The Threat Landscape in 2024

The SolarWinds Day: A Trusted Vision for Government IT event in March of this year painted a stark picture of the threat landscape as it currently stands. SolarWinds CEO Sudhakar Ramakrishna explained that private and public organizations are fighting an “asymmetric war” with bad actors, while the panel discussion highlighted a troubling shift from intellectual property theft and disruption of the private sector to the targeting of critical infrastructure, such as hospitals.

All the while, artificial intelligence (AI) and machine learning (ML) are making for ever more sophisticated attacks, and this has accelerated the demand for skilled cybersecurity professionals. In-demand roles include cybersecurity engineers, infosec analysts, network security architects, penetration testers, application security engineers, malware analysts, and computer forensics experts. In many organizations, budget constraints still mean a single person may be expected to fill multiple of these roles. That’s a tall order in a market where even finding one qualified candidate is challenging.

What Makes a Cybersecurity Pro?

Mastering the fundamentals of data transmission and networking forms the foundation of a cybersecurity career. The ideal candidate must be able to secure these networks against unauthorized access using firewalls, VPNs, and other specialized tools. But this is only the beginning. With decentralized applications, hybrid work environments, and multi-cloud deployments now standard, cybersecurity pros must also be skilled in:

  • Security information and event management (SIEM)
  • Intrusion detection and prevention
  • Penetration testing
  • Endpoint detection and response (EDR)
  • Cloud security monitoring
Beyond tech know-how, cybersecurity pros should also have a range of soft skills, among them attention to detail, critical thinking, and a knack for clear communication. Given the requirements, the truly perfect candidate may be a rarity. As one article puts it: “Too many organizations hiring cybersecurity talent are looking for unicorns—those candidates who are able to check off every single box on the application form. It is important to remember that technical skills can often be taught.”

Searching for the Root of the Talent Crisis

It’s not just the proliferation of cyberattacks that is driving demand for security pros beyond what the talent market can provide. Poor uptake of STEM subjects and outdated curricula have been cited as reasons why the education sector is failing to produce the cybersecurity professionals the IT industry so desperately needs. Given the danger posed to public sector enterprises, some form of government intervention seems sensible.

In the UK, the Department for Science, Innovation, and Technology (DSIT) this year launched a drive to get more people to sign up for Digital Skills Bootcamps in cloud computing, cybersecurity, software development, and more. £550 million of funding is aiming to upskill 64,000 people through boot camps by 2025. In the meantime, what can enterprises do to take matters into their own hands?

The Power of Human Sustainability

Sometimes, the answer comes from within. One article encourages leaders to adopt a human sustainability mindset and invest in training programs so employees can add new skills to their resumes. “This (helps) the company bridge critical talent gaps while demonstrating a commitment to investment in their employees’ development.” The piece also advocates for “rotating high performers across different domains to prevent stagnation while cultivating a broader range of expertise. Additionally, providing opportunities for employees to connect with in-house industry thought leaders is a proven strategy.”

If your enterprise is consistently unable to fill key roles, why not identify the cybersecurity leaders in your org and put processes in place that allow them to educate colleagues? Proactive internal approaches like this return agency to your enterprise. Consistently cultivating an educated workforce means that, over time, organizations can insulate themselves from the worst effects of the talent crisis while keeping their data safe from threats.

Essential Cybersecurity Tools

While humans are the heart of any security program, the right tools help protect them from overload and reduce the risk of costly mistakes. A multi-layered security approach in 2025 typically includes:

  • Next-Generation Firewalls (NGFWs) with deep packet inspection and intrusion prevention offer more sophisticated inspection capabilities than their predecessors, including deep packet inspection and intrusion prevention systems.
  • Security Information and Event Management (SIEM) systems provide real-time analysis of security alerts generated by applications and network hardware.
  • Endpoint Detection and Response (EDR) solutions offer continuous monitoring and response to advanced threats.
  • AI/ML-driven security analytics to identify emerging threats and suspicious patterns.
  • Cloud Access Security Brokers (CASBs) for visibility and control in cloud environments.
  • Secrets management solutions to protect credentials and sensitive DevOps resources.

Rethinking the Modern Enterprise

Traditional hiring models assume that fully trained, “ready-to-go” experts are the best way to fill cybersecurity roles. But in today’s market, that’s often unrealistic. Forward-thinking leaders are reimagining their organizations as learning ecosystems.

By embedding continuous education into their operations, whether through bootcamps, certifications, or internal training programs, organizations can create a steady flow of skilled professionals who are loyal to the company that invested in them. This reduces dependence on an unpredictable talent market and helps ensure critical roles are filled by people who understand the organization’s systems and culture.

The result is a more resilient, self-sustaining security posture that can adapt to evolving threats without being at the mercy of external hiring trends.

Could the biggest threat be coming from within your organization? Read Sascha’s article on shadow AI here.

This article was originally published on November 6, 2024, and updated on September 9, 2025