The International Information System Security Certification Consortium, or ISC2, recently published its 2024 Cybersecurity Workforce Study, which highlighted a significant shortage of professionals skilled in artificial intelligence (AI). The study sheds light on pressing issues related to the current gap in AI-related skills within the cybersecurity workforce and its far-reaching implications.
AI has infiltrated various sectors of the tech industry, and its presence in cybersecurity is now indispensable. The necessity for AI skills in this field is substantial, as reflected in the ISC2 Workforce Study, ranking AI among the top five security skills. Additionally, the study delves into the broader impact of AI on cybersecurity jobs, addressing aspects such as changing skills requirements, generative AI strategies, and budget constraints.
The Growing Necessity of AI Skills in Cybersecurity
AI’s Role in Cybersecurity
A primary theme that emerged from the study is the pressing need for cybersecurity professionals proficient in AI. Two-thirds of respondents believe their cyber expertise will complement AI technology, while one-third suspect their jobs might be at risk in an AI-driven environment. Over the past few years, AI’s role in cybersecurity has shifted significantly to become crucial for managing and interpreting expanding data volumes.
The increased reliance on AI brings to light the indispensable role of human oversight. Even though AI possesses advanced capabilities to handle large datasets and quickly generate insights, it necessitates human expertise for the validation of AI-generated results. Therefore, the demand for AI skills in cybersecurity extends beyond technical know-how; it includes a profound understanding to analyze AI outputs critically.
Budget Constraints and Skills Gap
The ISC2 study identifies an urgent concern regarding cybersecurity budgets. The data shows that in 2024, 25% of respondents reported layoffs in their departments, reflecting an increase in workforce pressure compared to the previous year. Additionally, 37% faced budget cuts, further complicating the growing skills gap. Such financial constraints significantly affect organizations’ capabilities to train staff and retain top talent. The cumulative result of budget reductions is staffing shortages, which are expected to widen the skills gap and adversely impact an organization’s security posture.
These budgetary pressures force organizations to prioritize short-term survival over long-term cybersecurity investment. It creates a vicious cycle where the lack of investment in upskilling staff with AI competencies exacerbates the skills gap. This scenario underlines the critical necessity for strategic financial planning and resource allocation, ensuring sufficient funds are available for continued professional development in AI-related cybersecurity skills.
The Role of AI in the Skills Gap
AI as a Top Skill
According to Jon France, CISO at ISC2, AI’s significance in cybersecurity has surged remarkably over the past two years. AI is currently among the top-five in-demand skills, with projections suggesting it may become the most sought-after skill next year. Essential skills alongside AI include cloud security, zero-trust architecture, forensics, incident response, and application security. The integration of AI into cybersecurity operations is driven by the need to derive actionable intelligence from vast data volumes rapidly. Therefore, possessing AI skills is crucial for proper interpretation and action on these data insights.
France believes that AI will not only expand its footprint in cybersecurity but also redefine what entry-level security roles entail. Generative AI coding experience could significantly enhance opportunities for newcomers entering the field. Despite the obvious necessity for AI competence, there exists a discrepancy between the immediate requirements identified by hiring managers and non-hiring managers. While both groups consider cloud security skills paramount, less than a quarter of hiring managers currently prioritize AI/ML skills. Conversely, over a third of non-hiring managers recognize AI/ML skills as vital for one’s career advancement.
Entry-Level Security Roles and AI
Understanding the intricate relationship between AI and entry-level security roles is essential in addressing the skills gap. France anticipates that having experience in generative AI coding will grant newcomers a competitive advantage in securing desirable positions. However, there is a notable gap between the skills hiring managers currently prioritize and those they foresee as crucial for future career growth. Currently, cloud security remains the top priority for both hiring and non-hiring managers; however, AI and ML skills are gradually gaining importance.
Interestingly, less than a quarter of hiring managers strongly prioritize AI/ML skills now, whereas more than a third of non-hiring managers deem them vital for career progression. This disparity highlights the evolving perspective on the importance of AI within cybersecurity. Encouraging a paradigm shift among hiring managers to recognize the long-term benefits of hiring talent with AI competencies is essential. Bridging this gap requires strategic workforce planning and targeted educational initiatives that emphasize AI’s growing relevance in the cybersecurity landscape.
AI and Its Impact on Cybersecurity
Optimism and Uncertainty
Respondents of the AI in Cyber 2024 study expressed optimism regarding AI’s potential to bolster work efficiency. A significant 82% of it anticipate improvements in job performance due to AI integration. However, this optimism is tempered by a lingering sense of unease, with 40% admitting they feel unprepared for the rapid evolution of AI technology. Furthermore, 65% indicated a pressing need for more stringent regulations to govern the safe use of generative AI.
The ambiguity surrounding AI’s future impact on cybersecurity roles and the precise skills required fuels this cautious optimism. This very uncertainty may explain the hesitant approach among hiring managers toward professionals with AI expertise. Looking ahead, many industry experts predict a burgeoning demand for non-technical skills, such as strong communication, problem-solving, and collaboration. The cybersecurity field is increasingly drawing talent from diverse backgrounds, subsequently training them to fit specialized roles. This trend signifies a broader understanding and acceptance of the multifaceted nature of cybersecurity disciplines.
Workforce Challenges and Solutions
Navigating workforce challenges is integral to addressing the AI skills gap in cybersecurity. Budget constraints pose a significant barrier to hiring and training individuals proficient in AI. With numerous organizations facing reduced cybersecurity budgets, adequately staffing departments becomes a monumental challenge. France highlights a paradox where so-called entry-level positions often require certifications necessitating considerable experience, which hinders new entrants from breaking into the field.
A more expansive understanding of what constitutes an “entry-level” position could markedly benefit the cybersecurity workforce. By valuing the diverse perspectives and experiences career changers bring, organizations can create a more inclusive and versatile talent pool. France argues for hiring based on existing skills and potential for growth rather than rigid technical prerequisites, suggesting specific facets such as AI-focused tasks could be taught on the job through continuous professional development. This adaptability will help organizations mitigate the skills gap while fostering a more dynamic and resilient cybersecurity workforce.
Addressing the Skills Gap
Adaptable Approaches
The ISC2 Cybersecurity Workforce Study emphasizes the increasing importance of AI in cybersecurity amidst budget constraints and a mounting skills gap. It underscores how, despite AI’s remarkable prowess in processing and analyzing data, human expertise remains crucial. Addressing the skills gap necessitates an adaptable approach that values a variety of skill sets, continuous learning, and a broader, more inclusive definition of entry-level roles.
Encouraging collaboration between educational institutions, industry, and government can create targeted training programs that bring AI proficiency to more professionals. By embracing adaptable strategies, organizations can bridge the gap between current workforce capabilities and the evolving requirements driven by AI advancements. Structured internships, apprenticeships, and certification programs tailored to imparting critical AI competencies can serve as effective measures. Moreover, creating a culture that values and invests in ongoing professional development will be pivotal in closing the skills gap.
Leveraging AI’s Potential
The ISC2 study highlights a critical issue regarding cybersecurity budgets. The data indicates that in 2024, 25% of respondents experienced layoffs in their departments, a rise in workforce pressure compared to the previous year. Furthermore, 37% reported budget cuts, exacerbating the already challenging skills gap. These financial limitations profoundly affect organizations’ ability to train staff and retain top talent. The overall result of these budget reductions is significant staffing shortages, expected to widen the skills gap and negatively impact organizations’ security postures.
These budget pressures force organizations to focus on short-term survival rather than long-term investment in cybersecurity. This creates a vicious cycle where the lack of investment in developing employees’ skills, particularly in AI-related fields, worsens the skills gap. This situation emphasizes the urgent need for strategic financial planning and resource allocation. Ensuring sufficient funds are devoted to ongoing professional development in AI-related cybersecurity skills is crucial to avoid the detrimental effects of the skills gap on organizational security.