In collaboration with a couple of other leaders in the industry we are releasing http://SecurityTitles.com - It's an attempt to provide transparency about role levels, expectations and (just for the US market currently, salary ranges).

@mubix Ah, yes I meant the former. Thank you for the clarification.

@mubix Love this - question, what about hybrid roles? Take the higher of the estimates?

@ZachWeinersmith Both sides benefit - but all things considered, the blue team benefits a bit more for now. The challenge for defenders has always been being a small goalie tending a large net. AI makes the net a little smaller. For attackers their attacks are better in it's execution but not necessarily in it's novelty ie. phish are more believable, malicious executables fail less often. But AI is not innovating their existing attacks ie they are still trying to get a user to click a link. So while they get to take more shots, but their targets are shrinking.

In short - the advantage belongs to the defenders for now.

Caveat - organizations that haven't implemented security basics (user scoping, vulnerability management, asset inventories, etc) are at a significant disadvantage.

Apologies for the lengthy reply.

@mattblaze thank you for providing some measure of clarity in a very cacophonous and discordant space. These are turbulent times but we still need to separate the signal from noise - precisely because there is still a fight to be had and precisely because we not yet completely powerless.

My cynicism thinks any relief here will be temporary. But my pettiness is doubled over at the thought that someone tonight will be absolutely apoplectic - https://www.nytimes.com/live/2026/03/31/us/trump-news

@evacide also her book is a riveting journey on the same topic (you knew that I know). High recommend to anyone who has not read it yet. https://mitpress.mit.edu/9780262051248/privacys-defender/