The Public Eye with Eric Chabrow

CISO Trainings , Governance & Risk Management , Training & Security Leadership

US InfoSec Employment Surpasses 100,000

Number of Information Security Analysts Jobs Up Nearly 20 Percent in a Year
US InfoSec Employment Surpasses 100,000
A scene from an IT security recruitment ad for TEKsystems as seen on

The number of information security analysts employed in the United States has topped 100,000 for the first time, according to an Information Security Media Group analysis of U.S. Bureau of Labor Statistics data.

See Also: Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

According to our analysis, employment of information security analysts in the third quarter of 2017 reached an annualized 103,800. That's up 5 percent from the 98,500 employed in the second quarter and nearly 20 percent from the 86,800 a year ago.

When BLS began using the current method to collect employment data in 2011, employment for information security analysts stood at 44,000. So the total has increased 135 percent in nearly six years.

Source: ISMG analysis of Bureau of Labor Statistics data

Rapid growth in IT security employment shouldn't be surprising. More people, with or without a tech background, find careers in IT security attractive, driven, in part, by so many data breaches grabbing headlines.

"The field is growing much more sexy," says Larry Clinton, president of the Internet Security Alliance. "It's now got this broad-based awareness. More people are going to be attracted to it. We're going beyond the geekdom and into the mainstream."

Also, more organizations are earmarking more money for information security, including for more personnel. Gartner projects that IT security spending will grow by 7 percent in 2017.

Clinton says the field has a dearth of qualified practitioners, suggesting the employment numbers should be higher. "There are interesting, important jobs in cybersecurity that are going begging," he says. "We just don't have enough supply."

Military Veterans Eye InfoSec Careers

Meanwhile, many recently discharged military personnel are using the GI Bill to fund their study of IT security at colleges and universities as well as to pay for certification programs, says Chris Cravens, national director of candidate acquisition for the recruiting firm Recruit Military. "We're seeing a lot of candidates really make themselves more marketable," Cravens says.

BLS defines "information security analysts" as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. They may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses.

Although information security analyst is the only job classification BLS has for IT security positions, most other computer-related positions include aspects of cybersecurity in their job descriptions. For instance, network and computer systems administrators are responsible for identifying vulnerabilities and patching them.

Computer Occupations Employment

Third quarter, 2017

Occupations Size
Computer and information systems managers 616,300
Computer and information research scientists 23,000
Computer systems analysts 543,000
Information security analysts 104,800
Computer programmers 464,800
Software developers, applications and systems software 1,538,000
Web developers 205,800
Computer support specialists 524,500
Database administrators 90,800
Network and computer systems administrators 206.800
Computer network architects 102,000
Computer occupations, all other 668,500
Total 5,087,000
Source: ISMG analysis of U.S. Bureau of Labor Statistics

A Bit of Skepticism

Each month, the Census Bureau surveys about 60,000 households for BLS, the same survey used to produce the monthly unemployment rate. Survey takers ask respondents about the characteristics of their jobs and then determine their appropriate occupation category.

Based on the latest monthly surveys, the unemployment rate in the third quarter among IT security analysts fell to 5.3 percent from 6 percent in the previous quarter, which was a record high. Economists point out that as an occupation gains popularity, more people seek jobs in the new field, reflecting higher unemployment until they find employment in that speciality.

Still, both percentages seem uncharacteristically high for the IT security field, and perhaps should be discounted. Over the years, our analysis shows the IT security analysts' unemployment rate rarely tops 3 percent; often it's lower. Indeed, raw figures for the last quarter that have not been annualized failed to show any unemployment among IT security analysts.

Because of the relatively small size of the IT security analyst workforce, the data for this occupation classification isn't considered statistically reliable, and that's why the bureau does not publish the quarterly occupation figures on the website, although it makes them available upon request. To boost the statistics' reliability, BLS economists recommend annualizing each quarter's data by adding the last four quarters' numbers and dividing the total by four. That's the process we follow to annualize the figures.

You Decide the Merits

Why do we report this information if the statistics are unreliable? The BLS stats are the only data available that describe the size of the IT security workforce in the United States. Our thinking: We'll provide you with the available data, with all the caveats that go with them, and let you decide their merits.

Since the beginning of the 21st century, I've been conducting such analysis and have found BLS data to fairly reflect employment trends in IT and IT security over the years. From one quarter to another, anomalies surface in the data, but over the course of quarters and years, they tend to even out.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.