The Public Eye with Eric Chabrow

Governance & Risk Management

Modest Growth in InfoSec Employment

Government Data Show 5% Rise in InfoSec Analysts in 2015
Modest Growth in InfoSec Employment

Ignorance isn't bliss when mulling IT security employment numbers.

See Also: Live Webinar | Cutting Through the Hype: What Software Companies Really Need from ASPM

Reliable data specifying the number of people employed in the United States in the cybersecurity field is hard to find. Knowing more about what IT security occupations exists and how many people fill those jobs could help employers and job seekers get a better handle on what security skills are truly in demand.

The best number available comes from the U.S. Bureau of Labor Statistics, culled from the same survey that produces the monthly unemployment rate. Among BLS's 840 Standard Occupation Classifications, or SOCs, only one exists for IT security: information security analysts. And, according to an Information Security Media Group analysis of BLS data, the number of individuals designated as information security analysts increased by 5 percent this past year, growing to 73,000 in 2015 from 69,000 in 2014.

But a 5 percent increase doesn't meet the needs of private enterprises and government agencies in filling their IT security gap. "It's difficult to keep up with the demand because the demand is so great; it's certainly outpacing the supply," says George Washington University Professor Diana Burley, who conducts research on the IT security profession.

BLS defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. They may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses. Job titles could include computer security specialists, network security specialists and Internet security specialist.

Sounds like a catch-all category, although one that doesn't capture all the needed IT security skills most enterprises require. Many other IT-related jobs require varying degrees of information security know-how; indeed, most info tech jobs include aspects of security, notably software developers, database administrators and network and systems administrators. Here's the latest workforce data from the BLS on those fields:

U.S. Computer-Related Workforce in 2015

    Computer and information systems managers: 665,500
    Computer and information research scientists: 25,300
    Computer systems analysts: 564,800
    Information security analysts: 72,500
    Computer programmers: 497,300
    Software developers: 1,380,000
    Web developers: 211,800
    Computer support specialists: 492,800
    Database administrators: 93,800
    Network and computer systems administrators: 225,500
    Computer network architects : 114,300
    Computer occupations, all other: 562,000
    TOTAL: 4,905,300
Source: ISMG analysis of Bureau of Labor Statistics data

Job descriptions the government develops don't correspond with those employers write. That's evident when exploring tech job sites such as Dice, where IT security specialists are among the three hottest computer-related skills. "With security breaches and information hacks appearing almost daily in the news, it's clear that companies need to shore up their security practices with the right talent," Dice President Bob Melk writes in a just-published blog. "Dice job postings for security professionals are growing year-over-year, with engineer positions up 22 percent and network security jobs up 19 percent."

And not every job requiring IT security know-how is a technical one. As Burley points out, IT security knowledge is key for a number of non-computer related occupations that conduct security work, such as public policy analysts and lawyers.

BLS Revising Standard Occupation Classification

Developing new categories of IT security occupations would paint a clearer picture of the profession. BLS is revising its Standard Occupation Classification, and might add new information security occupation descriptions. We'll know later this spring, when BLS publishes the new SOC that takes effect in 2018. The last update of the SOC occurred in 2010, with the first employment surveys based on it occurring in 2011.

But defining what occupations require IT security skills isn't simple. "People working in the field don't agree on titles or skills sets required for a position," Purdue University Computer Science Professor Eugene Spafford says. "Imposing an occupation classification may or may not be useful. Many employers don't know what it is that they want."

Still, the more knowledge we have about the information security field, the better we can plan for the staffing needs to assure the digital assets of businesses and government agencies can be secured.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.