What is new about Cybersecurity in 2024 that you need to understand?

1.Approaching an Infliction Point of Popularity

“The stone that the builder refuses becomes the head corner stone.”

Most people don’t care about cybersecurity in reference to their everyday life. It it is often the case that the things in life that we ignore become increasingly important. Cybersecurity is such a thing. The more that the people trust businesses the more that businesses must invest in cybersecurity. Which mean more jobs in the field and all around us in tech where we see layoffs we still see cybersecurity growth. Now this is to discredit the experiences of those who have been laid off, and have trouble finding new opportunities. I believe the problem that these professionals are running into is the very subject of this article: The Cybersecurity Industry Has Changed.

Have your skills grown and does your resume reflect that?

Issues with software supply chains have opened up companies and governments to attacks that have been successful. CISOs are going to jail for failing to preform their duties appropriately. Congress is getting briefed on nation state threats to U.S. Infrastructure. Cybercrime is a $7Trillion dollar problem. Wars are now and forever more expected to be waged on land, sea, air, space, and cyberspace. Tik Tok is threatened with a ban due to privacy issues. We have global protections for data privacy from the EU that are less than 10 years old. An ultrarich college dropout, who started with a website liking pictures of people we knew, apologized to the nation for cyberbullying.

2. Automation Is Not Optional

Lack of automation leads to more time working, and how much time do we realistically have? The smart play is to document define your processes and automate. When you have exams for certifications based on understanding of scripting languages for professionals its time to call the trend. I wouldn’t walk into a new technical security role without a library of python, PowerShell, and bash scripts.

Ethical Hacking and Cybersecurity courses that don’t at least touch on the subject will teach you the foundations of cybersecurity but leave you lacking a critical skill needed for the job market. Python and bash scripting are requested skill on many of the job descriptions online as you read or listen to this. All of the nation state actors and successful security researchers are using automation. This means Automation as a skill is no longer optional to be competitive.

3. AI Enhanced Skills are Not Required Yet, But You Should Learn Now

When the ambassadors of bug bounty hunting (an approach of finding bugs in the external facing apps of various organizations) start raising the bar of how they find security issues using Large Language Models (LLMs) and foundational tools like VIM (a unix base text editor). The LLM is used to augment the human to create better results than would be produced individually.

Due to the fact that bug bounties convert to real money and any advantage is incentivized right away it would be a strong educated guess that we will see this skill duplicated and implemented in different ways.
Here is the Nahamsec Video VIM+AI for Pentesting

Local LLMs availability in tools like NEOVIM has plenty of use cases to be discovered.

4. Increased Prevalence of Skilled Cybersecurity Content Creators

With more and more high level cybersecurity content and a large pool of people trying to break into the industry it is ok to be honest about the difficulty of initial success. Just saying it out loud may make many who have been trying start to feel a little bit of relief start to surround places where they felt nothing but pressure.

The availability of knowledge through various forms of content means can result in a few elevated areas of expectation for cybersecurity professionals.

• Better communication - Hiding in the corner doesn’t work for the introverted techie anymore you are expected to communicate frequently if you want space. The success of the content creator reminds us that its not the most skilled that will be victorious but the one who is best at communicating the utility of that skill.

• More capabilities- Have you ever heard an electrician complaining that DIY videos create clients with extra hard jobs, well sometimes our leaders can turn into this. More often than not when teams are looking for talent they are looking for people with expanding skills that the daily work usually does not maintain. Videos from independent projects feature tools and methods that your organization’s red tape may not allow. It is important that when you are seeking employment in cybersecurity you understand the expectations of your employer and only accept roles where the employer supports your pursuit of these expectations appropriately. Don’t compare yourself to consultants and careerist right away. Trust me those guys had a long build up.

• You Should Be Informed - Contrary to how people may look at me, I’m not interested in competition. Yet, the cybersecurity industry is not monolithic and while we are seeing an addition to the industry by way of collaborative culture the industry can be equally competitive. One way you may see this manifest is when someone’s favorite youtuber speaks about the latest attack and you missed it because you were being a parent. The ask right before the meeting starts when the entire team is present erupts “Did you see the latest John Hammond about (insert cool shit here)?” My advice avoid this trap with your own hacks. Check out our article on RSS feeds to stay informed. Consider creating an automated cliff notes with IFTT plus AI summaries of transcripts from videos.

The landscape is different, you should evolve along with it.