Essential cybersecurity skills for today's teams

As the threat landscape evolves, so do the skills cybersecurity professionals need to defend against the latest threats. 

In this article, we break down the security skills your teams need to close gaps, build cyber resilience, and protect your organization.

Learn how AI and quantum are changing the cybersecurity threat landscape, and how you can build a culture of readiness. Get the guide.

As organizations migrate to the cloud and operate in multicloud and hybrid environments, misconfigurations—not zero-day exploits—remain the leading cause of breaches. And with AI reliant on cloud computing, cloud security is no longer a specialist function for today’s security teams. Every security professional must understand how modern infrastructure is built, deployed, and exposed.

This includes core capabilities like:

• Cloud platforms (AWS, Azure, GCP) and shared responsibility models

• Identity and access management (IAM)

• Network segmentation and monitoring

• Infrastructure-as-code (IaC) security

Build cloud security skills with these learning paths:

• Cloud Security

• AZ-500 Microsoft Azure Security Technologies

• Google Cloud Professional Security Engineer

• AWS Certified Security – Specialty (SCS-C02)

Perimeter security models with firewalls and intrusion detection are no longer enough to mitigate threats. Identity is now the primary control plane, and organizations need perimeterless security, or zero trust. 

With a zero trust approach, you treat everyone and everything inside or outside of your organization as a potential threat. This involves following the principle of least privilege, enabling multi-factor authentication (MFA), and conducting continuous monitoring and validation.

Security teams need to know:

• Zero trust architecture and principles

• Identity governance and privileged access management

• Continuous authentication and authorization

• Device access control and authorization

Develop a zero trust mindset with cybersecurity training that includes these learning paths:

• Zero Trust Security (ZTS)

• Identity and Access Management (IAM) Tools and Techniques

If you only consider cybersecurity best practices after code ships, your security team will become overwhelmed trying to fix a range of costly vulnerabilities later down the line. Instead, integrate secure coding principles and DevSecOps best practices into the software development lifecycle from the very beginning.

DevSecOps brings development, security, and operations together, reducing risk and improving efficiency by building security into the development workflow. Adopting a DevSecOps model involves close collaboration between engineers and security teams, as well as familiarity with:

• Secure coding principles

• OWASP top 10 vulnerabilities

• CI/CD pipeline security

• Threat modeling and code scanning

Consider these learning paths to build DevSecOps skills:

• The OWASP Top 10

• Secure Coding Using OWASP Top 10

• Fundamentals of DevSecOps

• Secure Coding

From phishing attacks and AI hallucinations to data poisoning, prompt injection, and supply chain risks, AI has led to a host of new threats and vulnerabilities. Organizations now need to defend against AI-augmented attackers, use AI for better defense, and secure their own AI and agentic systems.

As a result, AI and data security is now critical for every security professional to assess risk to their organization’s own use of AI, identify areas where they can use AI to outpace attackers, and maintain situational awareness of how attackers use AI.

To do that, they’ll need to build skills in:

• AI architecture and the AI attack surface

• Threat intelligence

• AI risk and governance

• Threat detection and modeling

• Incident response automation

• Log analysis

And it’s not just security professionals. Everyone in your organization is likely using AI tools in some capacity. Because of this, they all need cybersecurity training and should understand how to use AI securely and responsibly. This includes:

• How AI works

• Deepfakes

• Hallucinations

• AI-powered social engineering attacks

Check out these learning paths for security teams to build relevant AI and data skills:

• Generative AI for Security Professionals

• AI-based Threat Detection

• Breaking News: CVEs and Hot Takes

Not a cybersecurity professional? Build AI literacy with these courses:

• AI & Generative AI Explained

• Generative AI Techniques for Social Engineering

While AI can be a powerful way to automate things like threat detection and incident response, you still need a human in or on the loop. Soft skills are just as critical as technical skills to properly assess risk, relate security to business goals, and train people outside the security organization.

In the quantum and AI era, soft skills will continue to be important, including:

• Critical thinking 

• Cross-functional communication

• Translating risk to business leaders

• Adaptability and decision-making under pressure

Enhance key soft skills with these courses:

• Critical Thinking and Problem Solving

• Communication Skills for Technologists

• Professional Development Skills

AI threats and quantum challenges call for a new cybersecurity skills stack. Focus on filling your existing skills gaps, and then proactively start building new skills to prepare for future threats and vulnerabilities.

Learn how to close cybersecurity skills gaps and build your organization’s cyber resilience. Get the guide.

Build your team’s security readiness and prepare them to detect, defend against, and respond to real-world threats. Learn more about Pluralsight Secure Ready.