Friday, June 19, 2026Career intelligence for cybersecurity and Applied AI
Established MMXXIIIPublished by Bespoke Intermedia LLC
A journal of career intelligence for cybersecurity and Applied AI
DecipherU
Read the data the analysts read.
Cover Essay · June 19, 2026
Grounded inBLSISC²NISTMITREO*NETOECDOWASPand 7 more
Three tech jobs survive. Most do not.
DecipherU is a career intelligence service for cybersecurity and Applied AI aspirants, built on fourteen primary public sources. We do not write advice. We map your position against the labor data and identify the three categories of tech work whose wages, against the trend, are still rising.1
¹ On the evidence floorFourteen primary public sources catalogued in §IV: U.S. Bureau of Labor Statistics, ISC², NIST, MITRE, O*NET, OWASP, EU AI Act, OECD, FRED, PIAAC, and others. The methodology is open to the reader.
The labor markets we track do not describe the future advertised in headlines. They describe an asymmetry. Some categories of work are being marked down. A smaller number are being marked up sharply. The space between them is being quietly eliminated.
The most quoted forecast about artificial intelligence and labor is the wrong one. Headlines warn that a specific share of jobs will vanish by a specific year. What the labor markets we track describe is something different, and more interesting. AI is repricing tech work. Some categories are being marked down. A smaller number are being marked up sharply.1
Across the public series we read closely, the divergence is the same. The U.S. Bureau of Labor Statistics OES release shows operator-tier work in cybersecurity rising in real-wage terms while tier-two analyst compensation has flattened.2 The ISC² Cybersecurity Workforce Study reports the supply gap concentrated at the operator tier alongside a surplus of analyst applicants.3 The O*NET task taxonomy explains why: the work the operator does still requires judgment under pressure that a model cannot deliver without a named human accountable for it.4
Three categories of work resist this compression. The first sits at the negotiation table between a buyer's chief financial, information, and security officers, where eight-figure deals get closed. The second is the operator inside the production system where models meet adversaries. The third is the lean executive layer that signs liability when something goes wrong. These three are the subject of this publication.
Most career advice that reaches a working professional in 2026 was calibrated for the labor market that existed before any of this happened. The curricula of bootcamps and the syllabuses of pop business books were written against incentives that have shifted underneath them. DecipherU reads the same primary sources the analysts read. We apply them to a single question: where, if anywhere, do you sit against the three survivor categories. We return a position and a citation for it.
For some professionals who take the Risk Score, the answer is reachable within a year. For others, it is two deliberate pivots away. For a small remainder, it is the work they already do, and the only correction is to stop undervaluing it. The thesis of this issue is that knowing which of the three answers you receive is the most consequential thing a tech worker can know in 2026.
Figure 1.1Median compensation, six representative tracks, 2024 to 2030Annual, USD thousands · Projected to 2030
Illustrative. Trajectories below show the directional repricing visible in the public series. Live extracts from BLS OES and the ISC² 2025 Cybersecurity Workforce Study wire into this figure in the next issue.v. 0 · pending verification
Survivor categories shown in brass; representative declining tracks in grey. Shapes reflect the thesis-level repricing pattern. Specific dollar values pending live wiring against the BLS OES May 2026 release and the ISC² 2025 Cybersecurity Workforce Study.Source · pending verification
II.Chapter Two
Three categories of tech work whose wages are still rising.
The consolidation visible in our wage series concentrates value into three categories. They are not adjacent specialties. They are different answers to different questions about what a buyer is willing to pay a human to do that a model is not yet able to do credibly. Compensation pegs and percentile readings shown below are illustrative until the BLS and ISC² extracts wire in.
I.
Survivor · Sales
The elite enterprise closer.
Account Executive · Solutions Engineer · Field CISO
This is the work of closing eight-figure security and AI deals into buying committees that include the chief financial, information, and security officers in the same room. The deal is a negotiation between humans with different incentives. It is structurally non-automatable for as long as a buyer wants someone to look in the eye when the regulator's letter arrives.
The work of debugging production systems built on stacks the operator does not fully own. A model's behaviour in production and a SOC alert at the same time, routed to the right framework. These are the practitioners that ATT&CK, the NIST AI Risk Management Framework, and the OWASP LLM Top 10 were written for. The pipelines that fed this category are short on supply at the operator tier.
The shrinking executive layer that signs liability for models, for data, and for breaches. As headcount thins in the middle, the small number of professionals who own the regulator-facing conversation are paid disproportionately. This category requires both a practitioner background and the willingness to be named in a filing.
A fourth category, frontier researchers and originator-founders, is not within scope. Categories outside tech, such as the skilled trades and licensed clinical work, are resilient for different reasons that are not the subject of this publication.Read the scope statement
III.Chapter Three
One console, with citations attached to every claim.
DecipherU operates as a single working terminal, not a course library and not a job board. Each panel resolves to a primary source. Each recommendation can be traced to a federal dataset, a published framework, or an editor by name.
A · Score, headlineA single calibrated number against a hundred-point scale. Composed of six weighted axes, each with its own primary source and confidence interval.
B · Mapped roleThe reachable role closest to the reader's starting point, expressed as the survivor track, the fit coefficient, and the gap.
C · Median trajectoryWhere comparable practitioners arrived twelve months after acting on the same pathway. Sample size disclosed.
DecipherU · Console
PathwayScoreFilesCoach
Operator tier
Pathway · Survivor II · AI Security Operator
From SOC tier-2 to AI Security Operator
Median trajectory shape pending live wiring from the BLS and ISC² workforce series. The shape shown here is illustrative.
Time to viability
11 p50 · mo · illus.
Compensation delta
+$92K p50 · illus.
Demand index
3.4× illus.
Supply deficit
−47% illus.
LiveReading from BLS OES and ISC²Citation in §IV
D · Citation railEvery figure on this console is hyperlinked to the dataset that produced it. The link is the citation.
E · Decipher FilesThe editorial queue. Briefs reviewed against the standards memorandum before publication.
F · CoachA retrieval-grounded assistant. It will not answer a question without a source in this publication or in the underlying datasets.
IV.Chapter Four
The evidence floor. Fourteen public sources, named.
DecipherU does not publish opinion. We aggregate, normalize, and cross-reference fourteen primary public datasets and frameworks. They are the same sources federal agencies, large insurers, and enterprise security organisations cite by name. If a figure is not sourced, it is not published.
01
BLSU.S. Bureau of Labor Statistics, Occupational Employment and Wage StatisticsWage and employment series for tech occupational families. Primary input for the wage durability axis.
OES, current
02
NISTNational Institute of Standards and TechnologyNICE Workforce Framework for the role taxonomy. AI Risk Management Framework 1.0 for governance mappings.
SP 800-181
03
MITREThe MITRE CorporationATT&CK for adversary technique mappings. ATLAS for adversarial machine learning threats.
current
04
ISC²International Information System Security Certification Consortium2025 Cybersecurity Workforce Study. The canonical supply-side instrument for the security labor market.
2025
05
O*NETU.S. Department of Labor, Occupational Information NetworkTask-level taxonomy applied to score the AI-automation exposure of each role.
current
06
OWASPOpen Worldwide Application Security ProjectLLM Top 10 and the AI Security and Privacy guide for adversarial AI threat modelling.
current
07
EU AIEuropean Union Artificial Intelligence ActHigh-risk classification thresholds and conformity assessment requirements.
in force
08
WEFWorld Economic Forum, Future of Jobs ReportBiennial labor-market series naming the fastest-growing and fastest-declining occupational families. Triangulates BLS and ISC² against a global comparator.
2025 ed.
09
ENISAEuropean Union Agency for CybersecurityThreat landscape reports used as a secondary cross-reference against MITRE ATT&CK and ATLAS.
current
10
CISAU.S. Cybersecurity and Infrastructure Security AgencyKnown Exploited Vulnerabilities catalogue. Secure-by-design guidance for governance assessments.
current
11
SANSSANS InstituteCurriculum maps used to triangulate the framework coverage of practitioner pathways.
current
12
FREDFederal Reserve Economic DataReal-wage deflators applied to BLS compensation series. Macroeconomic context for the wage durability axis.
current
13
OECDOrganisation for Economic Co-operation and DevelopmentAI in the workplace and AI policy observatory readings. Cross-jurisdictional comparators.
current
14
PIAACProgramme for the International Assessment of Adult CompetenciesAdult skill-and-competence data. Basis for the mobility axis in the six-axis fit signature.
2024 wave
Editor in ChiefNamed, credentialed, accountable.
Julian Calvo, Ed.D., M.S.
Editor in Chief · Founder, Bespoke Intermedia LLC
Ed.D., Learning SciencesUniversity of Miami
M.S., Organizational Learning and LeadershipBarry University
MBA, MarketingLynn University
M.S., Applied AI in CybersecurityNortheastern, in progress
Doctoral research in psychometric assessment design and applied learning sciences. The DecipherU Method is built on that research. The publication's authority lives in the fourteen named sources above. The editor reads them, applies them, and cites them.
“If a number cannot be sourced to a public dataset or a named framework, it does not appear in this publication.”
On July 19, 2024 at 04:09 UTC CrowdStrike pushed a Falcon Sensor channel-file update that triggered a kernel-mode null-pointer dereference on Windows hosts running the affected sensor version. The result was a worldwide BSOD-and-reboot loop. Microsoft estimated 8.5 million Windows devices affected. The outage grounded over 5,000 commercial flights, halted hospital systems including emergency departments, and made the case the canonical worked example of vendor-stability risk in the EDR and kernel-driver class.
Cl0p exploited CVE-2023-34362 in Progress Software's MOVEit Transfer to steal data from approximately 2,500 organizations through a single managed-file-transfer dependency. The breach is the canonical case study for third-party software risk and for how a cybersecurity team should structure detection of zero-day SQL-injection in any managed-file-transfer product, not just MOVEit.
The Air Canada chatbot ruling is the Applied AI accountability case that ended the argument over whether a company can disclaim its own chatbot. In February 2024, the British Columbia Civil Resolution Tribunal held Air Canada liable for incorrect bereavement-fare information delivered by its website chatbot, rejecting the airline's defense that the chatbot was a separate legal entity.
DecipherU Editorial · November 2022 (chatbot interaction); February 2024 (ruling)
ALPHV/BlackCat affiliate Scattered Spider used a 10-minute vishing call against MGM Resorts' IT help desk to obtain credentials for a privileged Okta account, then encrypted the casino operator's infrastructure. The shutdown lasted 10 days, cost MGM approximately $100 million in direct revenue, and produced the canonical 2023 case study for help-desk security controls.
ALPHV/BlackCat encrypted Change Healthcare's claims-processing infrastructure on February 21, 2024, halting prescription processing, claims adjudication, and provider payments across roughly one-third of US healthcare. UnitedHealth Group (the parent) eventually disclosed approximately 100 million affected individuals, the largest healthcare breach in US history at the time of disclosure.
The Samsung ChatGPT data leak is the Applied AI shadow-IT case study that prompted enterprise bans on consumer LLMs. In April 2023, Samsung Electronics confirmed that engineers had pasted proprietary semiconductor source code, internal meeting recordings, and other sensitive material into ChatGPT to seek help with debugging and summarization. Samsung subsequently restricted use of generative AI tools on company-owned devices.
The EU AI Act is the Applied AI regulatory framework that established the first cross-sector legal regime for artificial intelligence. The European Parliament adopted the Act on March 13, 2024, the Council approved it on May 21, 2024, and the Act entered into force on August 1, 2024 with phased application running through August 2027. The Act is both the failure-pattern reference (because it codifies categories of AI use that produced documented harms) and the mitigation-pattern reference (because it sets the operational requirements that compliant builders follow).
DecipherU Editorial · March 2024 (adoption) through August 2027 (full application)
The practitioner courses teach the discipline. The cert-prep add-ons translate each course into the exact exam blueprint. Bundles combine two or three courses at a structural discount. Every figure below is the actual checkout price.
Each add-on layers on top of a parent course. Pricing sits between commodity prep ($15 to $50) and bootcamp-grade ($497+). Designed for working professionals who already have the practitioner course and want a focused exam ramp.
Security+ SY0-701 exam-ready ramp on top of SOC Analyst Fundamentals. Five domain reviews mapped to the official CompTIA blueprint, four full-length mock exams, and a flagged-answer review workflow.
ISC2 Certified in Cybersecurity (CC) exam-ready ramp on top of GRC and Compliance Fundamentals. Five domain reviews mapped to the official ISC2 CC outline, three full-length mock exams, and the ISC2 free-exam application walkthrough.
AWS Certified Security - Specialty (SCS-C02) exam-ready ramp on top of Cloud Security Fundamentals. Six domain reviews mapped to the official AWS exam guide, three full-length mock exams with scaled scoring, and hands-on labs in the AWS free tier.
AWS Certified AI Practitioner exam-ready ramp on top of the AI Engineering Mastery foundation modules. Five domain reviews aligned to the official AWS exam guide, three mock exams, and worked examples of the AWS AI and ML service catalog (Bedrock, SageMaker, Comprehend, Rekognition, Transcribe, Polly).
Microsoft AI-102 exam-ready ramp on top of AI Engineering Mastery. Domain reviews aligned to the official Microsoft Learn exam study guide, three full-length mock exams, and hands-on labs for the Azure AI service catalog (Azure OpenAI, AI Search, AI Content Safety, Document Intelligence, Speech, Vision, Language).
Google Cloud Professional Machine Learning Engineer exam-ready ramp on top of AI Engineering Mastery. Domain reviews aligned to the official Google Cloud exam guide, three full-length mock exams, and worked Vertex AI scenarios including pipelines, model registry, endpoints, and Vertex AI Search and Conversation.
IAPP Artificial Intelligence Governance Professional (AIGP) exam-ready ramp on top of AI Governance and Risk. Domain reviews aligned to the official IAPP AIGP body of knowledge, three 100-question mock exams, and a focused review of NIST AI RMF, NIST AI 600-1, and the EU AI Act.
Real outcome data wires into this section once the first cohort completes the 90-day outcome-survey cycle. Until then, the three cards below are illustrative composites describing the trajectories the methodology is designed to produce. Each real testimonial that lands here arrives with written permission and a survivor-track attribution.
Illustrative · pending first cohort
“Two minutes to the Risk Score, two pivots to the role. The compensation band on my offer ended up inside the table on the cover.”
Survivor track · AI Security OperatorFrom SOC tier-two, twelve-month trajectoryPathway · AI Security Operations Mastery
Illustrative · pending first cohort
“I read the methodology before I paid for the course. The projections were on the BLS side of conservative. That is exactly what made me trust the rest of it.”
Survivor track · AI Product ManagerCareer switcher, prior PM backgroundPathway · AI Product Management
Illustrative · pending first cohort
“The cert-prep add-on translated the practitioner course into Security+ in thirty hours of focused study. Passed the first attempt.”
Methodology note. DecipherU collects testimonials via an outcome-survey cron sent ninety days after course completion. No quote enters this section without written permission and a verifiable trajectory. See §IV for editorial standards.
VI · Enter
Begin with the score.
It is free to read everything we publish. The two-minute Risk Score requires no account, no payment, and no email gate. Read it, then decide whether to continue.