The Public Eye with Eric Chabrow

CISO Trainings , Governance & Risk Management , Training & Security Leadership

America's IT Security Workforce Tops 100,000 for First Time

Workforce Size More Than Doubles in 5½ Years
America's IT Security Workforce Tops 100,000 for First Time

The workforce of information security analysts in the United States has topped 100,000 for the first time, more than doubling since the Department of Labor's Bureau of Labor Statistics began publishing full-year statistics for the occupation category in 2012.

The IT security analyst workforce reached an annualized 104,800 for the second quarter of 2017, up from an annualized 45,000 from the first quarter of 2012, the first time BLS published data for what was then the new occupation category labeled information security analysts, according to an Information Security Media Group analysis of Labor Department data. That's an increase of 133 percent over that past 5½ years.

A year ago, the annualized information security analysts workforce stood at 80,500. In the past four quarters, the workforce soared by 24,300, a 30 percent increase.

Source: ISMG analysis of Bureau of Labor Statistics data

The data suggests that more individuals saw employment opportunities in information security occupations and began seeking jobs in the field. "Some of this is doubtless real - recognition, finally, that investing in cybersecurity is critical to managing organizational risk," says Franklin Reeder, co-founder and director at the Center for Internet Security, which manages the Multi-State Information Sharing and Analysis Center. "Much of the increase, however, may be an attribution game. Individuals who may have had other job titles now are called, or call themselves, information security analysts, because it is sexier and pays more."

Each month, the Census Bureau surveys about 60,000 households for BLS, the same survey used to produce the monthly unemployment rate. Survey takers interviewing households ask respondents characteristics about their jobs and then determine their appropriate occupation category.

Suspiciously High Unemployment

Based on the latest monthly surveys, the unemployment rate among IT security analysts has soared to a record - and suspicious - 6 percent in the second quarter of 2017, according to our analysis, uncharacteristically high for the IT security field. But economists point out that as an occupation gains popularity, more people seek jobs in their new field, reflecting higher unemployment until they find employment in that field. Over the years, our analysis shows the IT security analysts' unemployment rate rarely tops 3 percent; often it's lower.

Keep in mind, because of the relatively small size of the IT security analyst workforce, the data for this occupation classification isn't considered statistically reliable, and that's why the bureau does not publish the quarterly occupation figures on the BLS.gov website, although it makes them available upon request. To boost the statistics' reliability, BLS economists recommend annualizing each quarter's data by adding the four last quarters' numbers and dividing the total by four. That's the process we follow.

Statistical Anomaly?

The past quarter's jobless rate of 6 percent is more likely a statistical anomaly, says Larry Clinton, president of the trade group Internet Security Alliance.

"Full employment is generally considered around 4 percent [unemployed], so I wouldn't put too much stock in 6 percent number given the small sample size," Clinton says. "What I am seeing in the field is a substantial demand with organizations poaching cyber professionals, which could result in some short-term unemployment. I think any suggestion that the cybersecurity market is in any way saturated would be extremely premature."

Among the 840 detailed occupation categories BLS tracks, information security analyst is the only one that specifies IT security in its description. BLS defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. They may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses.

Many other occupations inside and outside the computer field, however, include IT security as part of their responsibilities. Those include computer network architect, software developers and network administrators. Here's our latest calculation of the workforce size of all BLS computer occupations:

Computer Occupations Workforce

Second quarter, 2017

Occupations Size
Computer and information systems managers 630,800
Computer and information research scientists 24,300
Computer systems analysts 551,800
Information security analysts 104,800
Computer programmers 475,000
Software developers, applications and systems software 1,536,000
Web developers 228,300
Computer support specialists 561,800
Database administrators 86,800
Network and computer systems administrators 220,800
Computer network architects 104,000
Computer occupations, all other 653,500
Total 5,177,500
Source: ISMG analysis of U.S. Bureau of Labor Statistics

Why do we report this information if the statistics are unreliable? The BLS stats are the only data available that describe the size of the IT security workforce in the United States. Our thinking: We'll provide you with the available data, with all the caveats that go with them, and let you decide their merits.

I've been conducting such analysis since the beginning of the century - even before I joined ISMG - and have found BLS data to fairly reflect employment trends in IT and IT security over the years. Still, from one quarter to another, anomalies surface in the data, but over the course of quarters and years, they tend to even out.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.