Cybersecurity Career Report: February 2026

The global cybersecurity workforce gap has hit 4.8 million unfilled positions (ISC2, 2025). Two out of three organizations report active staffing shortages, and roughly 90% say they have skills gaps in their security setup (Programs.com, 2026). Those numbers aren't abstract. They represent open doors for anyone willing to build the right skills.

This month's report puts the spotlight on cloud security, the fastest-growing domain in the field. We break down what employers actually want, which certifications move the needle, and where the threat landscape is creating new career opportunities. Whether you're breaking in or leveling up, this is what the market looks like right now.

For the operational threat brief covering the same period, including ransomware victim data and detection coverage analysis, see our February 2026 Threat Landscape Report.

Get career intelligence like this delivered to your inbox. Subscribe to CyberDesserts for practical security insights, no fluff.

Domain Spotlight: Cloud Security

74% of organizations report an active shortage of cybersecurity talent, and 77% express high concern about the industry-wide skills gap, with shortages especially acute in cloud-specific roles (Cybersecurity Insiders / Fortinet, 2026). Cloud security isn't a niche anymore. It's where the jobs are.

The 2026 State of Cloud Security Report identifies a growing "complexity gap," a structural mismatch between how fast organizations adopt multi-cloud and how quickly they can secure it. That gap is a career opportunity.

What the job actually looks like. At the entry level, you're auditing IAM policies, reviewing CloudTrail logs, and running tools like ScoutSuite against AWS or Azure environments to find misconfigurations. You learn the shared responsibility model cold. Knowing where the provider's job ends and yours begins is the foundation of everything. Tools at this stage: AWS CloudTrail, Azure Security Center, ScoutSuite.

At the mid level, you're implementing Cloud Security Posture Management (CSPM) with tools like Prowler, Checkov, and Trivy. You're securing Kubernetes clusters with Falco, writing infrastructure-as-code security checks, and working cross-functionally with DevOps teams who'd rather you not slow them down. Container security and policy-as-code become daily work.

Senior cloud security engineers design multi-cloud security architectures, build custom automation pipelines, and often run cloud-native SOC operations. You're setting strategy, not just finding misconfigs.

A day in the life (mid-level). Your morning starts with CSPM alerts. Prowler flagged three new publicly accessible S3 buckets overnight. You triage them, file tickets for the DevOps teams, and update the Terraform modules to prevent recurrence. After lunch, you're reviewing Kubernetes network policies for a new microservice deployment, making sure pod-to-pod traffic follows least privilege. You end the day writing Checkov rules to catch IAM policies that are too permissive before they hit production.

Where this path leads. In 3 to 5 years, experienced cloud security engineers move into Cloud Security Architect, Head of Cloud Security, or CISO roles, particularly at cloud-native companies. The demand for people who can bridge security and DevOps is not slowing down. Some move laterally into AI/ML security, since most AI workloads run in cloud environments.

Ask about cloud security career path

Our platform data confirms this demand: "What certifications should I get for cloud security?" was asked 45 times in the last 90 days, the single most common career question our users ask.

Ask about cloud security certifications

Career Paths Overview

Ten security domains, each with a clear progression. The table below maps the key differentiating skill at each level.

Ask about which domain fits me

Top Skills in Demand

Skills demand follows the threat landscape. Our analysis of threat actor profiles shows which attack techniques are most common, and that directly maps to what defenders need to know.

Technical Skills

1. Email Security and Anti-Phishing Phishing is the single most common initial access technique across tracked threat actors. Defenders who understand SPF/DKIM/DMARC configuration, email gateway analysis, and sandboxing address the widest attack surface. Needed in: SOC, incident response, GRC.

2. PowerShell Detection and Script Analysis PowerShell abuse is widespread across tracked threat actors. Detecting malicious PowerShell requires script block logging, Constrained Language Mode enforcement, and AMSI integration. Needed in: SOC, detection engineering, incident response.

3. Cloud Security (IAM, CSPM, Container Security) The fastest-growing skill area by job postings. Tools like Prowler, Checkov, Falco, and Trivy appear consistently in listings. Every major cloud provider now has a dedicated security certification track. Needed in: cloud security, DevSecOps, architecture.

4. Ransomware Detection and Response Data Encrypted for Impact (T1486) and Inhibit System Recovery (T1490) are each used by many tracked threat actors. Practical skills: EDR deployment, backup validation, ransomware-specific IR playbooks. Our threat intel shows Cobalt Strike, Mimikatz, and PsExec appearing across multiple ransomware operations. If you can detect these three tools, you've covered the core lateral movement toolkit.

5. Detection Engineering Writing Sigma rules, building SIEM correlation logic, and automating response workflows. This is the bridge between SOC analysis and security engineering, and it's one of the fastest-growing role titles.

Ask about detection engineering career

Building your security career? Our Cybersecurity Skills Roadmap maps the path from zero to job-ready across all these skill areas.

Soft Skills

Communication across technical and business audiences. GRC professionals present risk to the board. SOC analysts write incident summaries for executives. Cloud security engineers negotiate with DevOps. Every senior role requires this.

Threat modeling and analytical thinking. The ability to reason about adversary behavior, understanding why an attacker would chain phishing (T1566) into PowerShell (T1059.001) into ingress tool transfer (T1105), separates junior from mid-level.

Documentation and process building. IR playbooks, detection rule libraries, security policies. The work that doesn't feel exciting but defines mature security programs.

Emerging Skills

AI/ML Security. The OWASP LLM Top 10 and MITRE ATLAS framework define this space. Prompt injection, model poisoning, and data poisoning are new attack surfaces creating new roles: AI Red Team Specialist, ML Security Engineer, AI Security Architect (Practical DevSecOps, 2026).

Supply Chain Security. SBOM generation, dependency analysis, third-party risk assessment. LinkedIn lists 3,000+ supply chain security jobs in the US alone (LinkedIn, 2026). This is GRC meets software engineering.

Infrastructure as Code (IaC) Security. Checkov, tfsec, and policy-as-code tools. As cloud deployments shift left, security review happens at the pull request, not post-deployment.

Certification Guide

Not all certs are equal. Here's the breakdown mapped to career stage and domain.

Thoughts on cloud certs. If "what certifications should I get for cloud security?" is your question, and it was the #1 question on our platform, start with Security+ as your baseline, then go straight to AWS Security Specialty or AZ-500 depending on which cloud provider your target employer uses. The CySA+ sits in the middle but won't differentiate you the way a cloud-specific cert will.

What about SOC analyst certs? This was our second most-asked question (20 queries in 90 days). Security+ gets you in the door. From there, CySA+ or a GIAC cert like GCIH demonstrates you can do the work, not just pass a multiple-choice exam.

Tools & Technologies by Career Level

Practical tools mapped to where you are in your career. These come from job postings and real-world threat data, not academic wishlists.

Entry Level: Learn These First Nmap, Wireshark, tcpdump for network fundamentals. Splunk or Elastic for SIEM exposure. AWS CloudTrail and Azure Security Center for cloud basics. TryHackMe and LetsDefend for hands-on practice. Pick one cloud provider and learn it well.

Mid Level: What Differentiates You Sigma for detection rules. Prowler and Checkov for cloud posture. Python scripting for automation. If you can automate a manual security process, you stand out. Velociraptor or KAPE for incident response. BloodHound for understanding Active Directory attack paths (it shows up in real ransomware operations, per our threat graph).

Senior Level: What You Build With SOAR platforms for orchestration. Custom Python or Go tooling. CSPM platforms at scale. CI/CD security pipelines. At this level, you're building the systems that mid-level practitioners operate.

Tools from the threat landscape. Our graph data shows these tools across active ransomware operations: Mimikatz, PsExec, AdFind, Cobalt Strike, ShareFinder, AnyDesk, RClone, Metasploit, BloodHound, and ProcDump. Knowing how to detect these in your environment is a practical, resume-worthy skill. Write Sigma rules for them.

Ask about building a home lab

Security Trends Shaping Careers

Five trends directly affecting what security professionals need to know in 2026.

AI/ML Security

AI-driven attacks now account for 16% of all breaches (IBM, 2025). The attack surface is new: prompt injection, model poisoning, data poisoning, and training data extraction. The defense side is just as new, and understaffed.

Emerging roles include AI Red Team Specialist, ML Security Engineer, and AI Security Architect (Practical DevSecOps, 2026). The MITRE ATLAS framework (AML.T0000 to AML.T0006 in our knowledge base) maps AI-specific attack techniques the same way ATT&CK maps traditional ones.

Skills to develop now: Understand the OWASP LLM Top 10. Learn to test LLM applications with tools like Garak. If you have ML experience, you're already ahead of most security practitioners.

ISC2's 2025 study notes that rapid AI adoption is reshaping skills requirements and creating new career opportunities (ISC2, 2025). AI security isn't a future concern. It's a current hiring need.

Cloud Security

The 2026 State of Cloud Security Report from Fortinet and Cybersecurity Insiders reveals the "complexity gap." Organizations are adopting multi-cloud faster than they can secure it. 77% of security leaders express high concern about the cloud skills gap (Cybersecurity Insiders, 2026).

Skills to develop now: Pick AWS or Azure and get certified. Learn Kubernetes security with Falco. Understand CSPM tools (Prowler, Checkov). Infrastructure as Code security is where the field is headed.

Supply Chain Security

Software supply chain attacks are driving demand for professionals who understand SBOMs, dependency management, and third-party risk. Indeed, LinkedIn, and ZipRecruiter collectively show thousands of open supply chain security positions. The role blends GRC knowledge with technical software security skills.

Skills to develop now: Learn SBOM tooling. Understand software composition analysis. If you have a development background, this is a strong entry point into security.

Detection Engineering

Detection engineering is formalizing into its own career track. The role sits between SOC analysis and security engineering: you write detection logic (Sigma rules, SIEM correlations), measure detection coverage against frameworks like ATT&CK, and build automated response workflows.

Our threat data makes the case directly. The top 20 attack techniques by actor usage, from Phishing (T1566) down to Exploitation for Client Execution (T1203), each need specific detection rules. A detection engineer who builds coverage for the top 10 techniques addresses the majority of tracked threat actor activity.

For the full detection gap analysis and technique-by-technique Sigma/YARA coverage, see our Threat Landscape Report.

Skills to develop now: Write Sigma rules. Learn SIEM correlation in Splunk or Elastic. Practice with CyberDefenders blue team challenges.

Zero Trust Architecture

Identity-centric security and microsegmentation aren't buzzwords anymore. They're in job descriptions. Our threat graph shows actors like Storm-1811 targeting cloud accounts directly, and Scattered Spider manipulating conditional access policies. Zero trust skills include IAM policy design, network microsegmentation, and continuous verification architecture.

Skills to develop now: Learn conditional access policies in Azure AD / Entra ID. Understand microsegmentation concepts. Study how real actors bypass identity controls.

Ask about security trends for my career

Getting Started: Advice for Career Switchers

The cybersecurity industry needs people from outside the field. ISC2's 2025 study surveyed a record 16,029 practitioners and found that budget constraints and workload increases are compounding the talent shortage (ISC2, 2025). You're not too late.

First steps, in order:

1. Get Security+ certified. It's the HR filter for most entry-level roles. Budget 2 to 3 months of study. Cost is approximately $400 for the exam.
2. Build a home lab. Install a SIEM (Splunk Free or Elastic), set up a vulnerable VM (TryHackMe, HackTheBox), and practice triaging alerts. Employers want to see you can do the work, not just pass tests.
3. Pick a direction early. Cloud security, SOC analyst, or GRC are the three most accessible entry points. Don't try to learn everything. Pick one and go deep.
4. Use free platforms to build hands-on experience. TryHackMe and LetsDefend offer structured learning paths specifically for career switchers. LetsDefend has a dedicated Career Switch to Cybersecurity path.

Common mistakes to avoid:

Don't start with CISSP. It requires five years of experience and is aimed at management. It won't help you get your first job.

Don't spread yourself across six certification tracks at once. Security+ first, then one specialization cert.

Don't ignore the non-technical roles. There are business, HR, and marketing positions focused on cybersecurity (Infosec Institute, 2026). GRC and security awareness are legitimate, well-paying career paths that don't require deep technical skills.

Not sure where to start building security skills? Try our CyberDesserts Learning Assistant to get personalised guidance on your learning path.

What the salary range looks like. Entry-level cybersecurity positions start around $70,000 annually (Research.com, 2026). The average cybersecurity salary across all levels is $135,969 (Programs.com, 2026). Cybersecurity analysts average $105,001 per year, with the 75th percentile reaching $165,673 (Glassdoor, 2026). Experienced professionals with cloud or AI specializations frequently exceed $120,000 (Research.com, 2026).

Ask about breaking into cybersecurity

Frequently Asked Questions

Do I need a degree to get a cybersecurity job? No. Most hiring managers care about certifications, hands-on skills, and demonstrated ability. A Security+ cert and a portfolio of home lab projects will outweigh a degree in many entry-level interviews. Some government and enterprise roles still list a degree as a requirement.

Which certification should I get first? CompTIA Security+. It's vendor-neutral, widely recognized, and serves as a prerequisite for most other security certifications. If you're specifically targeting cloud security, follow it immediately with AWS Security Specialty or AZ-500.

How long does it take to get hired in cybersecurity? With focused effort, Security+ certification plus consistent lab practice, most career switchers can be competitive for entry-level roles within 6 to 12 months. The timeline compresses if you have adjacent IT experience.

Should I specialize in offensive or defensive security? Defensive roles (SOC analyst, detection engineer, cloud security) have significantly more job openings. Offensive roles (pentester, red team) are fewer but command premium salaries. Start defensive, learn offensive techniques to become a better defender, then specialize if the offensive side appeals to you.

What's the best way to get experience without a job? Build a home lab, complete TryHackMe or HackTheBox challenges, contribute to open-source security tools, and participate in CTF competitions. Document everything on a blog or GitHub. This becomes your portfolio.

Is AI going to replace cybersecurity jobs? No. AI will automate repetitive tasks like initial alert triage, but it increases demand for professionals who can manage, interpret, and secure AI systems (Edept, 2026). AI security itself is creating entirely new job categories.

What certifications are best for cloud security? Start with Security+, then get the cloud provider-specific cert for your target employer: AWS Security Specialty for AWS shops, AZ-500 for Azure environments. The CCSP is an option at the senior level. This was the most-asked question on our platform over the last 90 days.

Summary

The cybersecurity workforce gap stands at 4.8 million unfilled positions globally, and cloud security roles are among the hardest to fill. The threat landscape, with phishing, PowerShell abuse, and ransomware toolkits dominating our tracking of threat actors, directly dictates which defensive skills matter most. For career switchers, the path is clear: Security+ first, then specialize in cloud, detection engineering, or AI security where demand is highest.

For personalized career guidance based on your background and goals, try the CyberDesserts Learning Assistant. For a structured view of skills progression across all domains, see the Cybersecurity Skills Roadmap.

This report gets updated monthly when the threat landscape and job market shift. Subscribers receive notifications when major changes happen, plus practical security career content. No sales pitches, no fluff.

Last updated: February 2026

References and Sources

1. ISC2. (2025). 2025 Cybersecurity Workforce Study. Record 16,029 participants; highlights stagnant wages, workload increases, and AI-driven skills reshaping. Link
2. Cybersecurity Insiders / Fortinet. (2026). 2026 State of Cloud Security Report. Survey of 1,163 senior cybersecurity professionals reveals cloud complexity gap; 74% report talent shortages, 77% cite skills gap concern. Link
3. Programs.com. (2026). Number of Employed Cybersecurity Professionals. 2 in 3 organizations experiencing staffing shortage; 90% have skills gaps. Average cybersecurity salary: $135,969. Link
4. Viva IT. (2026). The Cybersecurity Talent Cliff. Estimated 4.8 million unfilled cybersecurity roles globally. Link
5. CompTIA. (2025). State of Cybersecurity 2025. CyberSeek reports over 514,000 cybersecurity job postings between May 2024 and April 2025. Link
6. Research.com. (2026). 2026 Cybersecurity Careers. Entry-level positions around $70,000; experienced professionals $120,000+. Link
7. Glassdoor. (2026). Cyber Security Analyst Salary. Average $105,001; 75th percentile $165,673. Based on 6,878 salary submissions. Link
8. Practical DevSecOps. (2026). Top 10 Emerging AI Security Roles 2026. ML Security Engineer, AI Security Architect, AI Red Team Specialist among new roles. Link
9. IBM. (2025). Cost of Data Breach Report. AI-driven attacks account for 16% of all breaches. Referenced via CyberDesserts blog.
10. Edept. (2026). Future of Cybersecurity Jobs 2026. AI will automate repetitive tasks but increase demand for skilled specialists. Link
11. LinkedIn. (2026). Supply Chain Security Jobs. 3,000+ supply chain security positions in the United States. Link
12. Infosec Institute. (2026). How to Make a Mid-Career Change to Cybersecurity. Non-technical cybersecurity career paths in business, HR, and marketing. Link
13. CyberDesserts Threat Intelligence. (2026). Threat intelligence covering 900+ tracked threat actors. Internal data.
14. CyberDesserts Platform Analytics. (2026). 386 queries over 90 days; top career question: cloud security certifications (45 queries). Internal data.
15. MITRE. (2024). ATT&CK Framework. Technique and actor data referenced throughout. Link

About This Report

Data sources: CyberDesserts threat intelligence and industry publications.

Report period: January to February 2026. Published February 2026.