Artificial intelligence (AI) has left its mark in all corners of the technology realm, hence it should come as no surprise that the ISC2 Cybersecurity Workforce Study for 2024 highlighted how AI has surged into the top five ranking of security aptitudes.
The demand for professionals with AI skills geared towards security is not the sole focus. The Workforce Study delves into the 16,000 respondents’ perspectives on how AI will shape cybersecurity and job roles as a whole, spanning from evolving skills strategies to creating generative AI (gen AI) strategies.
Financial Allocation and the Talent Shortage
As per the study, two-thirds of participants believe that their proficiency in cybersecurity will complement AI technology. Conversely, a third are apprehensive that their roles might be phased out in a scenario centered around AI.
However, such a scenario is not imminent. Less than half of the respondents have integrated gen AI into their toolkits. The pressing concern for cybersecurity professionals currently revolves around financial resources.
“In 2024, 25% of the respondents reported staff reductions in their cybersecurity units, marking a 3% rise from 2023. Meanwhile, 37% faced budget reductions, reflecting a 7% increase from the preceding year,” the report mentioned.
These budget cuts have impacted the talent shortage, with two-thirds of those surveyed affirming that the budget constraints not only worsened current staff shortages but are anticipated to heighten the challenge of bridging the talent gap in the upcoming years.
Many respondents noted that the skills gap has a more adverse effect on organizational security compared to the decline in on-site personnel. This is partly due to insufficient funding for training and the migration of highly sought-after skilled professionals to more lucrative positions, resulting in many security teams grappling to combat the threats and risks in today’s cybersecurity landscape.
The Impact of AI on the Talent Shortage
Just two years ago, possessing AI skills was not deemed imperative for cybersecurity roles, but it has now ascended to one of the top five essential skills, Jon France, CISO at ISC2, mentioned.
“And we anticipate that perhaps by the following year, it will emerge as the most sought-after skill set in security,” France expressed during discussions at ISC2’s Security Congress in Las Vegas.
(In case you’re curious, the other skills in the top five include cloud, zero trust architecture, forensics, incident response, and application security — all domains that have long topped the list of required skills.)
The role of AI in cybersecurity is evolving due to the exponential surge in data and the imperative to generate sound intelligence from the data being produced.
“AI stands out as one of the tools capable of swiftly analyzing vast data sets,” France remarked. Nonetheless, human oversight is indispensable for validating the outcomes yielded by AI models. This underscores the crucial need for AI security skills to propel the shifts in how data analysts and incident responders analyze data.
France also anticipates that AI will reshape the landscape of entry-level security positions. “If you are entering the profession and need to focus on one skill to acquire, familiarity with generative AI coding is likely to present the most favorable opportunities.”
Presently, a disconnection exists between the technical skills that hiring managers believe are necessary and the preferences of non-hiring managers. While both categories prioritize cloud computing security skills, only 24% of hiring managers identified AI/machine learning skills as an immediate necessity, ranking it last on their list of desired skills. Conversely, when non-hiring managers were asked about the skills crucial for career advancement, AI/ML earned a 37% preference, surpassing every other skill except cloud security.
AI: Revolutionizing Cybersecurity Skills
ISC2’s study titled AI in Cyber 2024 discovered that 82% of respondents are optimistic about AI enhancing work efficiency, with 88% believing it will influence their job responsibilities in some manner. Relying more on AI within the cybersecurity realm offers numerous advantages, yet it also raises concerns related to the stress induced by the technology. Four out of ten participants expressed their unreadiness for the AI explosion, while 65% stressed the necessity for more regulations surrounding the secure implementation of gen AI, as per the Workforce study.
Uncertainties loom over the requisite skills for the future. “Though participants speculated about which skills might be automated or streamlined, they are currently unable to predict which tasks, if any, AI will supplant,” the study highlighted. This uncertainty may explain why hiring managers exhibit hesitance in recruiting cybersecurity professionals possessing AI technical expertise.
With the emergence of AI, the demand for non-technical skills is projected to surge. The cybersecurity sector has shown openness to tapping into talent outside the conventional technical spheres and training them for novel roles. Consequently, due to the uncertainty regarding the skills imperative for utilizing gen AI as a security tool (or for securing gen AI itself), there is a higher inclination towards non-technical skills perceived as more adaptable with evolving technology. Strong communication skills topped the list of coveted skill sets in cybersecurity, closely trailed by robust problem-solving abilities and teamwork/collaboration skills.
The Cyber Workforce in the Age of AI
Looking at the broader scenario of integrating AI skills into the cybersecurity workforce moving forward, the prevailing challenges hindering hiring presently are likely to impede the acquisition of AI expertise as well. Budget constraints are anticipated to shrink the workforce, as previously mentioned. France also shed light on the talent deficiency, noting that entry-level positions often demand certifications necessitating five years of work experience.
“We must dispel the misconception: New entrants in the cybersecurity workforce need not be exclusively young. They could be individuals transitioning from different careers. In fact, career switches bring diverse perspectives and experiences,” France emphasized.
When hiring, prioritize the skills the employee brings to the table, even if they do not align precisely with your current needs. “The rest,” as France put it, “can be taught.”