How  IT Security Workforce is Expanding

How IT Security Workforce is Expanding

Jobs, Semantics Explain Increase in Cybersecurity Employment

By Eric Chabrow, July 10, 2013. Follow Eric @GovInfoSecurity
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
Eric Chabrow

The head of the National Security Agency described former contractor Edward Snowden's job at the NSA as a systems administrator [see NSA Outlines Steps to Reduce Leaks]. But the occupation classification of information security analyst could be more a more fitting depiction of the whistleblower's profession when examining his skill set.

That scenario could explain why just-issued data from the U.S. Labor Department's Bureau of Labor Statistics suggests a sharp rise in the number of professionals who identify themselves as an information security analyst, a catch-all job classification that includes a number of security-related skills.

 As cybersecurity is increasingly seen as a growth field, we may be seeing more individuals self-identifying as cybersecurity types in the interest of job security. 

An Information Security Media Group analysis of the BLS data shows that in just under two years, the number of people who consider themselves information security analysts in the United States increased by 26 percent. The numbers presented here should not be taken as gospel (see explanation below). Although not deemed statistically reliable, BLS employment data have proven to be indicative of workplace trends in the more than 10 years I've been analyzing them.

According to our analysis, about 56,000 individuals described themselves as information security analysts during the 12 months ended June 30, up from 45,000 for the fourth quarter of 2011. The numbers and percentages might not be precise, but there's little doubt that an increase in IT security employment is occurring.

Jobs, Jobs, Jobs

"What is driving the trend is jobs," says former Federal Chief Information Officer Karen Evans, who now heads the U.S. Cyber Challenge, a not-for-profit organization that promotes cybersecurity careers to students.

With awareness of cyberthreats entering the mainstream - think the news surrounding Snowden - and the quest for job security, it's reasonable to imagine that more people would be attracted to careers in information security, or at least calling themselves information security professionals as businesses seek to secure their systems.

"A major part of the increase results from businesses realizing more and more that adequate security is no longer nice to have, but is now an absolute must in today's world," says Hord Tipton, executive director of the IT security certification organization (ISC)2. "Breaches are becoming more expensive daily, more disruptive and therefore more damaging. Loss of our secrets and intellectual property through espionage continues to push us backwards on the technology front, and it is also very embarrassing."

The increase in the IT security workforce also is being driven by semantics. BLS, in its survey, asks respondents to define elements of their jobs. As more professionals describe their work as including more IT security responsibilities, they could be shifted over to the information security analyst category.

"It's people moving away from the category of systems administrator to the category of IT security," says Matthew Kazmierczak, vice president for research and reports for the IT trade group Tech America. "It's not an actual real drop; it's just a definitional shift."

Glimpse of the Future

Franklin Reeder, co-founder of the Center for Internet Security, sees cybersecurity more as an organizational function than a well-defined set of disciplines. "Cybersecurity duties are embedded in a wide variety of jobs, including software development and systems administration," says Reeder, who has researched the IT security profession. "As cybersecurity is increasingly seen as a growth field, we may be seeing more individuals self-identifying as cybersecurity types in the interest of job security."

Toward the end of the decade, BLS will revise its occupation classifications and create several classifications of IT security professionals. To get an idea what those new classifications might look like, check out occupation categories on job boards. Dice.com, for instance, has categories that include network security, security architect and security engineer, as well as broader ones, such as cybersecurity and information security.

The security architect category - an offshoot of what BLS labels computer network architects - has seen a 21 percent year-to-year increase in job postings on Dice.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Morgan Stanley: Insider Stole Data

Financial services company Morgan Stanley has fired an employee who it claims stole account data...

Latest Tweets and Mentions

ARTICLE Morgan Stanley: Insider Stole Data

Financial services company Morgan Stanley has fired an employee who it claims stole account data...

The ISMG Network