ISC2 recently published its 2025 Hiring Trends research report, uncovering the latest trends in recruitment, hiring and retention strategies for early-career cybersecurity talent. Building on that report, we are deep diving into the skills that cybersecurity managers value in early-career candidates and the responsibilities that they assign to entry- and junior-level professionals.
For the purposes of this research, “early career” does not only refer to those just graduating or entering the workforce for the first time. It also includes individuals who have recently transitioned into cybersecurity from other fields or those who have fewer than three years of experience in the cybersecurity profession—specifically under one year for entry-level professionals and one to three years for junior-level professionals.
This data is a resource for managers expanding their teams to include junior members, or for early-career job seekers looking to better understand the skills and experience hiring managers are looking for in candidates.
Research Design: Rating and Ranking Skills
The survey provided cybersecurity hiring managers with a list of 45 skills spanning nontechnical, technical and personality-related attributes. Respondents rated how important it was for entry- and junior-level candidates to be familiar with each skill listed — from “very important” to “not at all important.”
Next, they rank ordered those skills they considered important. For our analysis, we reported the rank order results—meaning we focused on the skills that most often ranked top on participants’ lists, rather than whether they were considered important generally.
Non-Technical Skills
For nontechnical skills, the top two spots went to what may seem like opposing qualities: teamwork and the ability to work independently. This ranking reflects the reality of cybersecurity roles, where professionals need to collaborate closely across teams within an organization (e.g., as consultative advisors to product teams or lines of business or in “war room” scenarios after a major threat or incident) but also handle certain tasks, such as prioritizing and investigating alerts, on their own or within a small security team.
Personality Attributes
The top-ranked personality attributes this year were problem solving, analytical thinking and critical thinking. These results suggest that hiring managers are prioritizing entry- and junior-level cybersecurity candidates who can approach and tackle complex challenges thoughtfully and strategically.
Technical Concepts
The top technical skills identified were data security (encryption, handling and monitoring), followed by cloud security and data analysis.
We also looked at how the top five technical concepts, nontechnical skills and personality attributes have changed (or haven’t) over the last three years since we last surveyed on this subject:
At first glance, the top five technical skills have shown little change since 2022. Data security and cloud security continue to hold the top two spots, while data analysis has risen to third place. These are followed by AI skills and risk assessment/management. The increased focus on AI skills is not surprising given the rapidly evolving and escalating cyber threats that AI is enabling.
For nontechnical skills, we see a similar trend, with the top two remaining unchanged from 2022. This year, verbal communication, project management and documentation skills followed behind. Meanwhile, customer service experience and presentation skills, which were much higher in 2022, dropped toward the bottom of this year’s list. This shift suggests organizations are prioritizing skills that strengthen internal team performance and operational focus, rather than external-facing abilities.
For personality attributes, problem-solving once again claimed the top spot. Analytical and critical thinking – possibly driven by the increased use of AI – rose in importance this year, followed by a desire to learn and attention to detail. Notably, creativity—which ranked second in 2022—fell out of the top five.
Overall Rankings
When we look across the combined list of technical, nontechnical and personality attributes, our findings showed that the highest-ranked skills were not purely technical. Teamwork, problem-solving and analytical thinking topped the list, ahead of technical skills for data security and cloud security.
This rank order shouldn’t be taken as a dismissal of technical skills. Nontechnical and personality attributes are qualities that employers may find challenging to teach or may not typically invest in training for. In contrast, technical skills may exist already in many candidates’ backgrounds or be seen as something that can be developed through on-the-job training.
As previously noted, the impact of AI cannot be overlooked. As AI tools become more capable of handling certain technical functions, the human skills that AI cannot replicate may be becoming more valuable. This aligns with our findings from the 2024 ISC2 Cybersecurity Workforce Study, where nontechnical skills topped hiring managers’ priority lists. In addition, 51% of respondents agreed that “nontechnical skills will be more important for cybersecurity professionals in an AI-driven world.”
This changing composition is an important takeaway for early-career cybersecurity job seekers: Focus on showcasing strengths in areas such as teamwork, problem solving, critical thinking and analytical thinking. While most hiring managers we surveyed (84%) use skill-based assessments in the hiring process, they are also looking for strong nontechnical skills.
Matching Skills with Experience
Lastly, we asked hiring managers to select the level of experience required to complete this list of technical tasks. Our goal with this exercise was to better understand the types of tasks or responsibilities an entry- or junior-level professional could reasonably handle. The list of tasks was compiled through in-depth interviews with numerous cybersecurity managers as part of the research design phase and is not intended to be an exhaustive list.
We found that the top four skills that hiring managers say entry-level cybersecurity professionals can perform are documentation (processes, procedures), alert and event management, reporting (developing, producing) and physical access controls.
For junior-level cybersecurity professionals, the range of responsibilities expands significantly, with about double the amount of hiring managers stating these tasks can be handled at this level. Their top five include backup, recovery and business continuity, intrusion detection, alert and event management, endpoint remediation and penetration testing.
In contrast, hiring managers identified forensics, governance, secure software development, cloud security and endpoint security as the top tasks that should be reserved for more experienced professionals.
Interestingly, managers view junior-level professionals as being capable of handling many of the responsibilities included in this list. Forensics was the only area that managers leaned more towards experienced (43%) than junior-level (40%) professionals.
Building More Resilient Teams
This ISC2 research enables hiring managers and leaders to understand the skills their peers identify as most important for junior- and entry-level team members, as well as what tasks they can be assigned to quickly learn on the job. Hiring managers can use these findings to ensure they are rounding out their organizations’ security team at large, addressing any gaps in the critical skills needed to build a cyber-resilient organization. This research also helps hiring managers to create job requisitions that align to expected skillsets for entry- and junior-level roles.
For those individuals looking to start or grow a career in cybersecurity, these research insights can help them understand the knowledge, skills and abilities they need to demonstrate to employers their strengths and willingness to grow.
Methodology
The report is based on our survey of 929 hiring managers across organizations of all sizes in Canada, Germany, India, Japan, the U.K. and the U.S.—six countries with established or growing cybersecurity staffing needs. The survey was fielded in December 2024.
We focused on entry- and junior-level talent for several reasons. Over years of studying the cybersecurity hiring landscape, we have observed that workloads are growing heavier while many teams lack the budget or infrastructure to properly onboard new hires or upskill existing team members. As a result, succession planning is falling by the wayside. In fact, 44% of the hiring managers that participated in this research said they don’t do enough succession planning for their team, and more than half (58%) said they are concerned about attrition among entry- and junior-level team members.
Our goal with this study was to highlight the current challenges—and opportunities—and offer recommendations for cybersecurity hiring managers, HR professionals and early-career cybersecurity candidates navigating today’s market. By providing these insights, we hope to shed light on ways cyber teams and candidates can align expectations across these stages of the employee lifecycle.
.png?h=500&iar=0&w=500)
