The Public Eye with Eric Chabrow

CISO Trainings , Governance & Risk Management , Training & Security Leadership

Big Year-to-Year Jump in InfoSec Workforce

Demand for IT Security Pros Reflected in BLS Numbers
Big Year-to-Year Jump in InfoSec Workforce

The size of the information security analyst workforce in the United States rose by nearly 20 percent in the past year, according to an Information Security Media Group analysis of U.S. Bureau of Labor Statistics data.

See Also: How to Take the Complexity Out of Cybersecurity

For the third quarter of 2015, the ISMG analysis shows that 72,800 people working in the U.S. labeled themselves as information security analysts, up from 61,000 a year earlier. Unless noted, all figures in this report have been annualized (see How We Analyzed the Data below for an explanation).

The increase in the number of IT security analysts came as the number of individuals who consider themselves part of the computer and information systems workforce, which includes IT security professionals, surpassed 4.9 million for the first time since 2012, when BLS began using the current method to determine employment data.


Source: ISMG analysis of Bureau of Labor Statistics data

Information security analysts (see Defining InfoSec Analyst below) is the only occupation classification the BLS reserves for IT security employees, though many people working in other job categories - database administrators, network and computer administrators and computer and information systems managers, for instance - perform IT security work as part of their jobs. These days, nearly every IT-related job includes some element of cybersecurity, or at least they should.

The significant jump in information security analysts in one year strongly demonstrates that organizations in and out of government place a greater emphasis on building their IT security workforce as the number of cyberattacks targeting all types of enterprises have become an almost daily occurrence.

Other statistics support the BLS data showing an increase in those processing IT security skills. For instance, ISACA International President Christos Dimitriadis says the percentage of Certified Information Security Manager certifications ISACA has awarded increased by 22 percent over a two-year period. "There is a need; there is demand by the market," Dimitriadis says.

Still, the increase in the IT security workforce comes nowhere near meeting the demand of employers. A study conducted for the training and certification organization (ISC)2 shows a worldwide shortfall of 378,000 IT security jobs in 2015. That gap increases to 1.5 million in 2019. The study did not provide U.S.-specific figures.

Computer-Related Occupations

Since 2012, computer-related occupations as a percentage of the overall national workforce increased to 3.1 percent from 2.7 percent, according to the ISMG analysis. During that same period, IT security analysts as a percentage of the overall computer-related workforce inched ahead to 1.5 percent from 1.1 percent. Here is the size of the workforce during the third quarter for each of the computer-related occupations the BLS tracks:

    Computer and information systems managers: 657,800
    Computer and information research scientists: 25,800
    Computer and information research scientists: 585,800
    Information security analysts: 72,800
    Computer programmers: 503,500
    Software developers: 1,359,000
    Web developers: 216,000
    Computer support specialists: 495,000
    Database administrators: 100,800
    Network and computer systems administrators: 225,000
    Computer network architects : 121,500
    Computer occupations, all other: 562,800
    TOTAL: 4,925,500
Source: ISMG analysis of Bureau of Labor Statistics data

How We Analyzed the Data

The workforce and employment numbers in this report come from the government's Current Population Survey of American households, the same survey BLS uses to determine the monthly unemployment rate. Survey takers interviewing households ask respondents characteristics about their jobs and then determine their appropriate occupation category.

BLS each quarter furnishes, upon request, a breakdown of 535 job categories, including the ones labeled information security analysts, database administrators and network and computer systems administrators. Because the survey size for some individual occupation categories, such as information security analysts, is too small to be statistically reliable, BLS neither officially publishes this data, nor claims it's reliable. BLS Economist Karen Kosanovich explains that occupations, such as information security analysts, with a base of less than 75,000 for quarterly averages, don't meet the bureau's publication standards.

Yet, the numbers historically have reflected IT and information security employment trends, especially after they're annualized, which we've done for this report. That's attained by adding four quarters worth of survey data and dividing the result by four. For example, to arrive at the 72,800 figure for the information security analyst workforce, we took the reported numbers for the last quarter of 2014 and first three quarters of 2015 then divided by four.

Defining InfoSec Analyst

The government defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. Information security analysts may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses.

How is your enterprise addressing the IT security skills shortage? Share your solutions in the box below.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.