Main image of article Cybersecurity Hiring Likely to Pick-Up in 2025, But Challenges Remain

These are good times to pursue a cybersecurity career—if you know where to look and have the right skills to get a foot in the door.

The latest data released by CyberSeek (a joint initiative of NICE, a program of the National Institute of Standards and Technology focused on advancing cybersecurity education and workforce development, analytics firm Lightcast, and CompTIA) shows that there are only enough tech professionals to fill 83 percent of the available security jobs, down slightly from the 85 percent reported earlier this year.

This translates into U.S. companies and government agencies needing approximately 265,000 more cybersecurity pros to meet current staffing needs. The site estimates that about 1.25 million people work in cybersecurity.

CyberSeek also noted in its October release that between September 2023 and August 2024, more than 457,000 cyber-related jobs were posted. While cybersecurity job postings were down 22 percent during this time, the security market fared better than the overall tech market, which saw job postings decline by about 28 percent during the same time.

These statistics indicate that private companies and government agencies are more willing to invest in cybersecurity jobs even as high-tech firms and other businesses trim general IT staff.

“The hiring landscape looks promising, with a substantial gap still evident in the demand for cybersecurity professionals. Various hiring trends and metrics are indicating an uptick in recruitment efforts, alongside a surge of new security companies popping up from stealth mode over the last year,” Amir Shaked, vice president of engineering at Oasis Security, recently told Dice. “While there’s definitely progress, we’re still facing a critical shortage of qualified practitioners, which suggests that hiring will continue to grow in the coming year.”

The CyberSeek data also noted that this critical shortage of cybersecurity workers is related to the so-called skills gap, with potential candidates lacking specific knowledge and experience to fill certain positions. Other studies, however, found that recent budget cuts are more likely to blame for organizations not hiring enough talent. 

CyberSeek recommends reskilling and upskilling current staff to take on more cybersecurity duties, and for organizations to seek out talent through non-conventional avenues such as the apprenticeship programs (which have also been championed by the outgoing Biden administration).

Many cybersecurity experts see reskilling and upskilling as effective ways to fill open positions and add more talent to the pipeline. This also provides more opportunities to those who want to explore security careers.

“In the coming year, hiring will likely focus on addressing this gap through reskilling and upskilling,” said Jason Soroko, a senior fellow at security firm Sectigo. “Skills in demand include artificial intelligence integration in cybersecurity, along with traditional roles like incident analysis and cybersecurity engineering, particularly due to evolving technological challenges and  geopolitical tensions.”

Knowing Which Cybersecurity Skills to Focus On

Unsurprisingly, the CyberSeek data shows that more employers are seeking cybersecurity professionals who understand A.I. 

The data noted that job cybersecurity postings that require some A.I. knowledge have increased from 6.3 percent to 7.3 percent. While important, it pales compared to more general tech jobs, which saw A.I. requirements jump from 18.5 percent to over 25 percent within the last year.

While the cybersecurity field is coming to grips with A.I. and its potential—as well as how attackers may deploy these tools for nefarious purposes—experts noted that potential candidates need to demonstrate some knowledge of the technology to have a chance at landing a job.

“The skillset that is most important is adoption of automation technologies,” Soroko told Dice. “This often requires staff to think about how to optimize their productivity, which leaves many to conclude they are working themselves out of a job. That is the opposite of what they should be thinking. Automation will be crucial in all forms of cybersecurity going forward.”

With A.I. technologies now integrated into more platforms, experts noted that organizations need talented and experienced cybersecurity talent who can properly interpret the data these A.I.-infused systems capture.

“A.I. and machine learning continue to reshape the cybersecurity landscape and having knowledge in these areas will be increasingly valuable,” Anne Cutler, cybersecurity evangelist at Keeper Security, told Dice. “While A.I. can significantly enhance threat detection and response capabilities, it’s critically important that organizations complement these tools with human expertise to navigate the complexities of cyber threats effectively.”

While A.I. is receiving the lion’s share of attention nowadays, Cutler noted that successful cybersecurity professionals must ensure that they have other skills, especially fundamentals such as knowledge of networking and how cloud infrastructures work.

“To thrive in this evolving field, cybersecurity professionals should focus on building a strong foundation of technical knowledge and skills. Essential competencies include expertise in programming, network technologies and cloud services, along with a solid understanding of operating systems and data storage,” Cutler added. “Additionally, familiarity with wireless technologies and hardware systems is vital, as understanding how these technologies interconnect is crucial for effective cybersecurity practices.”

In addition, Cutler recommends learning one or more cybersecurity frameworks as part of the upskilling and reskilling process. These can include:
 

Experts noted that the role of A.I. is still likely to change the fundamentals of cybersecurity and tech in ways that the world is only beginning to understand. This is why it remains critical to develop these types of skills now.

“A.I. is creating more opportunities and will have a positive impact in 2025. With A.I., we can solve more problems than ever before and that creates more opportunities for jobs and skillsets in the market,”  Vishal Saxena, CTO at Octus (formerly Reorg), told Dice. “I don’t believe we are at the point yet where A.I. is impacting IT jobs because it can’t write and execute code at scale. Some of our engineers have been using GitHub Copilot to write code, but they still must tune it and make it executable. A.I. is designed to replace jobs that are very repeatable—the work software developers do isn’t very repeatable and so it’s hard for A.I. to replace them. In the next two to three years, however, we could start to see A.I. impacting IT jobs in a negative way.”

Younger Security Pros Face Challenges

While organizations such as CyberSeek emphasize reskilling and upskilling, experts note that younger job applicants—those seeking their first or second career opportunity—are having a tougher time finding opportunities lately. 

This is an area the industry must address. “The main issue seems to be with hiring entry-level candidates. Many organizations are currently reluctant to invest in training and development for junior professionals,” Oasis Security’s Shaked said. “This trend has led to a noticeable gap in the market, as I have encountered numerous junior candidates who have been searching for job opportunities for more than 12 months.”

For security pros—and general IT workers and developers—it’s another reason why the A.I. discussion continues to resonate.

“When considering career moves in 2025, it will be essential to look at your experience and ability to solve the complex challenges… when you look at the types of jobs being eliminated and the job openings, there’s a theme,” Saxena noted. “If your experience has been in more of a cookie-cutter type of IT role—those are the ones being eliminated. As A.I.-embedded software, cloud technology and cybersecurity initiatives continue to grow and expand, engineers with those unique skill sets and experience in handling complex problems are the ones in demand. The jobs that are currently going away are not the ones that are in demand.”

Even if younger job seekers lack specific skills, experts noted that now is still an opportune time to explore cybersecurity as a career option.

“For job seekers, the key takeaway is that now is an opportune time to enter the cybersecurity field,” Cutler added. “Organizations recognize that investing in cybersecurity talent is essential to safeguard their operations, indicating ample opportunities for prospective candidates.”