What are the most marketable cyber security job skills in 2024?

We’ve finally reached the end of a long tail of intense recruitment activity that resulted in a 10% growth spurt in the cyber workforce. Although there remain plenty of opportunities out there, it’s a tighter cyber security job market, in which candidates may have to work a little bit harder to communicate their skills.

Although employers are still hiring, they’ve got their brakes covered following their feverish post-pandemic recruitment spree. With tighter budgets, a typical employer in 2024 is more concerned with filling existing cyber security job vacancies than with creating new roles.

The good news is that there’s no shortage of cyber security job vacancies. 75% of employers in the cyber security space are likely to recruit additional permanent staff in 2024, according to our own research. This is only a slight drop from last year’s 79%. The downside – if you’re settled in your current role – is that your team is likely to be short-staffed.

Cyber security remains a top of mind issue for business leaders and regulators. The Economist described 2023 as a record year for digital attacks. The public sector is the UK’s biggest target for malware. Britain is one of the five countries (the others being America, Australia, Canada and Germany) most affected by ransomware.

In other words, prospects for cyber security jobs in 2024 are more nuanced than in recent years, as employers give serious thought to the skillsets they genuinely need.

Choose the right cyber security skills to develop

If the cyber security job market still has a dynamic feel, it’s because of persistent skills shortages across this area. Erik Brynjolfsson, director of the MIT Center for Digital Business, said that skills aren’t keeping pace with the rapid evolution of technology.

Approximately 739,000 businesses (50%) have a basic cyber security skills gap. Our own research reveals that 97% of organisations are struggling to source skilled cyber security talent.

Employers, reluctant to hire individuals with no relevant experience, are fishing intensively in a limited pool even as cyber security leaders prioritise upskilling their existing workforce.

What, then, are the cyber security skills that employers are looking for?

Based on research and on-the-ground experience, we can pinpoint these roles and capabilities as being in particular demand in 2024:

• Security Operations Centre roles – As businesses seek to optimise their SOCs, they’re looking for security architects and engineers. Security Operations Centre Analyst is number #10 in LinkedIn’s 2024 ranking of UK roles that are growing in demand.
• Third-party risk management – Supply-chain vulnerabilities are triggering yet more demand. 31% of CISOs cite risk assessment and assurance as a key information security shortage in our research BSS-CISO-Research Report 2023.
• Cyber Security Manager – This is number #11 in LinkedIn’s 2024 ranking of UK roles that are growing in demand
• Incident management – 41% of businesses lack confidence in incident management skills.
• Cyber Security Architect – This is number #15 in LinkedIn’s 2024 ranking of UK roles that are growing in demand.
• Product security – Making products secure by design is a firm trend.
• Security testing – 35% of businesses cite security testing as a key cyber skill shortage.

It’s important not to over-specialise. We’re talking to more and more employers who seek a broader set of skills as their stretched teams are asked to do more with less. This manifests itself in a number of ways across the cyber security job market, including demand for:

• GRC (governance, risk and compliance) candidates with technical skills to back up their governance experience
• Cyber security professionals with software engineering skills, as product development shifts left on security
• Cyber security technicians with the commercial experience needed to combine robust protection with proportionate risk management.

Brush up on your cyber security regulations

Many UK firms are at breaking point in their struggle to meet regulatory requirements.

It’s no surprise then that regulatory knowledge is a hot issue in the cyber security job market. Our own research tells us (BSS CISO-Research Report-2023) that keeping pace with changes in regulations represents a significant challenge for 33% of CISOs. It’s a common story that by the time organisations have achieved compliance, the regulation in question has been updated.

In 2024, a working knowledge of the EU’s Digital Operational Resilience Act (DORA) can make you more attractive in the cyber security job market. This new framework for financial institutions comes into force in 2025. As they prepare for DORA, employers are particularly looking for permanent and contractor candidates with strong operational resilience and business continuity experience.

Boost your cyber security job prospects with soft skills

As recruiters, we’re aware that our cyber security clients have started to look more carefully at softer skills. Our own experience is borne out by the finding that 43% of cyber security firms have identified a lack of soft skills such as communication.

As KPMG argues: “Ten or 15 years ago, the 80/20 rule for security professionals was 80 percent technical skills and 20 percent soft skills. Today, that equation has flipped.”

We’ve reached the point where many employers consider hiring candidates with strong soft skills even if they fail to meet all the technical competency requirements. They argue that it’s easier to provide technical training on the job than it is to nurture the softer skills.

What’s driving this shift?

More than any other factor, the need for softer skills is rooted in the need to embed a security mindset right across the business with robust communication skills. They need to be able to tell a compelling story that will convey the gravity of the risk, with the persuasive skills to drive the adoption of security-aware practices.

Andy Latham, Director and Chief Information Security Officer at JandaSec Ltd says: “Security is not purely a technical discipline; it is a business discipline backed by technology. People skills are essential to win hearts and minds and to deliver best practice security controls into a business. The ‘why’ is just as important as the ‘what’ and the ‘how’, and this needs conveying gracefully to executives and peers alike, especially when seeking that all-important budget from the board for the investments required.”

As an agency, we have every sympathy with cyber security job candidates who have honed their technical competencies over years of hard work but lack confidence in softer, interpersonal areas. We often advise them to go into interview and emphasise those qualities that they are in a position to offer, especially:

• Attention to detail – which candidates will have routinely drawn on to identify and interpret potential threats
• Curiosity – an essential quality for staying one step ahead of the rapid evolution of cyber attacks
• Teamwork – which can compensate for a lack of experience of working with other business areas and demonstrate the potential to do so.

Integrate AI in your cyber security job skillset

They’re here. AI-generated cyber threats are on the rise, which shouldn’t surprise anyone in the industry. In its AI in Cyber 2024 survey, member-based cyber security association ISC2 reports that 13% of respondents could confidently link the recent increase in cyber threats to AI. The Economist reports that online cyber-criminal forms already have dedicated AI sections.

35% of the ISC2 survey respondents say that AI is impacting their day-to-day work. The improved efficiency – as AI takes on the heavy lifting of time-consuming and mundane tasks – lead many to perceive this as a positive, but others see it as a threat.

The availability of cyber security AI skills in the face of the growing threat is troubling. ISC2 found that 41% of cyber security professionals offer little or no experience of AI or ML. 21% admitted to having insufficient knowledge about AI to mitigate concerns.

AI is no longer a mere talking point in the cyber security industry. Every professional needs a working knowledge of AI tools and emerging best practices. And because it’s such a fast-moving area, they need to track developments relentlessly in order to stand out.

Despite all the uncertainties, we believe that 2024 continues to open up great opportunities in the cyber security job market. But the heady days of 2022 are over for the time being at least. The candidates who will thrive are those who are more strategic in the skills they develop and emphasise.

Learn more

Read our latest cyber security job market research. Download our 2024 Barclay Simpson Salary Survey & Recruitment Trends Guide: Cyber Security & Data Privacy report today.