Could you build a future-proofed career in cybersecurity?

As we continue to digitise more aspects of our work and personal lives, the threat landscape is growing alongside the digital one. Governments, organisations, and individuals are facing an ever-increasing need to protect their data and systems. 

Everything has a silver lining; and the critical relevance of cybersecurity for our future means that as an industry, it offers long-term career opportunities. 

This doesn’t necessarily mean job security in a traditional sense, because the industry changes fast; and it’s very normal in cyber for people to move companies several times throughout their career. Instead, we’re talking about an industry that’s adapting so rapidly that there will always be new problems to solve, tools to build, and roles to fill. 

We’re tapping into the expertise of Kirsten Davies (Founder of Institute for Cyber; three-times Fortune 500 CISO) and Umer Khan (CIO and Senior VP of Software Engineering at Relativity Space), who shared their views on where cybersecurity is heading in the next five years. 

Their insights tell us that cybersecurity is a sector brimming with future-proofed opportunities for curious, dedicated talent. 

Human risk is the new perimeter 

One of the biggest shifts we’re seeing in the industry is a move away from traditional awareness training. Those once-a-year e-learning modules that most employees only click through if they really have to (and when they do, they don’t really pay attention anyway). 

Davies thinks the industry is finally ready to let go of that outdated model:

“There’s a significant shift away from traditional awareness and training and toward Human Risk Management,” she said. “Even being a multi-time CISO, I’ve been long-tired of the annual cybersecurity training rollout.”

Davies sees real promise in companies that integrate cybersecurity awareness into employees' day-to-day work. She mentioned a few names to watch, including Living Security, ThinkCyber, Abnormal Security and Drip7. 

“Many of these HRM companies are also effectively leveraging AI in the background in order to ‘get ahead’ of inadvertent risky behavior by an employee. And these solutions, when used appropriately and communicated effectively, are actually being welcomed by works councils and labour unions (approvals from which are no small feat!).”

Why does this matter for your career? Because as companies continue to invest in proactive, intelligent training and behavioural tools, they’ll need people who can build, manage, implement and improve these systems. Whether you’re into behavioural science, AI, data analytics or employee education – there’s space for you in cybersecurity.

Compliance is getting an automation upgrade 

Another area Davies is excited about is compliance reporting. “I have high hopes that within the next few years, the days of hundreds of management hours being spent every quarter on building compliance reports for internal and external audits will be long gone.”

That’s not just wishful thinking. Automation in compliance reporting is already on the rise, and it’s solving a massive pain point for organisations. The time and resources currently spent on regulatory tasks can be redirected toward strategy, innovation, and by extension, better security. 

This trend is opening up new career paths in automation, AI integration, regulatory tech (RegTech), and cybersecurity consulting. If you can help businesses streamline and scale their compliance work, you’re instantly valuable.

Cybersecurity teams are being rebuilt from the ground up

For Khan, the coming five years will bring a deep structural change in how organisations build and manage cybersecurity teams. And it all stems from increasing complexity.

“Many environments now encompass on-premise and multi-cloud environments, operational technology (AI), heterogenous tech stacks, and a need to implement security at each layer of the application and infrastructure, as well as at the system level,” he said.

In short, a one-size-fits-all approach to security just doesn’t work anymore. Centralised security teams are still needed, but they need to evolve – because they “cannot possibly possess the granular knowledge necessary to secure such a diverse ecosystem effectively while staying ahead of rapidly evolving threats.” 

So they need to “work in concert with distributed cybersecurity subject matter experts (SMEs) embedded within individual teams.”

In this new model, security is no longer a department – it’s a capability that touches every part of the business. That means cybersecurity professionals will be needed not just in specialist teams, but everywhere: product, engineering, operations, and even HR.

If you’ve ever felt like cybersecurity is only for ‘tech people,’ this change is good news. Because in a diversified security future, everyone is needed – from the generalist with solid communication skills to the deep specialist in cloud systems, and the strategist who understands how to get teams to work together across silos. 

Cybersecurity has a bright (and long) future

The thing that ties all these trends together is longevity. The need for robust security is only going to grow; it’s a critical industry in its own right. 

As Khan put it, “This combination of centralised and decentralised security will ensure organisations can scale their defences without compromising depth or breadth. It will transform security from a siloed function into a distributed capability embedded throughout the enterprise, enabling faster, more contextual responses to threats while maintaining a cohesive overall security strategy.”

So for every practitioner, whether you’re just starting out or you’ve been working in the industry for years already, cybersecurity is a space that rewards curiosity, adaptability, and problem-solving. The threats will change; but the need for talented, forward-thinking people will remain constant.