools.
The Governor noted that, while the ISC2 Workforce Study might overstate the exact numbers, it captures something critical: the urgency of our talent crisis. We’re not just short a few specialists—we’re missing an entire layer of defenders.
And Greece isn’t alone in this. Globally, we see this echo across industries and borders.
Cybersecurity Archers and Byzantine Akrites
Yiannis Koukouras, Managing Director at TwelveSec and member of the ISC2 Hellenic Chapter, put it brilliantly. He likened our situation to 14th-century England, where national defense was only as strong as their archers. Or the akrites—the elite frontier guards of the Byzantine Empire.
These weren’t generic warriors. They were highly trained, highly skilled, and deeply embedded in their environments. The safety, security, and financial stability of England and Byzantium relied on these people and the respective emperors have understood the importance of training them.
We need to cultivate the same depth of technical expertise inside our organizations today. Cybersecurity can’t be just outsourced or bolted on. It needs to be grown within—through talent development, hands-on experience, and a cultural shift that treats cyber skills as strategic assets. This is even more important if we consider that NIS2 places personal accountability on CEOs and the Boards for failing to comply with the regulation’s requirements.
AI Adoption Hinges on People, Not Tools
Panagiotis Soulos, Information Security GRC Senior Manager at STEELMET Corporate Services and member of the ISC2 Hellenic Chapter, offered a sobering reminder: the success—or failure—of AI adoption in security won’t be about the tech stack. It’ll hinge on niche professionals, and our ability to upskill and reskill the people we already have.
As AI reshapes workflows, threat modeling, and even SOC operations, the talent gap could become even more painful. That gap can also hinder compliance with the EU AI Act, which requires human oversight for high-risk AI systems to ensure fairness and trustworthiness. Without focused, role-specific training, we risk building castles on sand.
GDPR Is Still Greek to Many
Even well-established regulations like the GDPR illustrate the gap. Lamprini Gyftokosta, Director of Human Rights and AI at Homo Digitalis, observed that—seven years in—many businesses are still lost in translation. Not just in legal terms, but in understanding how privacy can be a source of competitive advantage and innovation.
This again comes back to people. It’s not enough to appoint a DPO or run a one-off compliance workshop. Organizations need to empower their staff, at every level, to internalize these frameworks—not just check a box, but understand the opportunity within them. Compliance is not the DPOs or the IT’s responsibility. It is everyone’s responsibility!
Building Muscle Memory Through Education and Simulation
Karina Iskandarova, founder at Charisma Works, wrapped it all up with a powerful reminder: education is not optional. Continuous learning, simulation exercises, and tabletop drills should be embedded into every business playbook—regardless of size or sector.
Cybersecurity isn’t static. It’s not a certification you earn once or a policy you write and file away. It’s a living, evolving practice. And just like elite athletes or emergency responders, our teams need to train like it matters.
Because it does.
Final Thoughts: What Got Us Here Won’t Get Us There
We often talk about cybersecurity in terms of tools, tactics, and tech. But if we don’t invest in people—deeply, consistently, and strategically—we’ll never close the gap between what we need and what we have.
The enemy isn’t just AI or ransomware. The real threat is the widening chasm between risk and readiness.
And the only way across is through skills.
Let’s stop treating the cybersecurity workforce as an afterthought and start seeing it for what it is: our first and last line of defense.
Anastasios Arampatzis is a cybersecurity content strategist, writer, and consultant with expertise in cybersecurity, digital identity, and regulatory compliance. Tassos has a strong background in creating thought leadership content, marketing materials, and strategic communications tailored to CISOs, security professionals, and business leaders. He has contributed to various cybersecurity publications and collaborates with organizations to develop compelling, insightful content that addresses industry challenges. He is a privacy advocate and a member of the ISC2 Hellenic Chapter. Before joining Bora, Tassos was an Hellenic Air Force Officer with a solid background on IT and Infosec.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.