Cybersecurity groups find themselves understaffed, overworked, and stressed about keeping up with an evolving risk landscape, as cyberattackers continually come up with new tactics to attack organizations and organizations drive their adoption. of the newest technologies.
As a result, security professionals will need to continually improve to ensure they meet organizations’ new capabilities demands. Unfortunately, deciding which capabilities to expand can be difficult, as there are a dizzying number of branches in the cybersecurity capabilities tree, and security professionals may not know what will produce the greatest performance, now and in the years to come.
In a recent survey of 7,698 hiring managers and 8,154 non-hiring managers in cybersecurity worldwide, cybersecurity training organization ISC2 sought insights into the most pressing, in-demand skills for security pros today. Both groups shed important light on their organizations’ talent gaps. Non-hiring managers see what skills in their peers are prioritized for hiring and promotions and are themselves key influencers in such decisions.
Hiring managers, of course, are the final judge: by opting for one candidate over another, they vote for the most valuable skills with the time and effort they will invest in managing, directing, and educating the new employee.
Following are these skills in reverse order, ascending to the most prized and in-demand skill today.
Hiring manager (according to ISC2): 24%
Non-recruiting manager (according to ISC2): 33%
AI and ML may dominate the headlines, but they are not the top skills sought after today. ISC2 states that the reason is timing: Hiring managers prioritize skills that produce an immediate benefit, and they view AI and ML as skills with a more long-term horizon. This thinking matches a recent Gartner prediction, as the research firm believes that 17% of all cyberattacks will one day involve generative AI — but not until 2027.
AI and ML encompass domain knowledge of how these technologies may be used against enterprises. For example, jailbroken or local large language models (LLMs) may be harnessed by criminals to execute social engineering attacks, such as spear phishing, much more quickly and at scale. Hackers can also inject malicious inputs into LLMs in what is known as a prompt injection, one of several key LLM vulnerabilities enterprise security teams must be prepared for.
Cybersecurity professionals may also employ AI and ML to protect their organizations. For instance, companies can use AI and ML to detect anomalies representing a specific type of threat, such as a ransomware attack, and automatically take preventive action by isolating the targeted device or network. The company can learn from these inputs and improve predictive security for the future.
AI and ML are crucial to organizations. With the existing talent gap stretching cybersecurity teams thin, enterprises should minimize their reliance on manual processes. By automating cybersecurity processes, companies can reduce human error involved in security vulnerabilities, enable staff to focus on higher-level or more strategic initiatives, and fend off more attacks.
Relevant certificates:
Hiring manager preference: 24%
Preference of non-recruiting managers: 33%
GRC is a framework to ensure that an organization’s cybersecurity plans align with its objectives and regulatory environment. Compared to the other skills on this list, GRC represents the broadest range, as professionals in this box want a mix of technical, operational, and business skills.
Governance refers to the policies an organization implements for its IT operations, adding specific security policies such as appropriate use policies, access control, and incident reaction. Risk control becomes a proactive technique to identify, mitigate and minimize threats, as well as develop reaction plans for incidents. Governance and threat control will need to be carried out within a wide variety of regulatory frameworks and compliance measures, possibly applying to all organizations in a market.
For example, the EU’s GDPR imposes strict regulations governing all knowledge leaving the EU. Others could be industry-specific: Healthcare organizations in the United States will be required to comply with strict privacy measures related to personal health data established through HIPAA.
ISC2 adds that GRC is increasingly important due to emerging technologies, especially AI. With AI creating unprecedented threats, and increasing regulatory policies, enterprises need GRC expertise to help navigate these new technological, legal, and regulatory waters.
Relevant certificates
Hiring manager preference: 25%
Preference of non-recruiting managers: 19%
Security scanning would likely include vulnerability assessment, penetration testing, log and event analysis, security architecture review, and other security assessment functions. For example, before releasing a product, a security analyst can compare it for conceivable security problems.
Security analysts often work closely with risk analysts to determine a security issue’s potential impact on the business, how likely that might be, and the extent to which the issue should be prioritized vis-a-vis other vulnerabilities. Both these skills appear on this list, suggesting an opportunity for talents who can both identify threats and assess them from a business perspective.
Professionals who can analyze security are valuable because they give organizations a hacker’s perspective. They can identify weak problems in applications, networks or systems and recommend tactics. Without strong security analysis capabilities, an organization would likely release products or platforms with obvious vulnerabilities.
Relevant certificates
Hiring preference: 25%
Non-hiring manager preference: 24%
According to Gartner, global spending on application security is expected to increase by 15. 7% between 2023 and 2024, reaching a total of $6. 6 billion. Companies are overbudgeting due to the increasing complexity of trending software: even a small business may use dozens of programs within its organization, each of which introduces more attack vectors imaginable to its systems.
Securing third-party vendor programs begins during the procurement procedure and eventually during integration into the business stack. Once up and running, organizations want application-specific security expertise to frequently monitor this software, as well as physically powerful patch control procedures.
Application security can also involve protecting an application that the company sells, licenses, or distributes. This duty is complex. Cybersecurity professionals in this box will have to prevent hackers from exploiting vulnerabilities in their software, which has a variety of targets, adding databases, application code, APIs, third-party libraries, and Internet servers. And in the progression cycle, the most productive cybersecurity practices also deserve to be applied, adding code review and vulnerability testing for common threats.
Relevant certs
Hiring manager preference: 27%
Non-hiring manager preference: 30%
While there is overlap between RCMP and threat assessment, RCMP practitioners typically face threat mitigation at a much higher point because of the additional oversight they want to bring to governance and compliance. If RCMP practitioners have this breadth, the culprits of threat assessment, investigation, and control of threats will need to be deep.
Risk analysts must be highly technical. They should be able to identify cybersecurity risks, evaluate their potential impact, and be hands-on in planning controls, processes, and strategies to minimize them. Thus, they should be familiar with a variety of preventive, detective, and corrective tools and technologies, including patch management, encryption, zero trust architecture, and backup and data recovery.
Talent with these skills is crucial for enterprises, as they provide in-the-trenches know-how for identifying, assessing, and managing risks at a granular level.
By combining their GRC and threat investigation skills, cybersecurity professionals can deepen their technology roles as threat assessment specialists and take on more leadership-oriented roles within the RCMP.
Relevant certs
Hiring manager preference: 28%
Preference of non-recruiting managers: 26%
Security engineers are the developers of cybersecurity and build not only technical solutions, but also systems, such as access control, or processes, such as incident reaction plans. They focus strictly on specific technologies, such as networks or architecture, or on responsibilities such as risk modeling, software or hardware testing, or network intrusion management.
Because of this, security engineers are well paid, with an average salary in the United States of $127,094. Despite the lucrative salaries, there is still a massive gap: the US Bureau of Labor Statistics estimates that there will be a 33% expansion in this until 2033.
ISC2 postulates that the demand for security engineers is greater because they offer immediate services. Because they play a tangible role in strengthening the organization’s cyber defenses, they are a top priority for any team. They prevent you from data breaches, ransomware attacks, and other intrusions that have high direct and indirect costs, such as reputation damage and lost productivity, and which are largely worth their higher salaries. Importantly, they minimize opportunity costs, allowing organizations to focus on strategic plans rather than resource-draining and distracting breaches or attacks.
Relevant certs
Hiring preference: 36%
Non-hiring manager preference: 48%
According to Gartner, cloud computing is the fastest-expanding generation market, and with companies investing so much in the cloud, it’s no surprise that cloud security is among the most in-demand capabilities, according to Gartner. ISC2 survey. This capability domain has remained at its most sensitive through 2023, suggesting a relative balance for security professionals to expand this capability.
According to the ISC2 definition, cloud security includes three areas: cloud infrastructure and platform security, cloud knowledge security, and cloud architecture and design. These capabilities are for organizations because they are everyday jobs that they share with all the major providers, like Azure, Amazon. Web services and Google Cloud Platform.
Although the definition and scope of shared duty differs slightly between providers, the general dating is the same. The cloud provider protects the knowledge centers, servers, and virtualization layer, and the visitor will need to protect everything that is based on this foundation. adding applications, knowledge, and access management. There is also a similar distribution of day-to-day jobs for Platform as a Service (PaaS) and Software as a Service (SaaS).
With cloud resources set to be the primary target of cyberattacks in 2024 (cloud control infrastructure at 26%, cloud garage at 30%, and SaaS programs at 31%, according to Thales), corporations They would do well to prioritize protecting their cloud homes. Hiring managers and non-hiring managers agree, with either placing cloud security capabilities among the most sensible on their list.
Relevant certifications
See also: