IT Career Trends

Fresh intelligence from the Malt Tech Trends report has landed today, and we're turning our attention to cybersecurity, a field that, quietly and pretty urgently, has become one of the defining professional battlegrounds. In an era where artificial intelligence is outpacing regulatory thinking, one discipline has found itself in the spotlight, Governance, Risk, and Compliance (GRC). AI is conjuring entirely new compliance obligations. The EU AI Act, for example, is erecting a parallel compliance architecture alongside them, one that demands GRC professionals get to grips with concepts like high-risk system classification, algorithmic transparency, fundamental rights impact assessments, and model governance. This is a categorically different kind of challenge that businesses are waking up to. On Malt, more than half of all cybersecurity projects now concern GRC, a structural shift in how organisations think about risk.  +31% growth in demand for ISO 27001 expertise  +229% growth in demand for ISO 7816 And yet demand is outstripping supply. The freelance market is moving fast, but the need for specialist GRC expertise is moving faster, creating a genuine window of opportunity for those with the right skills. The market, in short, is no longer purely a technical one. Regulatory compliance has become every bit as powerful a demand driver as security engineering itself. For freelancers who've seen this shift coming, the timing couldn't be better. If you want the full picture on how cybersecurity is developing on Malt, click here to read the full insights: https://lnkd.in/e-78fU7Z

Rundown: Top 10 Emerging AI Cybersecurity Roles, the result of two years of industry tracking that reflect current market studies, desired competencies, and evolving security threats. What you need to know: - AI security roles pay significantly more than traditional security positions - Most AI security jobs offer remote work options - Traditional security infrastructure without AI capabilities faces declining organizational support - The current AI cybersecurity field offers early adopters exceptional chances for career advancement. Success requires more than technical knowledge; success depends on technical skills plus business acumen plus communication abilities. Start here: AI Cybersecurity Careers: The Complete Guide https://lnkd.in/dPRSgTXi 1: AI Offensive Orchestrator: https://lnkd.in/dPRSgTXi 2: AI/ML Security Engineer: https://lnkd.in/dYivWb4P 3: AI Security Specialist: https://lnkd.in/dvEvcD_T 4: AI Incident Response Orchestrator: https://lnkd.in/dx_4gSAM 5: AI Threat Intelligence Analyst & Orchestrator: https://lnkd.in/dWUixVse 6: AI Ethics & Compliance Officer: https://lnkd.in/d9eDtKm7 7: AI Prompt Engineer (Security Applications): https://lnkd.in/dwTk4-Kb 8: AI SOC Orchestrator: https://lnkd.in/dYKnvihv 9: AI Governance Lead (above): https://lnkd.in/dvnmsa2s 10: Quantum-AI Security Specialist: https://lnkd.in/dp7Q-TKd Bottom line: Rapid change makes continuous learning mandatory. You need knowledge of both AI and security, but nobody expects you to master both domains overnight. Good thing, because that would require multiple lifetimes and possibly some form of brain enhancement technology that doesn't exist yet. This is our perspective at SANS Institute. What are you seeing? What emerging security AI roles should also be on the industry's radar?

Cybersecurity predictions are easy. Preparing for them is the real challenge. Most organizations are still building defenses for yesterday’s threats. But the threat landscape is changing faster than most security programs. A few shifts already shaping the next phase of cybersecurity: → AI vs AI security battles Attackers are using AI to automate phishing, malware creation, and reconnaissance. Defenders are using AI to accelerate detection, correlation, and response. → Identity becoming the main attack surface Compromised credentials, session hijacking, and deepfake-enabled fraud are increasing. Identity is becoming the new perimeter. → Zero Trust moving from concept to default Continuous verification of users, devices, and applications is replacing one-time access. → Supply chain becoming a major entry point Attackers increasingly target smaller vendors to reach larger organizations. → Cloud and API exposure expanding Misconfigurations, excessive permissions, and poorly secured APIs remain common entry points. → Ransomware operations evolving Ransomware-as-a-Service lowers the barrier for attackers and increases the scale of attacks. → AI-powered phishing targeting employees Social engineering is becoming more realistic and harder to detect. → Encryption preparing for the quantum era Organizations are starting to evaluate post-quantum cryptography to future-proof data. → Regulation becoming stricter Cyber incidents now directly impact legal risk, reputation, and financial exposure. → Security becoming a board-level topic Cybersecurity is no longer just an IT function. It is a business responsibility. The big takeaway: Cybersecurity is moving from reactive defense to continuous risk management. And organizations that treat it only as a technical problem will struggle to keep up. Curious to hear your view: Which of these trends will have the biggest impact on organizations in the next few years? P.S. The cheat sheet below summarizes the 10 cybersecurity shifts many security teams are preparing for.

The worst thing you can do for your cybersecurity career in 2026? Play it safe. Right now, our entire field is being restructured in real time. AI is rewriting workflows. Cloud is dissolving perimeters. Systems are becoming too complex for any one human to fully understand. And yet… Many security professionals are still optimizing for "stability". The attacker never plays it safe. Why do you? Grady Booch argues we’re entering a third golden age of software engineering; one defined not by individual programs, but by vast, interconnected systems. Every one of those systems is an attack surface. In this era, the professionals who matter most are those who can reason about: • How trust propagates • Where it breaks • How complexity hides failure • Primarily: How AI accelerates both innovation and exploitation That’s not a certification. That’s systems thinking. The uncomfortable truth If your strategy is: → Collect certifications → Stay in procedural roles: Create JIRA's, review JIRA's, assign JIRA's → Wait for that “dream role” to notice you You’re building a profile that looks like 10,000 others. CISSP. CISM. CEH. All valuable, No question. But if that’s the whole plan? You’re interchangeable. And AI is coming for the "interchangeable" roles first: • Alert triage • Vulnerability Managment, run tool->create tickets->escalate ticket • Checklist compliance • Pattern matching at scale If that sounds close to your day-to-day, that discomfort is data. This moment belongs to systems thinkers. AI coding tools are excellent at reproducing the patterns of the past. Which means they’re also excellent at reproducing the vulnerabilities of the past, but at scale inside systems their builders and defenders don’t fully understand. Someone has to catch that. Not the person who memorized the OWASP Top 10 and stopped. But the: • Analyst who learned to code n build custom detections • The Pentester who went deep into cloud architecture, chained vulnerabilities. • The Compliance lead who pivoted into threat modeling, Compliance-shift-left. • Engineer who studies failure modes, designs "resilience" not just exploits This is the era of depth + adjacency. The field isn’t shrinking. It’s stratifying. Those who stay procedural will compete with automation. Those who build unique, cross-disciplinary capability will design the systems automation depends on. 60% of people look back and wish they had taken the risk. The internal move you’ve been talking yourself out of, the "systems-thinking-learning" you've been delaying, what is it? Drop it in the comments 👇

Times are changing. And if you’re in tech—especially cyber—you can’t afford to sit still. The job market’s uncertain. Opportunities don’t come easy. But here’s one thing I’ve learned: The people who keep learning… keep winning. Right now, I’m focused on leveling up in a few key areas: 🔷 CISSP prep – Not just chasing letters. I’m building a management-level mindset so when those leadership doors open, I’m ready to walk through them. 🔷 Cloud skills – I’m targeting AWS certs like Solutions Architect and Security Specialty because cloud + compliance is where GovTech is headed. 🔷 AI integration – I’ve seen how fast AI is shaking up this space. I’m not running from it—I’m learning how to apply it in cybersecurity and risk work. “Adaptability is about the powerful difference between adapting to cope and adapting to win.” — Max McKeown That quote hits hard because I’m not here just to survive—I’m here to grow and lead. If you’re in this field and serious about your career, ask yourself: What are you doing right now to stay relevant and competitive? Drop it in the comments 👇🏾 Let’s push each other to stay sharp. #RMF #Cybersecurity #GovTech

Cybersecurity job postings are down 26% from their 2022 peak, but the headline number obscures where the cuts are actually landing. The Tier-1 SOC analyst, the security engineer, the DevSecOps specialist are are the roles getting hollowed out. AI handles alert triage now, with 95% accuracy per the vendors. Hiring managers know it, which is why they're not backfilling. Meanwhile, something else is happening on the other side of the ledger. "Head of AI" roles have tripled in five years, with 28% growth in 2023 alone. Job postings mentioning "Responsible AI" went from essentially zero in 2019 to nearly 1% of all AI-related positions by 2025. AI governance roles at mid-to-senior levels pay a median of $158,750 to $273,000, and they're growing at 40%+ annually — not because of hype, but because the EU AI Act, SEC breach reporting requirements, and ISO 42001 carry real penalties for non-compliance. The useful part is that this pivot doesn't require becoming a machine learning engineer. GRC experience, compliance chops, and policy work map cleanly to AI governance. 68% of privacy professionals are already handling AI-related responsibilities, so the adjacency isn't a stretch. The cybersecurity workforce isn't collapsing. The composition is shifting. Entry and mid-level execution roles are being automated and outsourced, while governance and AI risk roles are expanding into exactly the space those jobs used to occupy. #AIGovernance #Cybersecurity #AICompliance

Compliance and risk leadership is changing in real time. You can feel it in every board discussion, every search, every regulatory headline. I’m seeing three trends reshaping the future of compliance and risk leadership. If you’re in the space, these changes are impossible to ignore. 👉 First: AI governance isn’t just a buzzword—it’s a new category of risk. Boards are asking for real frameworks, not just policies. Every exec I speak with is either building or searching for AI governance expertise right now. 👉 Second: Cybersecurity and AML have hit the board agenda. It used to be enough for companies to “do the work.” Now, regulators expect real accountability. That’s driving a hiring push for compliance talent that can actually sit at the table and have a point of view. 👉 Third: Business-minded compliance leaders are rising fast—especially in securities compliance. This isn’t about being the “department of no.” It’s about understanding the business and giving practical, clear guidance. Firms want leaders who can translate the rules into action, not just create more red tape. If you’re leading compliance, audit, or risk today, the expectations are shifting. The market is looking for people who can adapt, own new risks, and help boards make sense of what’s next. Curious if you’re seeing these shifts too—or is something different happening in your world?

The future of cybersecurity is expected to be shaped by several key trends and developments: 1. Increased Use of AI and Machine Learning: AI and machine learning will become more prevalent in cybersecurity for threat detection and response. These technologies can analyze vast amounts of data quickly, identify patterns, and respond to threats in real-time. 2. Zero Trust Security: The zero trust model, which operates on the principle of "never trust, always verify," will become more widely adopted. This approach requires strict identity verification for every person and device attempting to access resources, even if they are within the network perimeter. 3. Quantum Computing Threats and Solutions: As quantum computing technology advances, it poses both a threat and an opportunity for cybersecurity. Quantum computers could potentially break traditional encryption methods, but they could also enable the development of new, more secure encryption techniques. 4. Increased Regulation and Compliance: Governments and regulatory bodies will continue to implement stricter cybersecurity regulations. Organizations will need to ensure compliance with these regulations, leading to increased investment in cybersecurity measures. 5. Growth of IoT and 5G: The proliferation of Internet of Things (IoT) devices and the rollout of 5G networks will expand the attack surface for cyber threats. Security measures will need to adapt to protect these new and interconnected environments. 6. Focus on Privacy: With growing concerns about data privacy, there will be increased emphasis on protecting personal data. Organizations will need to implement robust data protection measures and be transparent about how they handle data. 7. Supply Chain Security: Cyberattacks on supply chains are becoming more common. Ensuring the security of third-party vendors and suppliers will be crucial for organizations to protect themselves from indirect attacks. 8. Human Factor and Security Culture: Despite technological advancements, the human factor remains a significant vulnerability. Organizations will invest more in cybersecurity awareness training and building a strong security culture to mitigate risks posed by human error. 9. Adaptive Security Architectures: Security architectures will become more adaptive, focusing on continuous monitoring and response. This approach allows organizations to detect and respond to threats more dynamically. 10. Cybersecurity as a Board-Level Concern: Cybersecurity will increasingly be seen as a critical business issue rather than just an IT concern. This shift will drive more strategic investment in cybersecurity initiatives and greater involvement from senior leadership. Overall, the future of cybersecurity will involve a combination of advanced technologies, stricter regulations, and a holistic approach to protecting digital assets in an ever-evolving threat landscape.