Now more than ever, employers in virtually every industry want—and need—to hire cybersecurity professionals. Organizations require their skills to help keep sensitive data and systems safe from malicious hackers, defend an ever-expanding security perimeter, and comply with increasingly stringent regulatory mandates related to data security and privacy.Security underpins nearly every technology project, from modernization and digital transformation to building automated, cloud-based, data-driven workplaces that support distributed teams. That is likely why tech leaders cited security of IT systems and information as their top priority for 2025 in Robert Half’s Building Future-Forward Tech Teams report. And they are under increasing pressure to assemble and maintain a deep bench of IT security expertise.Like many specialized technology roles, cybersecurity experts are in high demand but short supply in today’s hiring market. To bring in the security skills and experience they need, many organizations are turning to contract talent. According to Robert Half research, 61% of technology leaders said they are hiring contract professionals to support IT security projects in the last six months of 2025. And when hiring for permanent positions, technology leaders recognize they have to offer competitive compensation to recruit skilled talent—52% are willing to raise starting salaries for professionals with cybersecurity skills.
Skills and roles to prioritize when hiring cybersecurity professionals
Tech leaders face a persistent cybersecurity skills gap. Upskilling and professional development are essential, but growing talent from within takes time and may not solve urgent needs. Stay alert for strong candidates entering the market, especially those with hands-on experience in:Cloud securityAutomationProgramming (e.g., Python, PowerShell)Identity and access management (IAM) and Zero Trust principlesThreat detection and responseHiring all or some of the five specialists described below to build out your cybersecurity team ensures critical risks are owned, monitored and mitigated across the enterprise. This list includes an overview of the typical responsibilities and valued skills and certifications for each role, along with an example of a must-ask interview question to pose to job candidates.
Systems security manager
When you recruit a systems security manager, also commonly referred to as a cybersecurity manager, you’re hiring someone to orchestrate your company’s information security measures. That includes overseeing the creation of IT security infrastructure, implementing policies and best practices, managing security audits and vulnerability and threat assessments, and preventing and detecting intrusion. Information systems security managers are also often tasked with developing strategies to improve the reliability and security of IT projects, including software development..For this role, you’ll want to look for a candidate who has a strong technical background in systems and network security and at least five years of experience. Solid interpersonal and communication skills and leadership abilities are important to succeed in this role, as are standout analytical and problem-solving skills. This person should be well-prepared to manage a varied team of IT professionals that includes security administrators, architects, analysts and engineers.IT security and other credentials to look for: Certified Information Systems Security Professional (CISSP), CompTIA Security+, Certified Information Security Manager (CISM), GIAC Management and Leadership Certifications, CCSP (Certified Cloud Security Professional)Must-ask interview question and why:Describe your experience with incident response management and disaster recovery planning.Many companies look to their systems security managers to help develop IT disaster recovery plans for critical systems so they can ensure business continuity and minimize damage and loss. This question is essential to gauge a candidate’s readiness for emergency situations that disrupt operations, from ransomware attacks to natural disasters.
Security architect
A security architect’s job is to design, build and implement security systems, finding ways to stay one step ahead of all digital threats to the company’s network, from hackers and viruses to malware. A security architect can, essentially, evaluate your IT security infrastructure and recommend where and how to make improvements without compromising your business systems’ performance.Security architects can perform testing to detect and monitor suspicious activity and analyze threats to help your business improve its IT security approach and reduce the risk of future attacks. Security architects are always thinking about future requirements and stay informed about relevant regulations that impact IT security. These cybersecurity professionals need strong interpersonal, leadership and change management skills, as they often collaborate with stakeholders from other departments. They may supervise staff and work with other teams, as well, to help meet strategic IT goals such as migrating to the cloud or building mobile applications.IT security and other credentials to look for: Certified Ethical Hacker (CEH), CISM, CISSP, OSCP (Offensive Security Certified Professional)Must-ask interview question and why:What methods do you use to proactively identify and address vulnerabilities across on-premise, cloud and hybrid environments?A candidate is likely to respond immediately with “penetration testing,” as that’s the go-to testing method for most organizations. But you’re better off hiring a security architect who is also willing to take a creative approach to uncover potential security faults. So, listen closely to candidates who mention other methods, such as using packet analyzers or “sniffers” to intercept and log network traffic to identify threats or engaging in ethical hacking to bypass system security and search for vulnerabilities.
Read the reportWant to learn more about current hiring trends in technology and cybersecurity? Explore Robert Half’s Building Future-Forward Tech Teams for the latest insights.
Data security analyst
A data security analyst will be on the front line in protecting your company’s systems and networks from malicious hackers and other threats that work to steal or compromise critical data. These pros need to bring a thorough understanding of all aspects of computer and network security to their job, including firewall administration, encryption technologies and network protocols.Companies look to data security analysts to handle critical tasks such as performing security audits, risk assessments and analyses; researching IT security incidents and addressing security weaknesses; and developing IT security policies and procedures. Look for candidates who have at least three years of experience and are self-motivated, analytical problem-solvers with strong communication skills.IT security and other credentials to look for: CISA, CISSP, Systems Security Certified Practitioner (SSCP), CompTIA Cybersecurity Analyst (CySA+)Must-ask interview question and why:What are some current trends in data security, and how might they impact our industry over the next 12–18 months?You will want to hire a data security analyst who closely follows industry security trends and developments. This question tests industry knowledge and allows interviewees to demonstrate their commitment to and passion for their profession. An answer to this question might include details about current data protection regulations that impact your industry, or how emerging technologies like artificial intelligence create new data security challenges for businesses.
Cybersecurity engineer
Cybersecurity engineers implement, maintain and monitor security measures to protect an organization’s networks and systems from attack. They combine offensive and defensive tactics to anticipate and mitigate vulnerabilities and stay on top of evolving threats, technologies, and compliance requirements. These professionals often collaborate with IT teams, management and other stakeholders to ensure security strategies align with business objectives.Cybersecurity professionals in this role typically investigate security breaches and can lead incident response efforts, as well as manage penetration testing exercises and work with automated testing tools. Look for a candidate who is proficient in security technology, has experience responding to and analyzing incidents, and has a deep understanding of the nature of cybersecurity threats.IT security and other credentials to look for: CEH, CISSP, CompTIA Security+, OSCPMust-ask interview question and why:How have you responded to a significant security incident in the past, and what did you learn from the experience?A cybersecurity engineer’s answer should be able to provide clear details on the incident and the key actions they took in response. For example, what process did they follow and what cross-functional teams did they work with? How did they communicate the incident to stakeholders? You want a cybersecurity engineer on your IT security team who understands the wider business impact of an incident. Aside from system downtime and data loss, strong answers may mention brand and reputation damage, regulatory exposure and financial loss.
Systems security administrator
The exact job description for a systems security administrator will depend on the size of the organization. If these professionals are hired to help manage cybersecurity for small business operations or midsize companies, for example, they may have a blended role that includes systems administrator duties and software and networking hardware management. In larger organizations, a systems security administrator is more likely to focus solely on security, including configuring security policies for services vital to the business, such as email systems, file sharing services, collaboration tools, server(less) workloads and identity solutions.In either case, cybersecurity pros who hold the systems security administrator title are responsible for helping companies define best practices for IT security and coordinate penetration testing to identify vulnerabilities. Candidates for this position should ideally have experience in networking. You may also want to specify in the job description that applicants should possess excellent knowledge of TCP/IP (standard internet communications protocols), routing and switching, network protocols, firewalls, and intrusion prevention.IT security and other credentials to look for: Cisco Certified Network Associate (CCNA) Security, CompTIA Security+, CISSP, CEHMust-ask interview question and why:What is the difference between IDS and IPS?An IDS, or intrusion detection system, monitors for intrusions and sends an alert when it detects suspicious activity. Preventing the intrusion requires administrators to take direct action. Meanwhile, an IPS, or intrusion prevention system, is a control system: It detects intrusions and responds in real time to prevent them from reaching targeted systems and networks. An experienced systems security administrator can quickly explain that while these two systems may use the same methods for monitoring and detecting intrusions, they respond differently to these events.
Build a well-rounded cybersecurity team for end-to-end protection
A balanced mix of cybersecurity specialists strengthens your organization’s ability to protect data and systems, prevent and respond to attacks, meet compliance mandates, secure remote and hybrid work, modernize your security stack and plan for disaster recovery.If your objective is to strengthen enterprise security, you may need to consider staffing all of these roles. For small and midsize organizations, a few targeted hires can close the most critical gaps. Engaging a mix of permanent and contract professionals through a talent solutions firm like Robert Half is another way to secure IT expertise for your business, especially if you only need to tap specialized skills for the short term.
