The Cybersecurity Job Market: What the Data Reveals

The cybersecurity job market continues to evolve as regulatory complexity increases, technology advances, and organizations rethink how they build and retain cybersecurity talent. In a recent LinkedIn Live, Deidre Diamond, Founder and CEO of CyberSN, and Brian Correia, Director at SANS | GIAC, unpacked key findings from their respective cybersecurity workforce reports to better understand what’s driving cyber hiring and retention strategies in 2025.

The discussion drew on insights from the CyberSN U.S. Cybersecurity Job Posting Data Report 2025 and the 2025 SANS Global Cybersecurity Workforce Research Report, revealing a shared shift in focus: from quickly filling open cyber roles to now building cyber teams with the right skillset and investing in the development of current employees.

Which Cybersecurity Jobs are in High Demand in 2025?

CyberSN’s latest U.S. Cybersecurity Job Posting Data Report highlights areas of renewed demand for cyber talent, driven by regulatory requirements, shifting workforce strategies, a growing emphasis on governance, risk, and compliance (GRC) expertise, and the need to fill cyber capability gaps.

For the past three years, Security Engineer and Security Analyst functional roles have consistently had the highest number of job postings in cybersecurity. However, both roles continue to experience year-over-year declines. While these roles saw drops from 2022 to 2024, the rate of decrease has slowed, suggesting a potential stabilization in hiring demand:

Security Engineer

  • (-24.97%) from 2022 to 2024
  • (-4.68%) from 2023 to 2024

Security Analyst

  • (- 25.88%) from 2022 to 2024
  • (-13.87%) from 2023 to 2024

“It’s no surprise that Security Engineers and Analysts remain the top two cybersecurity roles, as they are the backbone of cyber teams, with more professionals in these positions than any other. They’re also feeder roles into leadership, making their decline a long-term risk for the industry,” said Diamond. 

Top 10 Cybersecurity Functional Roles with the Most Job Postings in 2024:

  1. Security Engineer – 64,300 job postings
  2. Security Analyst – 45,496 job postings
  3. DevSecOps – 36,020 job postings
  4. Cybersecurity/Privacy Attorney – 22,465 job postings
  5. Security Architect – 22,246 job postings
  6. Cybersecurity Manager – 17,975 job postings
  7. Identity and Access Management Engineer – 12,223 job postings
  8. Cybersecurity Specialist – 8,221 job postings
  9. Cyber Risk Analyst – 8,187 job postings
  10. Incident Responder – 7,639 job postings

Cybersecurity/Privacy Attorney roles surged by 40.74% in 2024, driven by increased regulatory pressures such as SEC breach reporting mandates and evolving privacy laws.

Top 10 Cybersecurity Functional Roles That Increased in 2024:

  1. Cybersecurity / Privacy Attorney (+40.74%)
  2. Red Teamer (+29.18%)
  3. Cybersecurity Sales Engineer (+26.22%)
  4. Cyber Threat Intelligence Analyst (+14.24%)
  5. Cybersecurity Specialist (+12.42%)
  6. Incident Responder (+12.14%)
  7. Product Security Engineer (+12.08%)
  8. Governance, Risk & Compliance (GRC) Analyst (+11.81%)
  9. Reverse Engineer / Malware Analyst (+6.66%)
  10. Cybersecurity Director (+4.91%)

“This spike is a direct reflection of how regulatory changes are shaping hiring practices,” Deidre noted. “From the SEC’s new breach reporting mandates to evolving privacy laws, organizations need legal expertise embedded in their security teams.”

Brian added that this trend aligns with what SANS is seeing globally. “New regulations like NIS2 and DORA are influencing how organizations hire, not just adding legal roles but demanding technical staff who understand compliance implications,” he said.

Hiring for Cybersecurity Skills, Not Just Cybersecurity Job Titles

One of the clearest takeaways from the SANS Report is that organizations are now prioritizing skill fit over hitting raw hiring numbers. For the first time, more respondents cited “not having the right staff” (52%) as a bigger challenge than “not enough staff” (48%).

“This is a fundamental shift,” said Brian. “Hiring used to be about filling seats. Now it’s about verifying skills and making sure people can actually do the work needed.”

Deidre emphasized this statement, “Organizations are mapping cyber capabilities across their teams and realizing it’s not about hiring more, it’s about building smarter.”

Internal Cybersecurity Training and Development Has Become a Bigger Priority

Both reports highlight a growing reliance on internal development and upskilling plans and strategies. The SANS Report found that, “55% of organizations now maintain formalized cybersecurity training programs, and 51% are prioritizing upskilling their current cyber workforce over hiring externally.”

“This isn’t just a retention tactic,” Brian explained. “It’s about survival. The organizations that thrive will be the ones investing in their people.” Deidre echoed this with a warning: “If you don’t invest in internal development, you’ll see burnout, stagnation, and ultimately failure. We’re seeing this clearly in the data.”

How AI and Regulations are Reshaping Cybersecurity Hiring

Automation and AI are transforming cybersecurity operations, and with them, the cyber skillsets required to succeed. “AI isn’t replacing cyber professionals, instead, it is shifting what we need from them,” said Brian. “We’re seeing demand for people who can work alongside automation tools and orchestrate complex environments.”

Deidre added: “These shifts, combined with the surge in regulatory requirements, are forcing organizations to make cyber workforce planning a board-level conversation.”

Rethinking Your Cybersecurity Workforce Strategy for Long-Term Success

The conversation between Deidre and Brian made it clear: building tomorrow’s cybersecurity team requires more than headcount. It requires:

  • Prioritizing verified skills over job titles
  • Creating internal pathways for talent growth
  • Aligning hiring strategies to emerging legal and tech requirements

“We’re at a turning point,” said Deidre. “Cybersecurity workforce planning can no longer be reactive; it must be deliberate, strategic, and grounded in real data.”

For a deeper dive into the cybersecurity job market and insights on building a better cyber workforce strategy, watch the full conversation between Deidre Diamond and Brian Correia.

Learn more about how CyberSN can help you find, retain, and develop the right cybersecurity talent for your organization.