The future of cyber security talent is more human than technical

We hear a lot about AI and automation in cyber security, and the conversation usually jumps straight to tools: the latest model, the smartest agent, the dashboard that promises fewer alerts and more answers. Tools matter, as they can free us from repetitive work and surface patterns at speed, but I believe the real shift will come from how people think, not from what they click. The teams that thrive in the next few years will be the ones that combine good judgement, healthy challenge, and inclusive habits with whatever technology they use.

AI will change the work, but people will define the outcomes

Industry research is clear that AI is entering security operations at pace, with threat detection, endpoint security, and task automation among the earliest, common use cases. That changes workflows and skills, but it doesn’t remove the need for human decision‑making or team learning. At the same time, workforce studies show that the bigger risk for many organisations is not headcount alone but specific skills shortages - exactly the kinds of shortages that are solved by focused learning environments and better team practices.

In other words, AI may accelerate what we can do, but people still determine what we should do next.

Thinking styles beat tool lists

When work is ambiguous, the edge comes from cognitive diversity - different ways of processing information and solving problems. Mixed‑thinking teams have been shown to solve unfamiliar problems faster than homogeneous groups, which is exactly the terrain of incident response and threat analysis.

But diverse thinking only translates into performance when teams feel safe enough to share it. Decades of research on psychological safety link a speak‑up climate to better learning and outcomes; the latest guidance also clears up common misconceptions (it’s not about being “nice” or avoiding accountability).

Together, cognitive diversity and psychological safety achieve faster pattern‑spotting, better challenge, and fewer blind spots. No tool does that for you. ‍

How we actually achieve this

In reality, achieving this isn’t complicated; it’s mostly about small habits repeated consistently.

It starts with making different thinking styles visible and valued. When you name the fact that people approach problems differently, they stop trying to “think the right way” and start contributing in a way that reflects their strengths.

Then there’s removing the fear of looking uninformed. Psychological safety grows when leaders admit what they don’t know, treat questions as engagement rather than weakness, and encourage people to raise risks early. We also need to design conversations so more voices are heard, giving people a moment to think before discussing, rotating who leads parts of a meeting, and asking “What are we missing?” to draw out perspectives that might otherwise stay quiet.

And finally, how we learn from mistakes matters. Blameless, specific, forward‑looking reviews show people that honesty is valued more than perfection, and that makes them speak up sooner next time.

Put together, these simple behaviours create a space where people think openly, challenge constructively, and bring their natural strengths to the work; something no tool can replicate.

What the data says about the real gaps

Globally, ISC2’s Workforce Study signals a shift from counting vacant roles to addressing capability: skills shortages (cloud, AI, incident response, identity, and more) now outpace simple staffing concerns. In the UK, government research finds 44% of businesses report basic cyber skills gaps, and incident management gaps have climbed since 2020 - a reminder that team‑level practice and decision‑making matter as much as tooling.

Meanwhile, employers increasingly prize adaptability alongside hands‑on experience; a human capability that helps people keep pace as both threats and AI‑enabled defences evolve.

The human capabilities that will matter most

• Judgement under uncertainty. Tools can surface options; humans weigh trade‑offs, ethics, and context.
• Structured problem‑solving and pattern‑spotting. The ability to frame a problem, test a hypothesis, and communicate the “why” behind an action is core security work, and improves with diverse thinking styles.
• Collaboration in pressure moments. Post‑incident learning requires candour and psychological safety, not blame; that’s how teams actually get better.
• Adaptability and learning agility. With AI shifting the task mix, the most valuable people will be those who can learn, unlearn, and transfer skills quickly - a trend employers already report.

How leaders can make changes

1. ‍Hire for thinking, not just tools.
   • Use work samples and scenario tasks that surface judgement, communication, and problem‑solving. (This also opens the door to talent from non‑linear backgrounds who often bring adaptability and fresh perspective.) ‍
2. Build psychological safety deliberately.
   • Set explicit norms (“we challenge ideas, not people”), ask quieter voices first, and make post‑incident reviews blameless and specific. Expect questions; reward early risk‑raising. ‍
3. Design upskilling that maps to real gaps.
   • Short, focused learning sprints tied to incidents you actually face (especially around incident management, identity, and cloud) close capability gaps faster than tool‑only training. ‍
4. Use AI to augment people, not replace them.
   • Automate the boring parts; invest the saved time in drills, red/blue exercises, and cross‑functional hand‑offs where human coordination is the real bottleneck. ‍
5. Measure what matters.
   • Track time‑to‑competence, decision quality in incidents, and learning behaviours (e.g., how often risk is raised early), not just the number of dashboards in the stack.

A human‑centred future (with better tools)

I’m optimistic about the next phase of cyber security. AI will continue to change the task list, and that can be a good thing. But if we want teams that are resilient, creative, and ethical in how they defend, we have to invest in how people think together. That means diverse minds, a safe environment, and learning that feels practical and possible alongside busy roles.

If you or your organisation are looking to upskill or reskill in a way that supports this human‑centred approach, with focused learning that builds confidence and capability, I'd welcome a chat around the manageable options that actually close the gaps that matter.