The Modern Cyber Workforce

From cyber operation centers to social media cyber influencers, the cyber workforce is evolving, especially in just the last few years. On the technology side, new cyber capabilities, advanced information technology and, not to mention, the latest artificial intelligence (AI) revolution are all shaping how the cyber workforce performs its tasks. 

From entry-level cyber operators to more experienced cyber personnel, even the skills that are needed are shifting, according to Simone Petrella, board member, N2K Networks.

“We have spent the last 10 years talking a lot about the skills gap and the cyber workforce gap, and how many opportunities there are in cybersecurity,” she said. “But today, I think there are a lot of things impacting the cybersecurity workforce, and they’re more than just a skills gap.”

Petrella spoke on a panel with other cyber experts at The Cyber Guild’s annual conference in Crystal City, Virginia, in October, hosted by Debbie Sallis, the guild’s executive director, at AWS Virginia Headquarters.

A 20-year veteran of the cyber industry, specializing in cyber threat intelligence for the Department of Defense and the Intelligence Community, Petrella sees how AI and new IT, and the ever-present and growing sophistication of global cyber threats, are all impacting the needs and makeup of the cyber workforce—not to mention geopolitics that are impacting the corporate sector and the government.

“We have tariffs, we have an uncertain economy,” the board member said. “We have companies that are grappling with a lot of uncertainty in their decision-making. We have technology that is impacting the skills we need. We have AI, we have generative AI and we have shifting priorities, and that is all against the backdrop of the reality that security, whether we like it or not, has often been viewed as a cost center and not a revenue generator.”

Meanwhile, for DXC Technology, based in Ashburn, Virginia, these changes mean taking a comprehensive examination of their cyber arm, including their cyber security operations center, or SOC, explained Dawn-Marie Vaughn, global offering lead for cybersecurity, DXC Technology.

“We are really taking a deep dive of what skills are being shifted now because of all the new technologies and AI, which are two separate things.”

The company’s prescriptive look involves mapping out how to effectively position the company’s cyber workforce to adapt to these changes, even without knowing the full outcomes or scope of what that may be.

“With agentic AI, for instance, in our SOC, [it is about] what those roles will transition to,” she stated. “In the SOC, there is going to be a significant reduction in the ‘L1s,’ the lower-tier cyber operators who are triaging and just getting rid of the noise.”

Because AI and other new capabilities can perform basic-level cyber triaging, it may mean a reconfiguration of their cyber talent to other areas or evolving roles.

“There is going to have to be a fundamental shift of even the qualifications that we would look for that, which are not so technical either, like critical thinking, being able to evaluate things, putting together chain of thought, chaining all of the threats together that may relate to a vulnerability or an exploitable,” Vaughn noted. “We are starting that review now. There are a lot of unknowns, so we are still looking forward to adapting and being able to take a look at how we are going to move up the L1s and then L2s to L3s as well.” 

The changes are impacting cyber workforce considerations in the financial sector. At the second-largest global payment network, Mastercard Inc., the company is looking at ‘outside-the-box’ cybersecurity personnel capacities, said Alissa Abdullah, deputy chief security officer, Mastercard.

“The adversary is not saying you need a degree in cybersecurity in order to hack into the network,” Abdullah emphasized. “The adversary is not doing that. So, we are trying to mimic that type of thought process. We look at experiences, and then we look at some things that people have, that the adversary has. That is how we look at cybersecurity and talent at Mastercard, how we bring talent in.”

Even at the ISC2, the cybersecurity certification professional association that issues the well-known Certified Information Systems Security Professional (CISSP) certification, officials are looking at cyber workforce challenges in a “different way,” said Dwan Jones, director, Diversity, Equity and Inclusion, ISC2. 

Among other efforts, the association is helping organizations, including cyber leaders and managers, figure out how to bring in adroit new cyber talent.

“It is helping them understand that it is not necessarily going to come from the degree,” Jones said. “And this is going to be awkward for me to say, because ISC2 is all about certifications, but it doesn’t necessarily require certifications now. It is about helping leaders understand that you need to look for aptitude. Do they have the ability to gain the skills to do what you need them to do? And to also understand that the road to success doesn’t necessarily go through the four-year degree and then the CISSP.”

In addition, hiring managers and cyber leaders should also be aware of adversarial dupes in digital job interviews, the cyber experts warned. “We are seeing it now,” said Abdullah. “We are seeing stories of where nation states are doing the interviews for people, and especially if the interview is not in person and on video, they are faking. Then they will send someone to come pick up the corporate laptop and take it to a laptop farm, where they have all these different companies’ laptops. These things are happening, and it is happening at a very, very fast pace.”

For SentinelOne, the Mountain View, California-based cybersecurity company, it is about finding cyber workforce talent that can handle the rapid pace of change of cybersecurity threats. “When we think about talent, we think about what is coming, especially what our customers are facing, and finding people that can help us solve our customers’ most critical problems,” said Erin Kelly, assistant vice president, Global Internal Communications and Talent Brand. 

The cybersecurity company is naturally looking for people with cyber operations experience, but also people with “durable skills,” Kelly shared. 

Soft or durable skills—psychosocial abilities across problem solving, critical thinking, public speaking, collaboration, professional writing, teamwork, digital literacy, leadership and work ethic—are more important than ever in the cyber field.

“Responding to incidents, it is absolutely a team sport,” Kelly noted. “You have to be able to collaborate cross-functionally, and you have to be likable. It is all those skills that we are looking for, really paired with experience. How curious are you? How have you embraced AI, not only in your professional life, but in your personal life? Because the one thing about this pace of change that we know is it has never been this high, and it is not ever going to get lower. This industry is just going to keep changing, and we need to find people who are ready to keep up with that rapid pace.” 

And while universities can provide cyber “book knowledge,” they really should offer students cyber ranges as part of their schooling, advised Vaughn. 

“This is something that we are working on building out,” she noted. “Academia does not provide that. Some of them have cyber ranges in the more progressive or mature programs. But in general, it is not real world, and literally, it changes so fast.”

Cyber practitioners need to be able to work in cyber ranges that have real-world exploits that are launched within a safe environment, enabling them to understand how exploits work and are built. 

DXC is even using these types of cyber ranges to evaluate possible cyber staff. “We are starting to use it for our L2s and L3s, to test them,” the DXC lead shared. “And they have to come in person and do it, so they cannot be faked.”

Additionally, the cybersecurity workforce might be found or encouraged through cyber-related social media influencers, said Caitlin Sarian, founder, director and handle of the “CyberSecurity Girl.” 

While it is common to see influencers in more popular industries—such as automotive (think Formula One racer Lewis Hamilton with 31.5 million Instagram followers) or beauty (makeup artist Huda Kattan with 52.1 million Instagram followers), according to the U.S. Chamber of Commerce—cybersecurity influencing has its place too, Sarian said, speaking during another panel at The Cyber Guild conference.

“We need to get to the next generation and teach the next generation what a career in cyber looks like,” Sarian advised. “It does not technically need to be coding. You can be any type of person and succeed as long as you’re excited.”

Her combination of educating the public about staying safe online, as well as getting more people—and younger people—interested in cyber as a career, has proven to be successful. See sidebar below for more information.

Lastly, Abdullah recommended that cyber hiring managers keep an open mind about what “real-world” cyber experience might entail. 

“I agree with having real-world experience, but real-world experience can manifest itself in various ways,” the Mastercard cyber executive said. “I was on a call interviewing a potential candidate, and he had no solid corporate or really structured experience. And I said, ‘Well, how do you know so much about cybersecurity?’ He said, ‘Oh, I have my own server room at home.’ And then we started talking through configurations and what types of cybersecurity challenges that he was seeing. You really have to think about the questions in a different way.”

In addition, Abdullah recently hired a police officer who wanted to leave the force and had a lot of experience with fake identification. He was perfect for the company’s identity management platform, she said. 

“He thinks about identities very, very differently than how technologists think about identities, and it really changed some of our solutions,” she stated. “It was very, very impactful.