5 critical cybersecurity skills gap trends for 2025

Hack The Box (HTB) supports over 1,500 global teams at the frontlines of incident response and security testing. This gives us unique insights into the skills gaps plaguing cybersecurity teams and how they’re adapting to a volatile threat landscape.

While predicting the future isn’t an exact science, we’ve identified five key trends poised to shape cybersecurity in 2025.

These trends highlight the most in-demand skills and actionable steps teams can take to close critical gaps and stay ahead of emerging threats.

Trend #1: Leaders will prioritize hiring for skills over degrees

The first big trend we’re watching in 2025 is that companies and recruiters will place less emphasis on degrees and focus instead on skill-based hiring. 

That is, looking less at college degrees, and more on practical capabilities that job seekers can be tested on or provide portfolios for.

Intelligent.com reported that nearly half (45%) of the 800 US-based companies they surveyed plan to replace their job ads’ Bachelor’s Degree requirements with skill-based ones in an effort to get a more diverse workforce. 

This, paired with a recommendation to seek skill-based applicants from the White House’s National Cyber Director, points to an upcoming shift in how security teams hire talent. 

Based on HTB’s own Cyber Attack Readiness Report (CARR) 2024, we’ve also found that more than 67% of cybersecurity teams use certifications or hands-on labs to benchmark skills, which underscores that more and more security teams are focusing on practical skills and certs over theoretical training and traditional degrees. 

Getting ahead of the trend

If hiring is changing, the best piece of advice for team leads is to start hiring differently. 

Consider running a skills gap assessment to figure out what your team is good at, which skills aren’t represented as heavily, and the skills that your team actually needs. 

After that, find ways to test applicants for those skills, and work those tests into your hiring process—with measurable criteria.

If that feels fairly obvious, it’s because the main shift is in looking less at the university name attached to their degree, or the companies on the applicant’s resume, and instead paying more attention to the skills that candidates bring to the table. 

You may find your perfect fit in the least expected place, and a candidate who doesn’t interview extremely well (in a high-pressure social environment) might blow you away on a technical cybersecurity assessment (a setting in which they have more control).

Trend #2: Blue teams will win more resources to upskill 

Painted against the backdrop of growing attack surfaces and emerging threats, the rising demand for blue teamers to upskill is a trend we've already observed. 

As of November 20, 2024, a total of 35,378 vulnerabilities have been published, marking a 39% increase compared to the same period last year, according to both Statista and Qualys. 

While attack surfaces are growing, the Center for Strategic & International Studies reported that 8 of 10 recruiters find it hard to acquire security professionals with adequate defensive skills. 

Even after onboarding staff with the right skills, blue teamers get less time to train on emerging threats and vulnerabilities to their attack surface when compared to their red counterparts. 

All of this suggests there’s a gap between the skills blue teamers have, and what they need to be the best at their vital jobs. 

Getting ahead of the trend

Enabling a purple team approach to upskilling is a strategic way to tackle the issue of “limited time and resources.”

Forward-thinking companies like Easi already follow this mutually beneficial approach by aligning threat exposure management exercises for blue and red teams. 

First, the security team chooses a Machine that red teamers have compromised. Then, administrator or root accounts are created for the blue team, who must investigate the Machine to find all traces of attacks. 

This synergistic approach keeps blue teams up-to-date on how emerging attacks are being executed, and what they can do to detect and prevent them. 

Trend #3: Demand for Active Directory security specialists will rise

90% of Fortune 1000 companies rely on Active Directory, including businesses in the financial, healthcare, government, and public sectors. 

Keeping up with real-world risks means skills that were once considered “bleeding-edge” can easily be rendered as “expected,” even for junior or entry-level SOCs. One example is basic-intermediate knowledge of defending against AD attacks. 

Years ago, it was considered part of a seasoned SOC professional’s arsenal, but that’s no longer the case. Since AD attacks are common practice among attackers nowadays, today’s junior SOC professionals should be aware of common Active Directory attack vectors and how to detect them. 

In December 2024, HTB announced the Certified Active Directory Pentesting Expert (HTB CAPE) certification, in response to what we identified as a gap in the market. 

Based on the high availability of AD services, and the knowledge gap in securing AD, we're confident that 2025 will see a new wave of security specialists on the market with exceptional skills in both defending and testing AD networks. 

Getting ahead of the trend

As with some of the other trends, doing some research or training really is one of the best places for your teams to start. Schedule time for them to build a foundational knowledge of AD attacks.

Master Active Directory security with HTB CAPE 

Enable skills for securing complex Active Directory environments. Access advanced techniques such as identifying hidden attack paths, chaining vulnerabilities, evading defenses, and professionally reporting security gaps.

Through hands-on demonstrations of real-world network vulnerabilities and misconfigurations, candidates gain practical skills to tackle modern network security challenges.

Get your team certified

Trend #4: Teams will prep for advanced, AI-enabled attacks

Cybersecurity teams face new risks as artificial intelligence (AI) becomes increasingly embedded in web apps and product offerings. 

While AI can bring efficiency and innovation, its adoption comes with vulnerabilities. 60% of security professionals fear AI will be used for sophisticated attacks. Additionally, 60% of breaches are linked to mismanaged permissions, AppSec, and social engineering. 

Because AI-powered applications are designed to mimic human speech patterns, they can be vulnerable to both prompt injection vulnerabilities and used by adversaries to craft advanced social engineering-style attacks—like the weaponization of deepfakes and convincing personalized email scams that evade email filters. 

Getting ahead of the trend

The best way to start preparing your teams to catch the proverbial wave is by deepening everyone’s knowledge of AI and web application security. Encourage your teams to read up on vulnerability trends, practice App testing, and get familiar with AI vulnerabilities and AppSec frameworks. 

Here are a handful of places for teams to start:

• OWASP’s top ten list for Gen AI & LLMs.

• HTB Dedicated Labs AI track.

• HTB web application security challenges.

• HTB Academy Fundamentals of AI Course.  

Trend #5: An emphasis on “heavy metal” ICS security 

38% of attacks against Industrial Control System (ICS) assets come from an IT foothold. With the increasing convergence of IT and Industrial Control Systems (ICS), the line between traditional IT security and operational technology (OT) security is blurring. 

This interconnectedness expands the attack surface, making it easier for adversaries to breach ICS assets through IT entry points. That’s why in 2024, we paired with Dragos, a leading ICS/OT cybersecurity technology and solution provider, to release the Alchemy Lab focusing on ICS security. 

Getting ahead of the trend

While ICS pentesting is an emerging field, there is already a wealth of resources available to anyone who’s looking to get more involved. For teams interested in testing & securing ICS assets, HTB’s Alchemy Lab allows participants to compromise a simulated industrial production facility. 

We suggest teams start by reading some of the foundational ICS pentesting materials. This includes the Lockheed-Martin Cyber Kill Chain whitepaper, SANS 5 Critical ICS Controls, ControlThings.io, and checking out classes taught by Justin Searle. 

Proactive development is key to high-performance security

Professional development won’t happen unless leaders actively prioritize it. 

Day-to-day demands can easily overshadow upskilling initiatives, but if you want to future-proof your team in 2025, carving out dedicated time for training is essential.

Building a culture of continuous upskilling isn’t just about giving your team access to resources—it’s about fostering an environment where learning is part of the workflow. 

High-performance security teams go beyond merely reacting to threats; they proactively improve their skills, stay ahead of emerging trends, and enhance their cyber performance through regular, hands-on practice.

So, whether you're a security leader looking to refine your team’s focus, or a professional seeking to elevate your own expertise, the path forward is clear: 

Invest in consistent, targeted upskilling, and be ready to lead the charge in cybersecurity's next evolution.