The Woes of No IT Security UnemploymentFinding Skilled People Poses Dilemma for Employers
Employment of IT security professionals in the United States is at an all-time high - rising to 48,500 in the third quarter of 2012, up from 44,750 in the second quarter, according to an Information Security Media Group analysis of a Labor Department report issued Oct. 5. But the employment growth in the profession isn't keeping pace with the demand for these skills in American businesses and governments.
Since the Department of Labor's Bureau of Labor Statistics began reporting in the first quarter of 2011 on the occupation category entitled information security analysts - which represents a broader number of IT security roles than the name suggests - there have been no reports of unemployment in that field fom the government.
"IT security is one of the safest places to have skills if you want to ensure that you always have a job because there is such great demand for skilled professional, and it's only growing for these types of skills," says John Challenger, chief executive officer of Challenger, Gray & Christmas, an outplacement consulting firm.
A shortage of IT security practitioners is having an adverse impact on businesses, not-for-profits and governments in hiring those needed to protect their IT systems and networks.
"Finding the people with the needed skills, however, poses a dilemma," the just-issued Cyberskills Task Force Report from the Department of Homeland Security Advisory Council states. "The numbers of professionals with these mission-critical skills are so limited that government contractors and federal agencies compete with one another and the private sector to hire them."
The demand for IT security professionals is driving up salaries for those with the right IT security skills, making it harder for financially-strapped organizations in government and the private sector to afford the limited supply of individuals with information security know-how. "It's classic economic demand," Challenger says.
To meet that demand, some organizations turn to other types of IT professionals to assume security responsibilities and then provide these individuals with security knowledge. Delaware state government, for instance, has instituted an education and certification program aimed at increasing security skills for its agencies' information security officers, many of whom have other information technology tasks.
"In many cases, they're learning as they go, too," says Delaware Chief Security Officer Elayne Starkey [see On the Job Training for ISOs]. "It's a way to encourage them to pursue the security field of IT, and it complements their other IT skills very nicely."
Who is an Information Security Analyst?
BLS defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. They may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure, as well as respond to computer security breaches and viruses.
BLS each month surveys 60,000 households, which produces the monthly unemployment rate that fell to 7.8 percent in September from 8.1 percent in August, causing much debate in the presidential election. Each quarter, BLS aggregates the monthly household survey results, known as the Current Population Survey, into quarterly reports that breaks down each of the 535 job categories it tracks, including the one labeled information security analysts. Because the survey size for any individual occupation category is too small to be statistically reliable, BLS neither officially publishes this data nor claims they're reliable, although it makes the numbers available on request. Yet, over the years, BLS numbers have proven to be indicative of IT and information security employment trends.
To get a clearer picture of the employment environment, ISMG annualizes the quarterly BLS data that are derived from household surveys. Simply, we add the past four quarters of statistics then divide them by four, making them more consistent.
Unlike most other occupation categories, which show a specific number of unemployed individuals, BLS in its table of occupations uses a dash rather than a number for information security analysts, indicating the sample size is too small to declare no unemployment. That's been the case for all seven quarters BLS has been tracking IT security analysts employment.
The Numbers Behind the Story
With these provisos, here are what the latest BLS data show:
- Some 48,500 Americans consider themselves information security analysts in the third quarter of 2012, up from 44,750 in the second quarter and 45,500 in the first quarter. That means no one who has been interviewed by BLS and identified themselves or someone in their household as employed as an information security analyst was unemployed. That's been the case since the first survey in January 2011.
- Looking at just the raw third quarter 2012 numbers - those that were not annualized - 62,000 people were employed in IT security in the United States, up from 40,000 in the second quarter, 41,000 in the first quarter and 51,000 in the fourth quarter 2011. In the third quarter 2011, and not annualizing the data, 51,000 people were employed as IT security analysts. The wide month-to-month, non-annualized fluctuation in IT security jobs is a result of the small sample size and explains why we annualize the numbers, which one BLS economist suggests doing so to make the figures more "robust" in understanding the employment environment.
- Overall IT unemployment, based on the BLS computer occupations classification, dipped to 3.8 percent in the third quarter from 3.9 percent in the second quarter. IT unemployment had stood at 3.8 percent for first quarter 2012 and fourth quarter 2011. As a comparison, the overall workforce showed a 7.6 percent unemployment rate last quarter.
- IT employment in the third quarter rose to an annualized 4,096,250 from 4,016,130 in the second quarter and 4,039,250 in the first quarter.
- The IT workforce - those employed and those unemployed who sought jobs in the IT field - rose to an annualized 4,257,500 last quarter from 4,179.563 in the second quarter and 4,197,000 in the first quarter.
These numbers should be viewed as a snapshot of what the IT and information security employment environment appears in the United States, but not be taken as gospel. These numbers do not reflect the thousands of IT professionals such as application developers and network administrators whose jobs require them to have IT security skills. Indeed, those categorized as information security analysts make up just 1.2 percent of all those employed in computer occupations in the United States, according to our analysis of BLS data.