Keeping skills and accreditations up-to-date has always been a must in cybersecurity but we’ve seen unprecedented change over the last year or two. The quantum leap made in digital transformation during the pandemic and the emergence of Generative AI are seeing demand grow for new skills sets, leading many to question if they need to upskill in 2024 as a way to remain relevant and competitive in this year's job market.

It’s a problem that is exacerbated by the fact that there’s been no step change in learning and development. The cybersecurity skills in the UK labour market 2023 report (PDF) found that training levels seem to have remained fairly consistent, with 61% having or taking part in certifications. However, after salary, the main reasons for staff leaving came down to the lack of opportunities to develop skills and career progression. Moreover, the current skills shortage together with the economic squeeze has also made some firms reluctant to invest in training, believing this could make staff a ‘flight risk’. This means the onus is very much on the individual to focus on their career development.

Soft vs Hard Skills Training

From a recruitment perspective, there’s been a marked shift towards complementary or ‘soft skills’ such as communication, leadership, management, sales or marketing skillsets. This is reflected in the report which found 43% of cybersecurity firms said their cybersecurity workforce lack these skills., with some saying this even hampered them achieving future goals. With digitally native Gen Z workers entering the profession with strong soft skills such as communication, creativity and problem solving, the pressure is on for those already in the sector to up their game.

In fact, the pendulum has swung in the favour of soft skills driven in no small part by the cybersecurity skills shortage and the march of automation. Both are serving to lower the point of entry from a technical perspective with many businesses now fast tracking those candidates with right soft skills and that test well in turns of their aptitude for the job. The (ISC)2 Cybersecurity Workforce Study 2022 found there was now more demand for strong strategic thinking skills than there for cybersecurity qualifications, for instance, with the former described as an increasing trend and the latter a decreasing one.

Automation and GenAI: A potent game changer 

Automation is also changing the nature of the game with the advent of Generative AI. It’s ability to use natural language processing (NLP) and learn from vast data repositories is expected to see dramatic changes on both sides. The cost to threat actors of developing attacks is diminishing and so we as professionals need to keep abreast of attack development. From a defence perspective, GenAI is already being incorporated into the security toolkit, from checking code to composing documentation or report summaries to testing systems through gathering OSINT or as part of test simulations.

It’s easy to see how GenAI could make the industry more efficient but it could also make it less stressful. The UK cybersecurity landscape: challenges and opportunities report found 61% of those surveyed experienced burnout due to cybersecurity risk and more than a third of those from the IT/security team did so regularly. AI tools could help alleviate much of that pressure if we learn how to use them.

Vendors are already exploring ways to integrate their solutions with GenAI APIs but for the cybersecurity professional it could well pay to get ahead of the curve and explore the technology. How might it be applied and used to expedite processes? What kind of prompting is required? How can we verify the results? Are their risks to its widespread use mitigate in the workplace? Now that Pandora’s box has been opened these are all considerations that cybersecurity professionals will have to make.   

In the wider scheme of things, GenAI is the latest development in the automation of the cybersecurity function - we’ve had AI and machine learning aided defence for some time. But what it does indicate is the direction of travel and a certain democratisation of security. That’s not to say there won’t always be a place for technical roles and specialisms (the current shortage in cloud security personnel shows how new technology can spawn demand). But we are at the point where technology can now do the heavy lifting. It then falls to us to apply our problem solving, critical thinking and analytical understanding and that’s why it’s those skills that cybersecurity professionals also need to prioritise if they want to futureproof their careers.

Jamal Elmellas Chief Operating Officer Focus on Security

Jamal Elmellas is Chief Operating Officer for Focus on Security, where he oversees selection and recruitment services. Previously he founded and was CTO of a security consultancy delivering secure information and communication technology services.