The Public Eye with Eric Chabrow

IT Security Workforce Reaches New High

But Makeup of Employed InfoSec Pros Hasn't Changed Much
IT Security Workforce Reaches New High

As IT security employment reaches a record high in the United States, what does that workforce look like? It remains overwhelmingly white and male. And that hasn't changed in years.

See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response

Here's a look at the latest employment numbers from the federal government.

Regular readers of this blog know that I use quarterly, unpublished numbers from the Department of Labor's Bureau of Labor Statistics to analyze the current state of information security and IT employment.

"Information security analyst" is the only IT security occupation classification BLS tracks. An annualized 61,000 individuals considered themselves information security analysts during the third quarter of 2014. That includes 59,800 employed and 1,300 unemployed, resulting in an annualized unemployment rate of 2 percent. Economists generally consider an unemployment rate below 3 percent as full employment, meaning that a low unemployment rate denotes churn in the marketplaces, not people desperate for a job.

During the same quarter in 2013, an annualized 53,500 individuals called themselves information security analysts, with 51,100 employed and 2,000 jobless, and an annualized unemployment rate of 3.7 percent.

Those statistics translate into a 14 percent gain in the information security analysts' workforce in just a year, reflecting the growing demand for IT security skills by businesses and governments.

The number of men in the IT security workforce has hovered between 82 percent and 88 percent since the government began tracking information security analysts' jobs in 2011, according to our analysis of BLS data. And those numbers aren't likely to change anytime soon.

Eugene Spafford

"There are a smaller number of women going into the field as compared to their presence in the population as a whole," laments Eugene Spafford, a computer science professor at Purdue University who as executive director of Purdue's Center for Education and Research in Information Assurance and Security has advocated for more women in cybersecurity (see How Can Women Advance? Let Them Fail). "Twelve to 15 percent of students who are choosing this as a profession are female."

Information Security Analysts' Workforce

Source: ISMG analysis of Bureau of Labor Statistics data

In the past year, ending Sept. 30, whites made up just more than 80 percent of the IT security workforce, statistically unchanged from a year earlier, but up from 73 percent in 2011, the first year BLS tracked information security analysts' employment, according to our analysis.

Whites make up 78 percent of the U.S. population of the United States, according to the Census Bureau; African Americans, 13 percent and Asians, 5 percent. The analysis of BLS data shows that African Americans represent 11 percent of IT security analysts and Asians 5.4 percent.

Former U.S.-CERT Director Mischel Kwon provides historic perspective on imbalance of IT security workforce.

A year ago, African Americans comprised 7.3 percent and Asians 12 percent of the IT security workforce. In 2011, those numbers were 8.4 percent and 17.4 percent, respectively. Was there really a 12 percentage point drop in the Asian IT security personnel? Doubtful.

Questioning the Data

Here's why the validity of these numbers are in doubt. First, let's look at how we arrive at these statistics

The workforce and employment numbers in this report come from the government's Current Population Survey of American households that produces the monthly unemployment rate. Survey takers interviewing households ask respondents characteristics about their jobs, and then determine their appropriate occupation category.

BLS each quarter furnishes, only upon request, a breakdown of 535 job categories, including the one labeled information security analysts as well other computer-related fields, including computer and network system administrators. Because the survey size for some individual occupation categories, such as information security analysts, is too small to be statistically reliable, BLS neither officially publishes this data, nor claims it's reliable. BLS Economist Karen Kosanovich explains that occupations such as information security analysts with a base of fewer than 50,000 individuals for annual averages and 75,000 for quarterly averages don't meet the bureau's publication standards.

Kosanovich and other economists advise annualizing the data by adding four quarters of results and dividing by 4. Doing so makes the statistics more reliable. But the smaller the size of the group, the less likely the results will be reliable. The subsets, based on gender and ethnicity, are so small that no amount of jiggering will increase the confidence in the results.

Why do I present the data? To help you reach conclusions on matters of importance. These numbers remind me that the IT security field, especially when considering gender, does not look like America. Having a more diverse workforce will strengthen IT security. That's my take, even with these imperfect numbers. What's your take?

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.