Will Cybersecurity Pros Feel Pressure as Hiring Cools?

As layoff announcements from major tech companies continue to dominate headlines, there are growing signals that the seemingly bulletproof IT hiring market could be starting to soften, if only slightly.

Recently, three security companies -- Sophos, Okta, and Secureworks -- announced rounds of layoffs, indicating that perhaps even IT security specialists are not safe from job cuts.

With a slight cool-down in cybersecurity hiring, candidates should prepare for a longer job search with potentially lower offers; however, demand for qualified candidates will continue.

Keeper Security’s 2022 US Cybersecurity Census Report found business leaders are in fact scrambling to source the necessary talent to keep their organizations secure in this competitive landscape.

More than seven in 10 (71%) of respondents say they are making new hires in cybersecurity over the past year and 58% are increasing cybersecurity training in that time.

Cybersecurity Still a Critical Need

“Like any industry, cybersecurity hiring ebbs and flows with the macroeconomic landscape,” says Darren Guccione, CEO and co-founder at Keeper. “However, while it may be experiencing short-term impacts, cybersecurity is a critical industry that shows no sign of slowing in the long term.”

He adds as the world becomes increasingly digitized and the threat landscape continues to grow -- with increasing cyberattacks and data breaches -- the need for qualified cybersecurity professionals to protect individuals and businesses from cyber risks will continue to grow accordingly.

“As companies cut budgets, I expect to see increased demand for qualified cybersecurity professionals who may be earlier in their careers and don’t demand the highest salaries,” Guccione notes.

He advises candidates to ensure they’re not pricing themselves out of opportunities and work with companies on reaching mutually agreeable offers.

“As with any industry, not every cybersecurity candidate will have the proper qualifications or experience,” he says. “However, companies can fill that gap through education programs and training that specifically fit the company and role.”

Meanwhile, Guccione advises senior professionals in all sectors to ensure they are fully engaged in growing their own skills portfolio to ensure they remain marketable.

Building Skills to Boost Competitiveness

Rob Hughes, chief information security officer for RSA, says he would encourage anyone in the job market to keep current and stay sharp, whether preparing for a role in a high-demand area or an area that’s seeing IT hiring soften.

“Regardless of the level of demand, though, my approach to hiring is the same,” he says. “I’m usually looking for the right mix of 'security-plus' people.”

That means the right mix of core cybersecurity competencies, as well as some other experience in a related technical or compliance field.

“It’s not enough to know just security,” he says. “We’re big on cybersecurity pros who aren’t afraid to go broad and get involved in the business aspects of their projects so they can relate to the teams they’ll be working with.”

He says he recommend honing technical skills related to zero trust, cloud, automation -- and don’t forget soft skills like communications, project management, and leadership.

“In many generalist security roles, people will be expected to cover a lot of ground and focusing on those soft skills can really set a candidate apart,” he says.

Mika Aalto, co-founder and CEO at Hoxhunt, notes organizations are still hiring, but there is a lot more talent competing for the same jobs these days.

He agrees with Guccione that IT security professionals may want to consider upskilling themselves or focusing on soft skills that can help them stand out.

“For my money, communication skills will become more relevant as human risk is mitigated with security behavior change programs, whose results must be analyzed, and their value communicated effectively to the board,” he says.

This is critical for getting investment into security programs that lower risk at its greatest source -- the human element.

He points out relevant experience in doing business securely and protecting data in the cloud remains hot after the pandemic-driven shift away from on-premises servers.

“Another hot job in cyber right now is an information security analyst,” Aalto says, noting the job market is expected to grow much faster than average.

Skills Shortage Spells Opportunities

He adds since there will be a major shortfall in terms of applicants with a relevant bachelor's degree, managers will be looking for people with security certifications or, sometimes, raw candidates with the right combination of skills and mindset to make the jump into this high-paying job.

“Cybersecurity success demands a more holistic approach than purely information technology, so it’s vital to know how to think about the whole system -- the people, processes, and the technology -- holistically to fit the pieces together seamlessly enough to prevent attackers from infiltrating the network,” he explains.

He also warns that if an AI platform can perform a role more efficiently than you can, you should be ready to expand your skillset. “AI-powered security platform automation can already make certain roles more redundant,” he says. “It just hasn’t reached widespread adoption yet.”

For instance, threat analysts will have less to do when poring over the malicious emails and spam that users report to them because machine learning models can already categorize and prioritize threats and spam automatically and more efficiently.

“However, security professionals won’t lose employment but will rather be freed up to focus on more value-adding tasks and roles,” Aalto says.

What to Read Next:

Closing the Cybersecurity Talent Gap

6 Worthless Security Tactics That Won't Go Away

CISO Budget Constraints Drive Consolidation of Security Tools