Tech Show London brought together security, cloud and technology leaders to discuss how organisations are responding to evolving threats, new tooling and increasing pressure on security teams.
From a hiring perspective, the conversations reinforced how closely technical decisions, risk ownership and people strategy are now linked.
Below are the five themes that stood out most to me from the Cloud & Cyber Security Expo.
Charlotte Christensen and James Curtis of Montash at Tech Show London
“The strongest hiring conversations I heard didn’t start with job descriptions. They started with clarity around risk, accountability and why the role existed now.”
Across multiple sessions, it was clear that CISOs still needed to fight for budget. Investment is rarely secured without linking security to business value and operational impact.
Several speakers emphasised that security must be part of the fabric of the business, not positioned as a cost centre. Only a small percentage of organisations can clearly articulate ROI in security, which makes hiring harder when value is unclear.
When roles are designed around defined risk and measurable outcomes, rather than inherited templates, it becomes easier to justify headcount and easier to hire with intent.
The Path of Least Resistance
“AI is clearly supporting security teams, but the expectation that it replaces human judgement doesn’t match what’s happening in practice.”
AI-driven monitoring, automated threat hunting and agent-based detection were recurring themes. Sessions on data exfiltration and AI-assisted hunting showed how AI agents can collect evidence and initiate investigations once thresholds are met.
Even so, humans remain accountable. AI can reduce cognitive load and speed up analysis, but it does not replace final decision-making. In practice, analysts are still the authority in advanced workflows.
For hiring, this shifts the emphasis toward critical thinking, accountability and the ability to operate alongside automation. Knowing the tools is important, but being able to apply judgement in real situations matters more.
“Identity came up repeatedly as both a technical and organisational challenge, not just a tooling problem.”
Attackers increasingly target non-human identities, machine accounts and suppliers. Several speakers noted that breaches often no longer require forced entry; weak identity governance can be enough.
Organisations still struggle with visibility, particularly across cloud, hybrid and multi-tenant environments. You cannot secure what you cannot see.
Identity roles therefore require more than configuration expertise. They call for an understanding of governance, cross-team ownership and how identity decisions affect operational resilience. That complexity is shaping hiring priorities across both cloud and cyber teams.
“The most effective security strategies I heard about were rooted in how teams work together, not just the technology they use.”
Security does not operate in isolation from finance, legal, engineering or leadership. Yet many organisations continue to struggle with siloed communication and unclear escalation paths.
Speakers repeatedly warned against the illusion of compliance. Box-ticking can create comfort, but it does not build resilience.
Psychological safety also surfaced as a practical concern. People need to feel able to raise concerns, question decisions and report incidents without fear of blame. In several examples shared, issues escalated not because tools failed, but because someone hesitated to speak up.
For hiring leaders, cultural alignment is not a secondary consideration. It directly affects how security teams operate day to day.
The Quantum Trust Framework
“Many of the hiring challenges discussed could be traced back to roles being defined too broadly, rather than too narrowly.”
Cloud adoption has lowered infrastructure barriers and enabled rapid growth, particularly for start-ups. It has also expanded digital footprints and supply chain exposure.
Attack surfaces now stretch across cloud environments, third-party suppliers, open-source dependencies, human behaviour and AI systems.
Speakers emphasised that reconnaissance, supply chain visibility and continuous monitoring are now baseline requirements.
In this environment, hiring works best when scope and outcomes are clearly defined, rather than expanded through broader requirement lists.
The takeaway from Tech Show London was not that organisations need more tools. It was that they needed sharper alignment between strategy, culture and capability.
Hiring managers who define:
…are better placed to build resilient teams.
The cyber skills shortage remains real. But many hiring challenges stem from role clarity, organisational structure and internal alignment.
When those improve, hiring becomes more focused and more effective.
The Business of Cyber, Risk, Assurance and Readiness
Many of these themes surfaced again at our recent Please Don’t Hack Me event in Dresden, where leaders discussed AI security, identity risk, governance and real-world incident response.
The consistent thread was that security culture, ownership and decision-making matter as much as technical capability.
Clearer understanding of how security operates day to day leads to clearer roles and more grounded hiring conversations.
You can read the full recap from the latest Please Don’t Hack Me event here.
Big smiles from Team Montash
Many of these discussions will already feel familiar because they’re the same questions many teams are now working through as they reassess security roles and priorities.
If you’d like to talk through your current security hiring plans, you can book a chat with us to get a second view on role design, priorities and building a sustainable cyber talent pipeline.