ISACA’s 11th annual State of Cybersecurity report, released last October, highlighted a continued decline in open roles. At the time, it was reported that economic conditions – especially in the US – appeared to discourage employees from leaving their current positions.
ISACA will soon field its annual cybersecurity workforce survey for 2025 and, while that data is not yet known, lingering economic uncertainty coupled with policy changes, and reductions within the US federal workforce, are early indicators that this year’s reporting will affirm what many job seekers already know – employment opportunities are fewer and farther between.
Others considering a job change or who find themselves in the unfortunate position of being let go should know that the once highly lucrative “sellers” market is well beyond us.
This real estate analogy is fitting in the sense that sellers (cybersecurity job applicants or employees) increasingly outnumbering buyers (enterprises seeking qualified candidates).
While it is unlikely that salaries are expected to drop significantly, one cannot ignore the fact that any abundance in supply (of any good or service) is likely to result in job offers that favor employers.
Admittedly, this characterization of the workforce is not universal, especially in the case of niche skills and experience. But for many newcomers, landing one of those alleged massive numbers of unfilled cybersecurity jobs is difficult if not downright unattainable.
Ongoing economic uncertainty, enterprise profitability metrics, and employer preference for familiar hires stifles opportunity, as do widely known barriers to entry such as gatekeeping, unreasonable job descriptions, and too few entry-level jobs.
Skilled cybersecurity professionals are also likely to experience greater difficult as the number of displaced workers increase. Unfortunately, this is only part of the equation.
It is not uncommon for highly qualified candidates to apply for positions that lacked funding to hire. Similarly, those involved in talent acquisition may collect resumes simply to build pools of candidates for future opportunities.
Employers who fail to disclose lengthy hiring processes or ghost applicants compound the situation. While none of these things are ideal, job seekers can find solace knowing that each of these are largely outside their control.
Now more than ever, job seekers must be self-motivated to differentiate themselves from other candidates. To do this effectively requires an awareness of the job market and trends shaping the workforce.
Additionally, it requires a hard look at one’s own strengths and areas for improvement in relationship to available opportunities. What follows are a handful of ways to help differentiate yourself from others seeking finite job openings.
Five Ways to Stand Out in a Competitive Cybersecurity Job Market
Be Strategic
Although certifications remain an important validation of one’s knowledge and skills, they are not all the same. Pursuing credentials of lower relevance to short-term employment goals may result in wasted time and money. Certifications intended to validate foundational knowledge would typically not be beneficial for someone with solid work experience in any occupation. Similarly, those new to the workforce (and even many career changers) wouldn’t meet the job experience requirements associated with many intermediate or advanced certifications. Certifications with a mix of knowledge and performance-based elements, such as ISACA’s Certified Cybersecurity Operations Analyst (CCOA) credential, are worth exploring for early-career security professionals.
Be Aware of Technological Trends
Despite not showing up in any strong numbers on job postings, artificial intelligence and automation skills are highly sought after. Cybersecurity professionals are not only using AI-enabled solutions but also must assist business leaders as they source sound options.
Hone Your Business Skills
Year over year, soft skills are highlighted as the top skill for this workforce. Communication skills – oral and written – are imperative. Cybersecurity is a business enabler which requires collaboration and teamwork. As a protection-oriented profession, it also necessitates integrity and a great deal of empathy. Additionally, ensure you have proficiency with common productivity software.
Develop Hands-On Experience
Whether you’re a seasoned professional or new to the workforce, we now live in an era whereby lifelong learning has transformed into lifelong employability. Just as a CEO is responsible for corporate success, you are ultimate responsible for charting a successful career. Experience does not necessarily need to be paid. In fact, non-profits are a great opportunity to volunteer and build your resume. Additionally, seek out programs that teach both knowledge and practical skills. If you want to work in cybersecurity, the overwhelming demand is forecast to be analytical in nature.
Be An Active Part of The Mentoring Lifecycle
Few can afford not to have a mentor, but being a mentee is not just for those early in their career. Mentors can and should change as you grow – not just at work, but in life. Again, take control of your life and career.
