4 min read

Hack The Box report reveals the most in-demand defensive cybersecurity skills

From red or blue to red and blue: 60% of security pros now pursue offensive and defensive career paths

Ophie avatar

Sep 12

With cyber-attacks soaring and costs projected to reach $10.5 trillion globally by 2025, new research by Hack The Box has uncovered the most sought-after skills within Security Operations Center (SOC) teams and the evolving role of the modern cybersecurity professional. 

This new report comes as the global shortage of 3.4 million cybersecurity professionals is severely impacting SOC teams. The demand for security analysts alone is estimated to be 150% higher than the average growth projected for all cyber occupations.

The cybersecurity professional is no longer just red or blue 

This talent shortage, coupled with the rise of AI-based threats, is placing mounting pressure on cyber professionals to have the most up to date skills across all areas of security. Historically, cybersecurity roles are categorised as either offensive (red team) or defensive (blue team). However, new research shows almost 60% of professionals are now opting for hybrid careers that combine both offensive and defensive cybersecurity skills.  

The findings show that 3 in 10 cybersecurity professionals are interested in transitioning from blue team careers to red, offensive roles. This demonstrates a blurring of the lines between cyber roles as well as a desire among security professionals to explore different career paths. 

Commenting on this finding, Haris Pylarinos, CEO and Founder at Hack The Box, says, “Our research indicates that modern cybersecurity professionals are increasingly focused on enhancing their expertise in both red and blue areas. This trend could pave the way for the emergence of hybrid cyber professionals, leading to a potential market shift where businesses seek candidates who possess well-rounded cybersecurity skills, rather than red or blue expertise alone."

Cloud security shows no sign of fading 

Contradicting claims of slowed cloud adoption, the report also highlights the continued importance of a solid foundation in cloud security. In fact, almost half (44%) of SOC analysts rank cloud security as the most valuable skill for the next five years. 

Sabastian Hague, Defensive Content Lead at Hack The Box says: “The importance of cloud security is still undeniable. According to Gartner's research, worldwide end-user spending on public cloud services is expected to surge by 20.7% to reach $591.8 billion in 2023, up from $490.3 billion in 2022. So, even with all of the discussion around the rise of new AI threats and the need to upskill there, don’t forget the importance of keeping your cloud skills up to date. It’s critical for businesses and professionals not to lose sight of this with the hype around AI”.

A shift in mindset: handling not preventing cyber threats 

Amid record-high security breaches, defensive cybersecurity professionals consider incident handling (29.5%) the most crucial skill to master. Network traffic and flow analysis, along with server log analysis, ranked second and third, respectively, on the list of essential current skills.

Haris Pylarinos continues, “A big misconception is that containing threats is the main job of a cybersecurity professional. The reality is that successful attacks and breaches are bound to happen. So, the most crucial skill isn't preventing an attack; it’s handling and containing an unexpected incident. It's no surprise that incident handling is the top skill listed by SOC Analysts, but businesses need a mindset shift to ease the burden on security professionals so they don't have to bear the weight of defending every threat. Instead, their expertise shines in how they respond after the incident." 

The need for practical learning 

In the face of increasing demands and emerging pressures on cyber teams, developing new DFIR (Digital Forensics and Incident Response) skills is vital for SOC professionals. When surveyed about their interests in improving DFIR skills, over half (58.4%) of security professionals placed practical machines at the top of their list of preferred ways to learn. In contrast to 5.5% who find blog posts about DFIR useful. This shows that there is a growing need for practical cybersecurity platforms, enabling employees to combat cybercrime effectively. 

Download the full report ‘Developing the modern SOC analyst: a report on 360 upskilling’


This report is based on a survey of 400 active cybersecurity professionals in the Hack The Box (HTB) community. Research was conducted in April 2023. Professionals who identified themselves as being part of or leading a cybersecurity team were surveyed with custom questions related to the future of SOC analyst skills and their learning preferences.  

About Hack The Box: 

Hack The Box is a leading gamified cybersecurity upskilling, certification, and talent assessment platform enabling individuals, businesses, government institutions, and universities to sharpen their offensive and defensive security expertise. Launched in 2017, Hack The Box brings together the largest global cybersecurity community of more than 2m platform members and is on a mission to create and connect cyber-ready humans and organizations through highly engaging hacking experiences that cultivate out-of-the-box thinking. Offering a fully guided and exploratory skills development environment, Hack The Box is the ideal solution for cybersecurity professionals and organizations to continuously enhance their cyber-attack readiness by improving their red, blue, and purple team capabilities. Rapidly growing its international footprint and reach, Hack The Box is headquartered in the UK, with additional offices in Greece and the US. 

For more information, please visit   


Hack The Blog

The latest news and updates, direct from Hack The Box