Two years ago this month, OpenAI released its ChatGPT chatbot to the public, setting off a massive, worldwide interest in generative A.I. Global investment is expected to hit $200 billion by 2025 as organizations everywhere build out large language models (LLMs).
This overwhelming interest in A.I. also created a scramble for tech talent who understand these new platforms and LLMs. Tech professionals with A.I. skills can often command significant salaries and other benefits.
Despite the hype and headlines surrounding generative A.I., there are other areas where businesses need skilled tech and cybersecurity professionals more than ever.
One of the most significant is cloud security. Multiple studies released over the last two months show that tech pros who know how to secure cloud infrastructure and applications are in increasing demand. Consider the following:
- Check Point Software’s 2024 Cloud Security Report found that 61 percent of organizations experienced at least one security incident related to public cloud use in the past 12 months—an increase from the 24 percent reported in the previous year.
- An ISC2 survey published in September found that 58 percent of cybersecurity professionals reported that a lack of skill put their organization at risk; 30 percent noted that cloud security skills made up the biggest gap.
- Finally, O’Reilly’s 2024 State of Security Survey found that nearly 39 percent of tech pros surveyed reported that their organization lacked workers with cloud security skills, compared to 34 percent who noted they needed more tech pros with A.I. skills.
The O’Reilly survey also found that, with many organizations storing more and more vital company data in cloud infrastructures and using SaaS applications for critical workloads, cloud security remains a major skills gap for their cybersecurity teams.
“Cloud security requires taking concepts like access control and least privilege and applying them to servers and services that you’ll never see and may only control through an API provided by your cloud vendor,” according to the report. “It requires thinking in terms of hundreds or thousands of virtual instances and using or developing tooling that can reach across all those servers, services (including serverless), and cloud providers.”
Cybersecurity experts and insiders have also noted that a lack of cloud security skills—especially when remote and hybrid work remains a viable option for many workers— should make hiring enough skilled tech and security pros who understand cloud computing as urgent a concern as hiring A.I. talent.
“Cloud security skills are absolutely vital given today’s IT environment. Unless you’re working entirely on-premises, no organization is an island. Whatever you use cloud infrastructure for, it’s also exposing you to that vendor’s risks,” Rob Huges, CISO for RSA, told Dice. “Incidents like SolarWinds or MoveIT underscore just how interconnected any organization’s attack surface has become. It’s one of the reasons why enterprise IT is seeing a cloud repatriation trend, with more businesses either leaving public clouds for private instances or moving some data back on-premises.”
For tech professionals with cloud security skills (or looking to acquire these in the future), experts note there are increasing opportunities for career advancement, especially as cyber budgets look for a boost in the new year.
Organizations Need to Invest in Cloud Security
While identifying and recruiting the right tech and security talent is crucial, cybersecurity experts note that organizations must make a conscientious choice to invest in cloud security, especially as more data is uploaded and stored within SaaS apps and third-party, infrastructure-as-a-service (IaaS) providers such as Amazon Web Services and Microsoft Azure.
“To close the cloud security skills gap, organizations should prioritize cloud-specific security training and certifications for their IT staff,” Stephen Kowski, field CTO at security firm SlashNext, told Dice. “Implementing cloud-native security tools that provide comprehensive visibility and protection across multi-cloud environments can help mitigate risks. Engaging managed security service providers with cloud expertise can also supplement in-house capabilities and provide valuable guidance.”
Jason Soroko, a senior Fellow at Sectigo, expressed similar sentiments when it comes to organizations assisting in building out their cloud security capabilities and developing the talent needed to fulfill this mission.
“To close the cloud security skills gap, organizations should offer targeted training programs, support certification efforts and consider hiring experts to mentor existing teams,” Soroko told Dice.
Organizations facing questions about cloud security need skilled workers who can understand comprehensive analytics tools that are capable of processing large volumes of data to identify and prioritize cloud vulnerabilities. This also includes building a security culture that can deal with multiple cloud environments, including AWS, Azure, Google Cloud and other, third-party providers.
“Building a culture of continuous learning is crucial—offering specialized cloud security training and certifications, such as AWS, Azure or Google Cloud security credentials, can help fill this expertise gap,” Amit Zimerman, co-founder and chief product officer at Oasis Security, told Dice. “Investing in hands-on, scenario-based training can ensure teams are equipped to handle real-world security incidents efficiently.”
Combing Cloud Security and AI Skills
Some experts see cloud security as a way for organizations to combine their needs for tech and cybersecurity pros who have cloud and A.I. skills. Nicole Carignan, vice president of strategic cyber A.I. at Darktrace, noted that A.I. technologies can help detect and identify threats to cloud environments and the data stored within these environments.
“A.I. can significantly enhance visibility and threat detection across multi-cloud, hybrid, and on-premise environments. A.I.-powered agentless cloud solutions can reduce the complexity and costs associated with installing and maintaining agents on cloud resources,” Carignan told Dice. “They reduce the performance impact on cloud workloads and can streamline security deployment across large, dynamic environments. With tools that provide constant visibility, autonomous investigation and real-time response, security teams can focus their limited time and resources where they are needed most.”
For RSA’s Hughes, there are parts of A.I. that are overhyped, but there’s also potential.
RSA released a study involving more than 2,000 Identity and Access Management (IAM) and tech leaders which found that 79 percent of respondents reported that they planned to implement some A.I. automation into their cybersecurity tech stack over the next year. This approach can go a long way to addressing cloud security concerns if these organizations have the right mix of talent, Hughes noted.
“In this case, I don’t think it needs to be an ‘either/or.’ Organizations can use A.I. to enhance cloud security by looking for anomalous authentication attempts, access and usage,” Hughes added. “If a cloud resource is suddenly transmitting far more data than usual and at an unusual time, then that’s something a bot should be able to recognize, alert on, and maybe stop. At the same time, organizations also need to follow fundamental cybersecurity practices like least privilege and identity governance and administration to ensure that they’re accounting for all identities.”