As automation reshapes the IT landscape, demand for high-specialisation cybersecurity professionals surges, highlighting a critical talent gap, competitive salaries, and evolving hiring strategies amid increasing regulatory and geopolitical pressures.
The tech labour market has bifurcated: while large swathes of general software work face contraction amid AI-driven productivity gains, demand for specialised cybersecurity talent has hardened into what many industry obser...
Continue Reading This Article
Enjoy this article as well as all of our content, including reports, news, tips and more.
By registering or signing into your SRM Today account, you agree to SRM Today's Terms of Use and consent to the processing of your personal information as described in our Privacy Policy.
A persistent talent shortfall
Multiple industry studies indicate a multi‑million shortfall in skilled defenders. Vinova cites a projected 3.5 million unfilled cybersecurity roles globally in 2025; independent market reports estimate the gap remaining in the low‑to‑mid millions heading into 2026. According to the Scale Security Report 2025, 66% of security leaders are struggling to hire for skilled roles and enterprises have seen a 64% year‑over‑year increase in demand for IT security and cloud application security positions. Fortinet’s 2025 skills‑gap research similarly found more than half of organisations reporting recruitment difficulties for cloud and AI security roles. Industry data shows job postings and compensation have moved accordingly, with median US security salaries cited near the six‑figure mark and specialised positions commanding substantial premiums.
Why demand outlasts automation
The conventional argument that AI will obliterate IT jobs does not translate cleanly to cybersecurity. The Vinova piece and supporting reports highlight several reasons defenders remain hard to replace: the adversarial nature of security work, rapid attacker innovation (including AI‑assisted malware and social engineering), regulatory and legal judgement calls, and tasks requiring ethical or contextual nuance such as insider‑threat analysis, incident‑response decision‑making and forensic attribution. Fortinet found that while AI tools improve efficiency, human validation and strategic oversight remain essential; Scale’s report warns of burnout as leaders lean on a thin workforce to manage rising alert volumes.
Specialisation and “unicorn” skills
The market no longer prizes generalists alone. Cloud security architecture, DevSecOps, threat hunting, privacy engineering and AI security are repeatedly singled out as the highest‑demand disciplines. The ACSMI study and Scale report identify cloud security architects, application‑security testers (SAST/DAST/OWASP), and GRC specialists as critical shortages; compensation for these hands‑on experts is frequently 20–40% above baseline roles. Vinova’s analysis stresses the “experience trap”: organisations often seek senior, cross‑disciplinary talent but invest insufficiently in training, leaving a pipeline gap between junior entrants and the specialist hires employers demand.
Compensation, retention and workplace factors
High pay has followed the shortage: entry‑level security roles now commonly start well above typical IT salaries, experienced engineers and niche specialists command six‑figure packages, and CISO or AI security leadership can eclipse those levels in large organisations. Despite this, reports from Scale and Fortinet show turnover and burnout as dominant risks, Scale found turnover rates doubling for some teams year‑on‑year and Fortinet reported that more than half of security leaders expect staff departures due to extreme workloads. Axios reported that outdated hiring practices, limited remote options and conservative job titres, are making many large employers uncompetitive for top talent, underscoring that pay alone will not solve retention.
Divergent signals: automation, outsourcing and role consolidation
Not all market indicators point uniformly upward. Analyses such as the SC Media piece note declines in hiring for certain security roles amid adoption of managed security services and AI automation, and report falls in some Cloud Security Engineer openings since 2022 as organisations consolidate responsibilities. This suggests two parallel dynamics: automation and outsourcing reduce demand for some repeatable, rule‑based tasks, while demand for high‑skill, strategic, creative and investigatory roles intensifies. The net effect is a hollowing‑out of middling roles and a premium on T‑shaped professionals who combine deep specialism with adjacent skills such as software engineering, cloud operations or regulatory literacy.
Regulation, geopolitics and emerging drivers of demand
Regulatory and strategic factors are accelerating demand for certain skill sets. Vinova and other studies point to the EU AI Act and rising data‑sovereignty regimes as drivers for privacy engineers and AI governance specialists. Geopolitical tensions and the increasing militarisation of cyberspace are elevating the importance of OT/ICS security for critical infrastructure, roles which tend to be geographically “sticky” and often require clearance or local presence. Looking ahead, the industry must also prepare for quantum readiness, managing “harvest now, decrypt later” risks and migrating to post‑quantum cryptography, creating demand for cryptographic‑agility specialists.
Where employers are falling short
Several reports identify avoidable hiring frictions. Axios documents that many Fortune 100 job listings remain overly rigid on remote work and outdated in language; Scale and Fortinet emphasise inadequate career support, training and mental‑health provisions. At the same time, global wage inflation for security specialists is eroding classical offshoring advantages, and new data‑sovereignty laws make wholesale outsourcing of sensitive roles legally or operationally risky. The consequence is a hybrid labour model: centralise strategic roles near corporate leadership while using vetted, jurisdictionally compliant offshore capabilities for 24/7 operational coverage.
Practical implications for organisations and professionals
For employers: modernise hiring practices (flexible work, market‑aligned titles and pay), invest in upskilling and wellbeing to reduce churn, and adopt hybrid workforce models that balance onshore strategic control with offshore execution within appropriate legal frameworks. According to the Scale report and Fortinet research, targeted training and better‑designed roles materially improve recruitment and retention outcomes.
For professionals: the best career defence combines depth with complementary breadth. Hybrid profiles, DevSecOps engineers, AI security specialists, cloud security architects and privacy‑literate engineers, are the most resilient. Demonstrable production experience, the ability to operate across domains and continual updating of technical skills are consistently rewarded in the market.
A measured editorial verdict
The prevailing evidence supports Vinova’s central claim that cybersecurity represents one of the most resilient areas within IT employment today. But the picture is not monolithic: automation and managed services will reconfigure which security tasks are in‑house, and employers that fail to adapt hiring and retention practices risk losing the fight for scarce talent. The durable opportunities will accrue to organisations and individuals who treat security as a strategic, continuously evolving discipline, one that demands specialised human judgement, cross‑disciplinary skill and sustained investment in people as much as in tooling.
Vinova positions itself as a supplier of that specialised human capability, claiming to source vetted cloud and AI security talent from Southeast Asian hubs and to implement hybrid models that preserve onshore strategic control. The company’s approach illustrates the hybrid play many organisations are adopting: combine local leadership and oversight with global execution while navigating legal and sovereignty constraints. Whether through internal investment or external partners, building a resilient security workforce is now an operational necessity rather than a discretionary expense.
Source: Noah Wire Services
Subscribe to Industry Updates
