CISO Trainings , Governance & Risk Management , Training & Security Leadership
IT Security Hiring Surge Continues
Record Employment Among IT Security Pros in 2014If 2014 was a harbinger of things to come, with the supply failing to keep pace with the demand, 2015 will be a banner year for IT security employment.
See Also: Preparing for New Cybersecurity Reporting Requirements
U.S. Bureau of Labor Statistics data, culled from the same household surveys that determine the monthly unemployment rate, show that employment in one segment of the IT security workforce - information security analysts - soared by 42 percent in 2014, to 68,000 from 48,000.
The big jump in IT security analysts' employment could be attributed, in part, to the insatiable demand for IT security talent by the Defense Department and federal intelligence agencies. "The government cannot hire enough of these people", says David Foote, chief analyst at the IT employment advisory firm Foote Partners. "There is a gap between the demand in the DoD and NSC (National Security Council) for analysts and what the markets are supplying."
David Foote discusses the impact of government hiring of IT security analysts. .
The number of employed IT security analysts in the United States is likely much higher than the latest BLS figures from the household survey suggest. Another bureau study, calculated in a different manner by surveying employers and not households, estimated that in 2013 the number of information security analysts stood at 78,020. Based on employers' surveys, BLS estimates that employment among information security analysts could top 102,000 by 2022, growing three times faster than the average occupation.
Let's be clear, neither employment number should be taken as gospel. But over the years, BLS's employment statistics from surveys of American households have shown to be indicative of overall employment trends.
Rapidly Growing Field
Regardless of the preciseness of either number (more on that below), BLS data and research demonstrate that IT security is a rapidly growing field as many employers struggle to find qualified IT security personnel.
The online employment website Dice reports a 69 percent jump since last January of job postings that list skills labeled cybersecurity or information security. "We definitely seeing a ramp up in cybersecurity," says Rachel Ceccarelli, Dice Holdings corporate communications director. "We're seeing more breaches, we're hearing more in the news about companies being attacked so companies are wanting to go on the offensive and have pros in house."
Other computer-related occupations in 2014 also showed solid employment growth, albeit at a more modest pace. Among 12 computer-related occupations, employment grew by 7 percent to nearly 4.7 million from just under 4.4 million, according to BLS's 2014 data. Many of these jobs - such as network and database administrators and application developers - have security elements to them.
"Information security analyst" is the only IT security occupation classification BLS tracks, and there's virtually no unemployment within that category. The category is a catchall for a number of skills. Duties of IT security analysts, according to BLS, include monitoring networks for security breaches, installing software, firewalls and encryption programs to protect sensitive information, and conducting penetration testing, among other tasks.
Security Pro as Impact Player
As organizations bolster their IT security staffs, many of the new positions will require skills in multiple disciplines. "They want a different mix of skills along the lines of solid communications, business and even marketing skills in addition to infosec tech skills, especially cybersecurity, ethical hacking and forensics," Foote says.
"Taken together, this makes security pros more of an impact player who can help CISOs sell security throughout the organization," he says. "Security pros who can think in business terms are more adept at thinking about how to translate technology risk to business risk and help prevent security bottom-line as a value-add enhancement to products and services that customers react to positively and are willing to pay more for."
The 2014 employment numbers cited here come from the government's Current Population Survey of American households, the survey that produces the monthly unemployment rate. Because the survey size for some individual occupation categories, including information security analysts, are too small to be statistically reliable, BLS doesn't publicize them. They're available upon request.
The 2013 Occupational Employment Statistics report relies on surveys of non-farm establishments. Each year, BLS surveys about 400,000 businesses and governments of varying size from every metropolitan and nonmetropolitan area in each state. The self-employed are not counted.
Annual Mean Wage for IT Security Analysts, By States
SOURCE: BLS, May 2013
In 2012, the most recent year BLS has salary data, the bureau pegs the median salary of an information security analyst at $86,170 a year, with the top 10 percent earning more than $135,600 annually.