As we enter 2024, the cybersecurity job market remains robust even as other parts of the technology and IT industry shed workers and slash costs. By one estimate, there are more than 1.2 million people employed in the U.S. cybersecurity industry, with an additional 570,000 job openings in the private and public sectors.
A report released at the end of 2023 by (ISC)2 found that the global cybersecurity market needs about 4 million additional workers, and tech pros with skills in artificial intelligence (A.I.) and cloud computing remain in demand.
Even with organizations demanding more security employees, hiring has slowed from its peak of about a year ago. Getting your resume noticed, especially as companies cut white-collar and middle-management positions, is now more difficult. At the same time, the need to accommodate remote work for employees makes cybersecurity hiring challenging for recruiters and hiring managers.
Where there are difficulties, however, there are also opportunities.
“Business leaders are challenged with sourcing the necessary cybersecurity talent to keep their organizations secure as they balance distributed remote workforces and a growing number of endpoints with a threat landscape that continues to expand,” said Patrick Tiquet, vice president for security and architecture at security firm Keeper Security. “This imbalance between the need for a skilled workforce to protect public and private-sector organizations and the dearth of cybersecurity-trained professionals represents a bold opportunity for students to pursue a massive industry.”
For tech and cybersecurity pros looking for opportunities, having a resume that stands out is a great start—but knowing what skills, certifications and real-life experience to add or emphasize is critical to building out that document.
To better understand what employers and hiring managers are looking for over the next 12 months, several cybersecurity experts shared their thoughts on the skills, certifications and experiences that are needed on cyber resumes in 2024.
A.I. Remains in Demand
Experts agreed that one skill that will make a resume stand out above all else is A.I. Cybersecurity and tech professionals need a basic knowledge of the technology, how it works and how these tools fit into the larger organization, said Omri Weinberg, co-founder and chief revenue officer at DoControl.
“There will also be big challenges in understanding and responding to the new security challenges that A.I. creates for organizations, such as proprietary data being put into prompts for large language models,” Weinberg told Dice. “More senior cyber professionals will need to look at options for leveraging A.I. tools, both from vendors and from open source, to create economies of scale in their security operations. This includes keeping a keen eye on not creating more or worse problems for themselves than adoption of this technology might solve.”
Adding topics such as A.I., augmented intelligence and machine learning to a resume also signals to potential employers that a candidate is keeping up with current trends within the broader industry, observed John Pirc, vice president at security firm Netenrich.
“As we progress into 2024, cybersecurity professionals should focus on acquiring skills in areas such as quantum-resistant cryptography, advanced threat detection using A.I. and machine learning, and cloud security management,” Pirc told Dice. “The ability to navigate and secure next-generation technologies will be crucial.”
Growing Interest in Business Skills
While technical skills and certification make up the majority of any tech or cybersecurity pro’s resume, experts noted that, at a time when efficiency and profits matter more than ever, highlighting business acumen gives potential candidates an edge.
“An authoritative resume should highlight not only technical expertise but also the ability to align cybersecurity strategies with business goals,” Pirc added. “Understanding regulatory environments, data privacy laws and risk management is increasingly essential for cybersecurity roles.”
For cybersecurity professionals, understanding business needs helps ensure that the company invests in the right security tools and creates a good defensive posture. At the same time, tech pros can assess whether technologies are providing the return on investment that is needed.
“Many security tools and processes create—sometimes necessary—inefficiencies and drag on productivity,” noted Weinberg. “Enforcing multi-factor authentication is a good example—it slows user productivity and takes longer to authenticate, but it's also necessary. Choosing which battles to fight with the business stakeholders so that the best balance of productivity and profitability and efficiency is found with security is a very valuable skill in this market, especially for leaders or aspiring leaders in cyber organizations.”
Certifications and Professional Associations
Cybersecurity experts and insiders disagree over which—if any—certifications matter when it comes to dealing with day-to-day threats and other security issues that arise. For job seekers, however, having at least one certification, if not multiple ones, helps ensure that a resume stands out from others.
Some select certifications help a candidate stand out and showcase technical expertise and industry knowledge. The most frequently mentioned certs in this category include:
- Certified Information Privacy Professional (CIPP)
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- Offensive Security Certified Professional (OSCP)
Membership in professional organizations can also help your application. Dana Simberkoff, chief risk, privacy and information security officer at AvePoint, recommends that candidates look to join Cloud Security Alliance (CSA), Information Systems Audit and Control Association (ISACA), and Information Systems Security Association (ISSA) to demonstrate further education and dedication to the field.
Soft Skills Remain Important
Besides technical skills and certifications, experts note that good candidates will incorporate “soft skills” into their resume to show that can communicate good security practices throughout an organization.
It’s critical to teach others good cybersecurity hygiene. “As cybersecurity professionals, we need to take time to understand why people may handle data in an insecure way, and take an ‘educate’ rather than ‘punish’ approach in our responses and dialog,” said Weinberg. “Even security tools can be configured to educate users on the risks as opposed to creating a ‘security versus the company’ mentality.”
When hiring tech and security pros, John A. Smith, the founder and CSO at Conversant Group, would like to see more candidates who can demonstrate the ability to write and communicate. “We have many cyber engineers with college degrees in our company now, and I believe the degree provides professionalism and general business understanding, but always thought it would be wonderful if they taught professional writing as well,” Smith told Dice.