The DisruptED World of Cyber Security with James Faxon at NukuDo

Cyber threats are no longer a background concern for IT departments. They are a front-line business risk that is growing faster than most organizations can respond to. James Faxon, Managing Director of Nukudo, a cybersecurity training company, laid out that reality plainly in a recent conversation on the Disrupt Ed podcast: the velocity and complexity of technology being deployed today has created a threat environment that is fundamentally different from what existed even ten or fifteen years ago.

Faxon pointed to the Volt Typhoon incident, a state-sponsored intrusion campaign that was discussed on the floor of the U.S. Senate, as a signal of how high the stakes have become. Nation-state actors from countries including China, North Korea, and Iran are financing organized hacking operations with the explicit goal of disrupting American infrastructure. The telecommunications sector, the healthcare industry, and the banking system have all been targeted. In healthcare especially, the consequences are not just financial: when hospital systems are frozen by ransomware, clinicians lose access to patient records and the ability to deliver acute care.

The dark web compounds the problem by functioning as a fully operational marketplace for malicious services. As Faxon described it, the visible internet is only the tip of the iceberg. Beneath the surface is a vast, organized infrastructure where bad actors can hire skilled hackers, purchase exploits, and coordinate attacks at scale. The professionalization of cybercrime means defenders are not just up against opportunistic intrusions; they are up against adversaries with real organizational structure and resources.

A workforce shortage that goes beyond headcount

Compounding the threat landscape is a severe shortage of qualified cybersecurity professionals. Faxon noted that domestic unfilled roles number in the hundreds of thousands, with global figures climbing higher still. But he was careful to draw a distinction: the problem is not simply one of volume. "It's not just a shortage of people. It's a shortage of skilled people, people that have the capability to come in and be effective and be the defenders that they need to be." Many candidates hold credentials but lack the deep technical grounding and risk-management mindset that effective cybersecurity work demands. Faxon also pointed to a pattern where talented junior professionals get promoted quickly based on project wins, before they have had time to build the foundational understanding needed for senior roles where decisions must be tied directly to business outcomes.

Traditional educational pathways have not kept pace with the industry. Faxon acknowledged that some strong programs exist, including efforts pushing cybersecurity concepts into high schools and middle schools, but characterized the broader higher education landscape as lagging. Most programs lean heavily on policy and governance frameworks while underinvesting in technical competencies. As threat environments grow more complex and technology deployment accelerates, that gap between academic curriculum and industry need continues to widen.

A different model for building cyber talent

Nukudo was built around the premise that the conventional approach to cybersecurity training is not sufficient. Rather than offering a course catalog, the company hires trainees as W-2 employees, pays them a full salary and benefits, and puts them through a structured program covering offensive and defensive techniques, governance, risk and compliance, and professional development. Candidates go through rigorous assessments, including personality evaluations and on-site interviews, before being accepted. Of thousands of applicants, Nukudo may accept only fifteen to twenty-five at a time. Those who complete the program are placed directly with partner organizations. Faxon described the model as a closed loop: identify people with the right aptitude and wiring, train them comprehensively, certify them, and place them in environments where they can contribute from day one.

On the question of artificial intelligence, Faxon offered a measured view. AI will help security operators process information faster and make quicker decisions, but it will not replace the need for human judgment. "Fundamentally, it's still gonna come down to some of the fundamentals. AI is going to be a great enabler in many, many ways." Identity and access management, data protection, and oversight of AI-driven processes will all still require skilled professionals who can interpret outputs and recognize when something is wrong. Nukudo is actively working to incorporate AI-relevant training into its curriculum, though Faxon acknowledged it remains a moving target. The broader lesson is one the cybersecurity industry keeps relearning: technology changes the tools, but it does not eliminate the need for people who understand the risk.