CISO Trainings , Governance & Risk Management , Training & Security Leadership
Big Year-to-Year Jump in InfoSec Workforce
Demand for IT Security Pros Reflected in BLS NumbersThe size of the information security analyst workforce in the United States rose by nearly 20 percent in the past year, according to an Information Security Media Group analysis of U.S. Bureau of Labor Statistics data.
See Also: How to Take the Complexity Out of Cybersecurity
For the third quarter of 2015, the ISMG analysis shows that 72,800 people working in the U.S. labeled themselves as information security analysts, up from 61,000 a year earlier. Unless noted, all figures in this report have been annualized (see How We Analyzed the Data below for an explanation).
The increase in the number of IT security analysts came as the number of individuals who consider themselves part of the computer and information systems workforce, which includes IT security professionals, surpassed 4.9 million for the first time since 2012, when BLS began using the current method to determine employment data.
Information security analysts (see Defining InfoSec Analyst below) is the only occupation classification the BLS reserves for IT security employees, though many people working in other job categories - database administrators, network and computer administrators and computer and information systems managers, for instance - perform IT security work as part of their jobs. These days, nearly every IT-related job includes some element of cybersecurity, or at least they should.
The significant jump in information security analysts in one year strongly demonstrates that organizations in and out of government place a greater emphasis on building their IT security workforce as the number of cyberattacks targeting all types of enterprises have become an almost daily occurrence.
Other statistics support the BLS data showing an increase in those processing IT security skills. For instance, ISACA International President Christos Dimitriadis says the percentage of Certified Information Security Manager certifications ISACA has awarded increased by 22 percent over a two-year period. "There is a need; there is demand by the market," Dimitriadis says.
Still, the increase in the IT security workforce comes nowhere near meeting the demand of employers. A study conducted for the training and certification organization (ISC)2 shows a worldwide shortfall of 378,000 IT security jobs in 2015. That gap increases to 1.5 million in 2019. The study did not provide U.S.-specific figures.
Computer-Related Occupations
Since 2012, computer-related occupations as a percentage of the overall national workforce increased to 3.1 percent from 2.7 percent, according to the ISMG analysis. During that same period, IT security analysts as a percentage of the overall computer-related workforce inched ahead to 1.5 percent from 1.1 percent. Here is the size of the workforce during the third quarter for each of the computer-related occupations the BLS tracks:
- Computer and information systems managers: 657,800
Computer and information research scientists: 25,800
Computer and information research scientists: 585,800
Information security analysts: 72,800
Computer programmers: 503,500
Software developers: 1,359,000
Web developers: 216,000
Computer support specialists: 495,000
Database administrators: 100,800
Network and computer systems administrators: 225,000
Computer network architects : 121,500
Computer occupations, all other: 562,800
TOTAL: 4,925,500
How We Analyzed the Data
The workforce and employment numbers in this report come from the government's Current Population Survey of American households, the same survey BLS uses to determine the monthly unemployment rate. Survey takers interviewing households ask respondents characteristics about their jobs and then determine their appropriate occupation category.
BLS each quarter furnishes, upon request, a breakdown of 535 job categories, including the ones labeled information security analysts, database administrators and network and computer systems administrators. Because the survey size for some individual occupation categories, such as information security analysts, is too small to be statistically reliable, BLS neither officially publishes this data, nor claims it's reliable. BLS Economist Karen Kosanovich explains that occupations, such as information security analysts, with a base of less than 75,000 for quarterly averages, don't meet the bureau's publication standards.
Yet, the numbers historically have reflected IT and information security employment trends, especially after they're annualized, which we've done for this report. That's attained by adding four quarters worth of survey data and dividing the result by four. For example, to arrive at the 72,800 figure for the information security analyst workforce, we took the reported numbers for the last quarter of 2014 and first three quarters of 2015 then divided by four.
Defining InfoSec Analyst
The government defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. Information security analysts may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses.
How is your enterprise addressing the IT security skills shortage? Share your solutions in the box below.