{"id":4920,"date":"2025-09-18T07:00:00","date_gmt":"2025-09-18T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4920"},"modified":"2025-09-18T07:00:00","modified_gmt":"2025-09-18T07:00:00","slug":"ai-is-altering-entry-level-cyber-hiring-and-the-nature-of-the-skills-gap","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4920","title":{"rendered":"AI is altering entry-level cyber hiring \u2014 and the nature of the skills gap"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Teamwork, problem-solving, and analytical thinking outrank core technical skills such as data security and cloud security as criteria for hiring entry-level cybersecurity staff today, according to a report from ISC2.<\/p>\n

The cybersecurity training and certification organization\u2019s Cybersecurity Hiring Trends<\/a> study also found that AI\u2019s growing role in cybersecurity<\/a> is shifting hiring priorities, with managers placing greater value on human skills that artificial intelligence can\u2019t replicate.<\/p>\n

The study \u2014 based on a survey of 929 hiring managers from enterprises in Canada, Germany, India, Japan, the UK, and US \u2014 looked at what skills, attributes, and responsibilities cybersecurity hiring managers expect from early-career and entry-level security staff, as these roles, undergoing AI disruption, continue to be vital for developing long-term cybersecurity defense strategies and plugging skills gaps.<\/p>\n

Hiring criteria in flux<\/h2>\n

Experts quizzed by CSO agreed that teamwork, communication, and problem-solving should be a priority for hiring managers while arguing that the industry needs to broaded its search for potential entrants to have any chance of closing the growing skills gap.<\/p>\n

Mo Gaibee<\/a>, associate consultant at technology recruitment firm Harvey Nash, told CSO that employers are looking for a combination of technical aptitude combined with people skills.<\/p>\n

\u201cAs security is no longer confined to the IT team, cyber professionals need to work closely with legal operations, HR, and even marketing, which makes soft skills essential,\u201d Gaibee said. \u201cThey want strategic thinkers who can embed security into every part of the organization.\u201d<\/p>\n

Gaibee continued: \u201cGreater priority is also now given to strong communication skills \u2014 especially with non-technical stakeholders, problem-solving in fast moving environments, collaboration across departments, adaptability and strategic thinking are also high on the list.\u201d<\/p>\n

Gregory Rouvelin<\/a>, marketing director at employers.io, a platform that provides insights into industry hiring trends, added that \u201ctechnical skills still matter, but with AI now handling a lot of routine monitoring and detection, employers are placing greater value on human capabilities.\u201d<\/p>\n

While CISOs have been increasingly rethinking hiring to emphasize skills over degrees<\/a>, early-career professionals should expand their learning beyond mere certifications, Rouvelin advised.<\/p>\n

\u201cDemonstrating analytical thinking and teamwork in practical settings is now just as valuable as listing cloud security modules on a CV,\u201d Rouvelin said. \u201cEmployers are actively looking for that balance because it\u2019s where AI can\u2019t compete.\u201d<\/p>\n

The certification trap and broken pipelines<\/h2>\n

Other experts argued that an over reliance on CVs and certifications<\/a> is one of the biggest barriers to hiring success in cybersecurity because it acts to shut out otherwise qualified candidates.<\/p>\n

\u201cDespite bringing valuable experience and perspectives, people with 10 years of work experience are put off because there is a persisting emphasis on certifications,\u201d said Kieran Rowley<\/a>, director of community at cyber skills training firm Immersive Labs. \u201cIt\u2019s absurd that an industry facing a skills shortage overlooks talent simply because candidates lack the \u2018right\u2019 exams.\u201d<\/p>\n

Rowley added: \u201cA cybersecurity degree doesn\u2019t guarantee the best fit.\u201d<\/p>\n

Raghu Nandakumara<\/a>, VP of industry strategy at cybersecurity vendor Illumio, said the lack of a clear pathway from education to employment is acting as a barrier to entry into the profession and therefore contributing to the cyber skills gap.<\/p>\n

\u201cCurrently, talented individuals drift into other, more accessible fields as they struggle to find a clear pathway into cybersecurity,\u201d Nandakumara told CSO. \u201cWe lack the necessary follow-up support to guide individuals into the workforce.\u201d<\/p>\n

While apprenticeships and internships are valuable<\/a>, there simply aren\u2019t enough of them, according to Nandakumara.<\/p>\n

\u201cSmaller organizations lack the resources to offer such schemes, and the government needs to step in more to support these initiatives or to encourage more larger organizations to adopt them,\u201d Nandakumara added.<\/p>\n

Chris Wysopal<\/a>, chief security evangelist at Veracode, argued that the \u201centry-level pipeline in cyber security is broken.\u201d<\/p>\n

\u201cMany of the best potential practitioners aren\u2019t university types, but unconventional talent like gamers, builders, and deep thinkers found in online communities,\u201d Wysopal said.<\/p>\n

Criminalizing hacker behavior is a shortsighted move that\u2019s costing the industry an opportunity to recruit more than viable candidates, according to Wysopal.<\/p>\n

\u201cWhen it comes to hacking, not every teenager who tricked someone into handing over a password should be branded a criminal for life,\u201d Wysopal argued. \u201cWe need to distinguish between genuine cybercrime and youthful curiosity, the latter of which should be sought after in cyber recruitment.\u201d<\/p>\n

The AI effect<\/h2>\n

Cyber talent has always been in high demand<\/a> but this has intensified with threats increasing in both frequency and severity. The global cyber security skills gap<\/a> is estimated at 4.8 million, a 19% increase from 2024.<\/p>\n

\u201cAddressing these skills shortages, we are seeing more organizations turning to AI to do some of the heavy lifting, for example, in early threat detection and summarization,\u201d says Harvey Nash\u2019s Gaibee. \u201cThis is not replacing the need for cyber talent, just providing an effective way to manage the ever-increasing threats.\u201d<\/p>\n

Increased use of AI is changing the profile of candidates in demand, according to both Harvey Nash and other industry experts.<\/p>\n

IT skills will change, rather than be replaced, as AI takes over more repetitive tasks, according to a recent survey by IT management software vendor ManageEngine<\/a>.<\/p>\n

But Richard Watson<\/a>, global cybersecurity consulting leader at EY, recently told CSO that he believes the level-one SOC analyst role \u201cis going to be eradicated\u201d by AI eventually. As a result, CISOs and cyber pros need to emphasize skills such as business literacy and communication.<\/p>\n

\u201cThe role is shifting to be one of partnering and advising because a lot of the technology is doing the monitoring, triaging, quarantining, and so on,\u201d Watson told CSO\u2019s Christine Wong<\/a>.<\/p>\n

So, while technical skills will always be a key issue for cyber skills gaps, as AI takes on more technical tasks, the mix of skills CISOs are short on will increasingly include problem-solving, analytical thinking, and the range of people skills necessary to ensure a robust cybersecurity culture across the enterprise.<\/p>\n

Broadening talent pools<\/h2>\n

Rob Demain<\/a>, CEO of managed detection and response firm e2e-assure, said the vendor has amended its hiring process to make it more inclusive. As a result, one in 10 of e2e-assure\u2019s workforce identify as neurodiverse \u2014 an often overlooked talent pool for cybersecurity<\/a>.<\/p>\n

\u201cTheir strengths in pattern recognition, creative logic, and attention to detail directly map to the capabilities ISC2 highlights as most in demand and make us a stronger partner for our customers,\u201d Demain explained.<\/p>\n

Hannah Roome<\/a>, talent acquisition manager at cybersecurity services firm Bridewell, said the vendor is actively trying to increase diversity and expand its hiring scope by reaching out to universities, industry groups, and those seeking a change of career.<\/p>\n

\u201cWe deliver workshops, presentations, and Q&As to schools, colleges, universities and professional membership organizations such as SANS, WiCyS [Women in Cyber Security], TechVets, and the Career Transition Partnership, both of which support those leaving the military,\u201d said Roome. \u201cMany of these schools and colleges support underprivileged communities from a diverse set of backgrounds.\u201d<\/p>\n

Illumio\u2019s Nandakumara argued that rather than concentrating on pre-existing technical knowledge in candidates, cybersecurity hiring should focus on creativity, critical thinking, and willingness to learn.<\/p>\n

\u201cThese skills are much harder to teach than technical ones,\u201d Nandakumara argued. \u201cBy valuing aptitude and diverse experiences, the industry can attract non-traditional talent and build a more inclusive workforce.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Teamwork, problem-solving, and analytical thinking outrank core technical skills such as data security and cloud security as criteria for hiring entry-level cybersecurity staff today, according to a report from ISC2. The cybersecurity training and certification organization\u2019s Cybersecurity Hiring Trends study also found that AI\u2019s growing role in cybersecurity is shifting hiring priorities, with managers placing […]<\/p>\n","protected":false},"author":0,"featured_media":4921,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4920","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4920"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4920"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4920\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4921"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}