Another Quarter of InfoSec Joblessness?Data, Though Not Official, Show Unemployment Rise
For the past few years, this blog has reported virtually no unemployment among IT security professionals. But for the last quarter of 2012 - reflecting statistics provided by the U.S. Labor Department's Bureau of Labor Statistics - evidence first surfaced that the IT security profession isn't immune from joblessness [see 3% Unemployment Among InfoSec Pros?]. That trend continued into the first quarter of 2013.
See Also: You've Got BEC!
Data made available by BLS on April 5 show an unemployment rate of 5.8 percent with an estimated 2,000 out of 34,000 IT security professionals out of work. Don't believe those numbers; BLS won't vouch for them.
Because the sample size is so small for any particular job classification [that's why BLS doesn't post them, but makes the data available upon request], economists, including those from BLS, suggest aggregating a year's worth of data, which is the formula I've used to come up with employment numbers and unemployment rates.
InfoSec Jobless Rate under 2%
Annualized, the employment picture for the IT security profession is much brighter than the raw numbers suggest: some 50,300 people living in the United States who consider themselves information security professionals were employed during the first quarter. Another 1,000 were jobless. Add those two figures together and you'll get an IT security workforce of 51,300. Do the math, the unemployed divided into the workforce, and the result is an unemployment rate of 1.95 percent among IT security professionals during the first quarter. Not zero percent, as it was from the first quarter of 2011 through the third quarter of 2012, but a strong number, nonetheless, that economists consider full employment.
How strong is IT security employment? As a comparison, the unemployment rate for all information technology professions (including information security) averaged 3.5 percent last quarter. The analysis of BLS stats shows the overall IT workforce topped 4.4 million in the first quarter, with nearly 4.3 million employed and 155,500 unemployed. All these figures are annualized.
The What Ifs
The increase in unemployment among IT security professionals simply could be a statistical anomaly caused by the minute sample size of the survey of American households conducted for BLS. But experts who follow the IT security profession surmise why joblessness could be on the uptick if the numbers reflect reality.
Alan Paller, research director at the SANS Institute, points out that layoffs by federal system integrators of their Federal Information Security Management Act report writers started in earnest late last summer. "That might be showing up because those laid off are the ones the integrators cannot use in the more technical projects that government is still buying," Paller says.
Information security professionals represent a wide-range of skills, from high-level policy wonks to down-in-the-trenches skilled technologists. Franklin Reeder, a co-founder of the Center for Internet Security, reflects Paller's thinking, speculating that policy-type jobs could be taking a hit as employers use limited resources to hire professionals with hard skills.
Reeder concedes he doesn't have "ground truth" on the current employment environment, but the former White House Office of Management and Budget executive who has studied the IT security profession suspects cautious hiring by government agencies and contractors feeling the pinch of sequestration might be behind a rise in unemployment.
Defining a Profession
The definition of an information security professional is vague because so many different skills make up the field. Technically, BLS labels the occupation category it tracks as information systems analysts; I choose to call it information security professionals because of the broad definition the government gives the occupation:
In the real world, the definition of an information security professional is evolving and growing. "As we move into the future of IT security, we're going to need people in a broader set of skill categories," says Sam Visner, vice president and general manager of services provider CSC Global Cybersecurity. "New cyber eco-systems will take us from mobile devices through the cloud to embedded industrial control systems. We will need people who can define and help build cybersecurity architectures to secure these complex, integrated eco-systems, and those people are going to be difficult to find."
Right Skills, Bright Future
Even if joblessness is on the rise among IT security professionals, the bottom line is that it won't be a significant increase. "I don't see anything but steady demand for qualified information security professionals," says Malcolm Harkins, chief information security and privacy officer at chip-maker Intel.
There are and will be ample job opportunities for professionals, as long as they keep pace with rapidly changing technologies and processes and educators develop programs that meet not just the immediate needs but new ones as well. That's no small task.