The workforce of information security analysts in the United States has topped 100,000 for the first time, more than doubling since the Department of Labor's Bureau of Labor Statistics began publishing full-year statistics for the occupation category in 2012.
The IT security analyst workforce reached an annualized 104,800 for the second quarter of 2017, up from an annualized 45,000 from the first quarter of 2012, the first time BLS published data for what was then the new occupation category labeled information security analysts, according to an Information Security Media Group analysis of Labor Department data. That's an increase of 133 percent over that past 5½ years.
A year ago, the annualized information security analysts workforce stood at 80,500. In the past four quarters, the workforce soared by 24,300, a 30 percent increase.
The data suggests that more individuals saw employment opportunities in information security occupations and began seeking jobs in the field. "Some of this is doubtless real - recognition, finally, that investing in cybersecurity is critical to managing organizational risk," says Franklin Reeder, co-founder and director at the Center for Internet Security, which manages the Multi-State Information Sharing and Analysis Center. "Much of the increase, however, may be an attribution game. Individuals who may have had other job titles now are called, or call themselves, information security analysts, because it is sexier and pays more."
Each month, the Census Bureau surveys about 60,000 households for BLS, the same survey used to produce the monthly unemployment rate. Survey takers interviewing households ask respondents characteristics about their jobs and then determine their appropriate occupation category.
Suspiciously High Unemployment
Based on the latest monthly surveys, the unemployment rate among IT security analysts has soared to a record - and suspicious - 6 percent in the second quarter of 2017, according to our analysis, uncharacteristically high for the IT security field. But economists point out that as an occupation gains popularity, more people seek jobs in their new field, reflecting higher unemployment until they find employment in that field. Over the years, our analysis shows the IT security analysts' unemployment rate rarely tops 3 percent; often it's lower.
Keep in mind, because of the relatively small size of the IT security analyst workforce, the data for this occupation classification isn't considered statistically reliable, and that's why the bureau does not publish the quarterly occupation figures on the BLS.gov website, although it makes them available upon request. To boost the statistics' reliability, BLS economists recommend annualizing each quarter's data by adding the four last quarters' numbers and dividing the total by four. That's the process we follow.
The past quarter's jobless rate of 6 percent is more likely a statistical anomaly, says Larry Clinton, president of the trade group Internet Security Alliance.
"Full employment is generally considered around 4 percent [unemployed], so I wouldn't put too much stock in 6 percent number given the small sample size," Clinton says. "What I am seeing in the field is a substantial demand with organizations poaching cyber professionals, which could result in some short-term unemployment. I think any suggestion that the cybersecurity market is in any way saturated would be extremely premature."
Among the 840 detailed occupation categories BLS tracks, information security analyst is the only one that specifies IT security in its description. BLS defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. They may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses.
Many other occupations inside and outside the computer field, however, include IT security as part of their responsibilities. Those include computer network architect, software developers and network administrators. Here's our latest calculation of the workforce size of all BLS computer occupations:
Computer Occupations Workforce
Second quarter, 2017
|Computer and information systems managers||630,800|
|Computer and information research scientists||24,300|
|Computer systems analysts||551,800||Information security analysts||104,800|
|Software developers, applications and systems software||1,536,000|
|Computer support specialists||561,800|
|Database administrators||86,800||Network and computer systems administrators||220,800||Computer network architects||104,000|
|Computer occupations, all other||653,500|
Why do we report this information if the statistics are unreliable? The BLS stats are the only data available that describe the size of the IT security workforce in the United States. Our thinking: We'll provide you with the available data, with all the caveats that go with them, and let you decide their merits.
I've been conducting such analysis since the beginning of the century - even before I joined ISMG - and have found BLS data to fairly reflect employment trends in IT and IT security over the years. Still, from one quarter to another, anomalies surface in the data, but over the course of quarters and years, they tend to even out.