For those of us working in the cyber security industry, 2023 was a bit of a rollercoaster ride. The good news is that according to the latest ISC2 Global Workforce Study, the number of people employed reached a previously unseen height of 5.5 million. Yet this is somewhat tempered by the minor issue of the 4-million-person shortfall needed to adequately defend against global cyber threats.
With nearly half of those surveyed by ICS2 claiming their companies dealt with layoffs, reduced budgets and/or hiring freezes last year, we’re faced with a frustrating paradox. The escalating demand for skilled cybersecurity personnel, driven by the surge in cyber threats and evolving attack methods, contrasts sharply with the reluctance of employers to fill vacancies due to a fear of economic uncertainty.
It’s a situation that is likely to continue well into 2024 and one which, as recruiters, we’ll be heavily involved in rectifying. So, as we go into this year, what is in store for the cyber security workforce?
Which roles will be most in demand?
In many ways, with the lack of consistency in security job titles and descriptions, it’s often more about the skills and experience a candidate can bring to the role than the role itself. Yet if we look at it objectively there are some jobs which will become more important, and crucially, more in demand over the next 12 months.
With the new SEC regulations requiring someone with cybersecurity expertise to sit on all US Boards, the role of CISO or CSO is likely to transition to include more of a focus on business oversight. In research from ISSA, 36% of CISOs stated it was likely or very likely that they will leave their current job this year, and 46% have considered leaving cybersecurity altogether due to the stress of the role. All of this means there will be a shortage in the C-Suite and a need for those at the level below to step up.
Elsewhere in the cyber team, the most in-demand roles correlate to the evolution of cyber technologies. According to Fortinet’s global study, Cloud Security is currently top of the list, as well as being one of the hardest to fill roles for all organisations. Network Security and Risk Analyst roles are also going to be needed this year.
On a macro level, as the threat landscape changes, risk levels are shifting toward different industries. The sectors now in near critical need of cyber security are digital assets and those developing AI technology. Furthermore, there was a significant rise in the threat level for the manufacturing, professional services and education industries last year, so we would expect a corresponding increase in hiring need for security teams there.
How will tech developments impact hiring?
As the subject of an overwhelming amount of cyber security discourse in 2023, it’s only natural that Artificial Intelligence (AI) will play a role in employment trends this year. Its growth must be taken with a pinch of salt; AI isn’t going to take everyone’s jobs just yet, but in a brief time those with AI skills just might! The key benefit for the cyber workforce here comes in the form of automation, as by computerizing routine tasks and triage, AI can free up time for professionals to take on more advanced threat hunting or response work - arguably more valuable to their organisation. It can also serve as a training tool itself, allowing less-experienced individuals to learn quickly and for developers and analysts to enhance their skills using feedback and query mechanisms.
For organisations, especially in the MSSP and End User space, it’s going to be essential to upskill your workforce in AI this year. Businesses who fall behind in the AI race will be unable to match the efficiencies and defensive capabilities of their competitors, in effect pricing themselves out of the market.
What changes will we see in working patterns?
In the UK, London remains the leading hub for cybersecurity jobs, with other hotspots including Bristol, Manchester and Edinburgh. Elsewhere in EMEA we’re expecting to see the increasing importance of France, Germany, The Netherlands and Portugal as key growth areas, and across the pond, Washington D.C. remains is a top destination for roles due to the concentration of government agencies, defence contractors and cyber security firms.
Despite stories of large corporations enforcing a “back to the office” policy in 2023, hybrid working continues to be a top choice for both employees and employers. Flexibility is in fact a powerful hiring tool; for startups, SMEs or organisations in the not-for-profit sector which tend to pay lower salaries than major corporations, flexible working arrangements are used to encourage applications and improve retention.
The upcoming UK Employment Relations (Flexible Working) Act in 2024 will also allow employees to request changes to their work flexibility twice a year, making the process much more employee led. However, these requests can still be denied by the employer so it’s unclear how much will really change.
How will the skills shortage be tackled?
As the cyber landscape shifts and we see significant technological evolution, we would expect to see a change in the most in-demand skills for candidates. Obviously, AI is going to be a hot skill and those with the ability to harness this tech and use it for defensive means will be at the top of the hiring manager’s in-tray. According to data from LinkedIn, in Jan 2023 there were twenty-six times more job listings mentioning terms linked to generative AI as there were just a few months earlier in October. In addition, there’s a growing need for cloud computing skills and for those who understand the difference between cloud security and information security. On the tech front, we’d also expect data analysts, white hat hackers and app developers to be able to command higher salaries and capitalize on demand in the job market.
However, we should not underestimate the importance of soft skills; ISC2 lists communication as the second most in-demand skill this year and ranks networking highly on the list. Ultimately, if you can’t communicate your security needs to the rest of the organisation and get buy in from leadership and the Board, your efforts will fail. Likewise, governance skills will rise to prominence this year with an increase in the regulations and compliance requirements teams need to be aware of.
One thing is for sure, 2024 looks set to be just as turbulent as the year before! For companies operating in the industry, the best way to weather the storm is to ensure you have the right people with the right skills filling your security team. For professionals, it means a focus on upskilling and using the tools and training certifications available to you to build your expertise in in-demand areas.
If you would like more advice on launching your job search in 2024, get in touch with the expert team at Trident Search today.