How to secure a job in cybersecurity in 2025
With job losses everywhere, how is cybersecurity thriving?
Before we begin, subscribe to our page and newsletter. We will share stories on how people actually got these roles and how you can get these roles as well. Without the recruiter speak and all for free.
Introduction:
As technology workers and generally everyone, we are living through one of the largest workforce reductions in history [1]. From the US government’s slash and burn through what we have taken to calling the AI winter. Every organisation is letting people go. The technology industry has seen huge falls, whether through stealth by return to office mandates [2] or through direct redundancies [3] or attempted performance management [4].
Why Cyber?
There is one part of the business that has not seen any major reductions across most organisations and that has been cybersecurity. The reason for this is straightforward, as the world descends into chaos, we’ve seen a shadow war breakout. The recent hacks on US critical infrastructure by the Chinese [5], as well a huge surge in DDOS campaigns [6] stopped any thoughts of security workforce reductions and instead we have seen a continued demand for these roles to protect businesses.
Cybersecurity roles
Now that we have clarified why cybersecurity is continuing to thrive, let dive into the types of cybersecurity roles available. We can broadly divide organisations into three categories, Vendors, Integrators and Customers, and we can divide roles into two categories, Governance, Risk and Compliance (GRC) and Technical Roles. We can again sub-divide this category further, but for the purposes of this article we will leave it as is. The roles are different across the different organisations and the mentalities and ease at which you could get these roles are different and the skills need are different.
Vendor Roles
The first half of 2025 will be a horror half year for vendors. 2024 saw customers tighten their belts and consolidate the number of vendors they have. This has led to intense competition and severe belt tightening on the part of vendors. There have been large redundancies and hiring freezes across the board. Further as interest rates are sky high we expect this to continue until mid-year and later. The biggest driver of change would be an interest rate cuts, which will take time to flow through the economy. If there is a cut in February, it will take until June/July for the impacts to be felt.
There are lots of cybersecurity vendors, and organisations that prevent DDOS, Ransomware or provide api security will be the biggest drivers of growth, as these attacks are most common today. In vendors there are a few types of roles, Sales and Marketing, Sales Engineering, Account management, and professional services.
If you have experience in enterprise sales, there is a huge demand for this in vendor organisations as they need to rebuild relationships with their customers. If you don’t smaller vendors need salespeople to help get their products out there. Similarly, cybersecurity firms have traditionally very poor marketing. People with demonstrable experience in marketing will have a leg up. Unfortunately, both these roles need experience especially in our current market. Having a strong network and the ability to leverage that network will be key.
Sales Engineering is another role that is common across vendors and requires some form of experience. The next big thing is cloud and api security. If you have experience with these solutions, AWS, Azure, GCP or with securing APIs there will be a huge demand for you. The challenge is demonstrating this experience to potential employers.
Professional Services is probably the easiest path to get into a vendor organisation. You will need to have strong fundamentals in networking, or identity or whatever area of cyber you are getting into. These roles traditionally have required minimum work experience; however, we expect this to change due the large pool of applicants. Being able to demonstrate knowledge and the ability to problem solve on your feet will be the keys to this role.
GRC roles in vendor organisations are going to be hard to come by. They need significant experience and is generally hired directly from customer organisations. This is due to the specialised level of knowledge needed to understand interpret the GRC requirements. For example, a bank has far different requirements to an ecommerce platform.
System Integrators and Consultancies:
A systems integrator sits between the vendor and customer and helps customer implement and utilise solutions by providing on demand specialist services. This saves the customer from having to hire and train staff to work on one product. Systems integrators are relatively the easiest places to get roles at. They can serve as starting point for your career and the salaries match that expectation. SIs range in size and type from the Indian consultancies (Wipro, TCS, etc) to highly boutique firms that are started by experts.
These firms are always hiring, but hours are long, salaries low and the work is focused. To get into one of these you will need to show enthusiasm, an understanding of the technologies they specialise in or a willingness to learn, and the way that we have seen it done in the past, is by reaching out directly. From our research this has involved outreach over LinkedIn to hiring managers, a phone call, meeting at industry events. Networking is most effective here.
SIs are looking for technical staff, project managers, sales, business analysts and everyone else. GRC focused organisations are looking for GRC specialists.
Customers:
The final group is customers. Large enterprise organisations are looking for experienced staff, and as with vendors, they have paused hiring for the end of 2024 but we expect this to pick up this year. The easiest way to get an interview at any customer organisation is by a referral. We have seen little success with just stellar resumes in this space. If you do not know anyone to recommend you, go out and network, meet friends of friends, join industry panels and discussion groups.
Recruiters, Resume Writers, and Others:
Single word “No”. Cybersecurity is a pretty complex world, we have found the majority of people find recruiters useless for non-exec roles. They act as middlemen that do nothing. This is the same with resume writers, being able to write without context is easy to identify and ensures your resume goes on the rejection pile. The same is true for AI. Instead take some time to write out your resume and read it a few times. Ensure that it is free from major errors and ensure that you highlight your major successes.
Conclusion:
We hope this helps you understand how you can break into the industry. If you need any specialist guidance, please don’t hesitate to reach out with your questions. We cannot help you get a job, nor will we push you down misleading avenues. For more on the pulse of the cybersecurity industry subscribe to our page and newsletter.
References
[1] https://fortune.com/2023/06/01/tech-layoffs-worst-since-dot-com-bubble-burst/
[4] https://www.theregister.com/2024/01/15/cloudflare_viral_firing_video/
[5] https://www.washingtonpost.com/technology/2025/02/03/cisa-china-trump-noem-hacking-cyberthreats/