The cybersecurity space undergoes seemingly constant change. Threats are evolving. Technology is progressing. Yet, one topic that is sometimes left out of the conversation is how cybersecurity talent is changing — or how it must adapt if it hasn’t already.
It’s only natural that to keep pace with emerging threats and technologies, talent must also adjust. But what skills should they focus on? And why are traditional skill-building strategies often missing the mark?
Here, Security magazine talks with Ha Hoang, CIO of Commvault, about how the modern cybersecurity talent landscape is shaping how the industry works.
Security magazine: Tell us about your background and experience within the security industry.
Hoang: My background sits at the intersection of enterprise IT, data protection, and cybersecurity. I’ve spent much of my career working with CIOs and CISOs on resilience — how organizations protect, recover, and govern their most critical data in the face of cyber threats, outages, and operational risk. Today, as CIO at Commvault, I see security not as a standalone function, but as a core business capability. My experience spans modernizing IT environments, integrating security into cloud and AI initiatives, and ensuring that resilience and recovery are designed in from the start rather than bolted on after an incident.
Security: What roles and skills are in greater demand in the cybersecurity industry today?
Hoang:
We’re seeing strong demand for hybrid skill sets rather than narrowly defined roles. Security leaders are looking for professionals who combine core security fundamentals with fluency in automation, cloud platforms, and data governance. In particular, roles that bridge security and operations, such as security engineers with automation expertise, cyber resilience architects, and professionals who understand both incident response and recovery, are increasingly critical. Just as important are skills in risk analysis, systems thinking, and the ability to translate technical risk into business impact.
Security: Why are traditional upskilling strategies falling short?
Hoang:
Traditional upskilling often assumes linear career paths and static roles, but cybersecurity doesn’t work that way anymore. Many programs focus on certifications or point skills without addressing how fast the threat landscape and tooling are evolving. Another challenge is that upskilling is frequently treated as an isolated HR initiative rather than something embedded into day-to-day operations. The most effective learning today happens through real-world exposure — automating workflows, responding to incidents, and working across IT, security, and data teams, not just classroom training.
Security: Is AI reshaping cybersecurity talent needs, and if so, how?
Hoang:
Absolutely. AI is changing both what defenders need to do and how they do it. On one hand, AI-driven tools are automating tasks like detection, correlation, and response. On the other hand, they’re introducing new risks around data integrity, model governance, and attack surfaces. As a result, cybersecurity talent needs are shifting toward people who can supervise and validate AI-driven systems, understand how models make decisions, and govern data pipelines securely. The future security professionals won’t just react to alerts; they’ll design systems that are resilient, explainable, and trustworthy by default.
Security: Is there anything we haven’t discussed that you’d like to add?
Hoang:
One important point is that closing the cybersecurity talent gap isn’t just about hiring more people — it’s about changing how we work. Organizations that invest in automation, resilience-by-design, and cross-functional collaboration reduce burnout and make better use of the talent they already have. Cybersecurity will always require human judgment, but the teams that succeed will be the ones that pair that judgment with smarter platforms, clearer governance, and a culture of continuous learning.
https://www.securitymagazine.com/articles/102130-why-traditional-upskilling-strategies-fall-short-in-cybersecurity