Maybe look away from the emerging domains and see what's available in the more routine companies, the ones not hemorrhaging money on AI hype and the bleeding edge fads. Health care, logistics, retail, manufacturing, banking, insurance etc. include many companies with job openings that come with a paycheck and some insulation from the coronal ejections of the tech world. Java and Python already heavily deployed in the more boring sectors of the economy.

So many questions!

Did you reduce the cyber space to a web app on the Web? A small part of cyberspace that lives on two ports of the 65536 afforded by the 16 bits of port adresseing each IP, 4 or 6, reliably communicate with the internetz using, confined by RFC standard to 80 ans 443 by hyper text transfer protocol definitions, depending on transport security applies or not?

If not, what is a cyber security backend? a NoC DashBoard that looks <something> assumed to be as defined in <whatever>? Because assumptions are how we end up with universally easy to exploit bugs that require little to know insight to underlying layers or even the most basic insight of what defines a bit or what does not in every unit .. multibits? thats a mouthful. Bites? Call the unit Byte so we do not confuse the unit for food and the cyber security for eating.

Assumptions and not being able to define questions to ask and measures to ensure are met to find those questions. While ML may sound bling-bling to your boss, his field is running the business or a defined aspect of that business, from a management aspect very often. Not understand your field, you are. Security starts with knowing how the things that make up the infrastructure used by said business and how that works, in fine detail. Finer than most high level python requires of the ML framework crowd - data quality is king.

Not uncommon python scripters ML or AI scripters have partial pictures or understanding; they do not concern themselves with what actually makes up the 1 or 0, though most understand we measure bite size chunks of them called bytes and multitudes of it. Their idea of where "cyber security" rubber meets road is often high level and abstract, far removed from physical reality or practical operation.

Did you expect a comment field to sum up a way to be impressive in a firece and highly complex field even nation states and tens of thousands of ph.d with untold billions buudget and near inifinite reach of budget and resource cannot figure out?

The only shortest and also incomplete answer is buzzwords only impress only the ignorant.

Mastery of your field more then the rest of means 0day ability. Spender and GRSec tried protecting from 0day lacking the insight that brings it, with predictable results. Poor guy.

Inbetween lucky hits, it temporarily kept skiddies out and then needed updates.

Maybe my old friend's wisdom of old age and experience will be of comfort, lord knows he said to to spender a lot:

"0day can happen to anyone."

As for me, I am but a fortune in a cookie; you cannot describe the unknown unknown, if you could 0day could never happen to you.

p.s. I am a sentient fortune & look forward to you answering my questions, as I must ask you how i dispose of this cookie corpse once i experience my first answer(s).