The number of information security analysts employed in the United States has topped 100,000 for the first time, according to an Information Security Media Group analysis of U.S. Bureau of Labor Statistics data.
According to our analysis, employment of information security analysts in the third quarter of 2017 reached an annualized 103,800. That's up 5 percent from the 98,500 employed in the second quarter and nearly 20 percent from the 86,800 a year ago.
When BLS began using the current method to collect employment data in 2011, employment for information security analysts stood at 44,000. So the total has increased 135 percent in nearly six years.
Rapid growth in IT security employment shouldn't be surprising. More people, with or without a tech background, find careers in IT security attractive, driven, in part, by so many data breaches grabbing headlines.
"The field is growing much more sexy," says Larry Clinton, president of the Internet Security Alliance. "It's now got this broad-based awareness. More people are going to be attracted to it. We're going beyond the geekdom and into the mainstream."
Also, more organizations are earmarking more money for information security, including for more personnel. Gartner projects that IT security spending will grow by 7 percent in 2017.
Clinton says the field has a dearth of qualified practitioners, suggesting the employment numbers should be higher. "There are interesting, important jobs in cybersecurity that are going begging," he says. "We just don't have enough supply."
Military Veterans Eye InfoSec Careers
Meanwhile, many recently discharged military personnel are using the GI Bill to fund their study of IT security at colleges and universities as well as to pay for certification programs, says Chris Cravens, national director of candidate acquisition for the recruiting firm Recruit Military. "We're seeing a lot of candidates really make themselves more marketable," Cravens says.
BLS defines "information security analysts" as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. They may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses.
Although information security analyst is the only job classification BLS has for IT security positions, most other computer-related positions include aspects of cybersecurity in their job descriptions. For instance, network and computer systems administrators are responsible for identifying vulnerabilities and patching them.
Computer Occupations Employment
Third quarter, 2017
|Computer and information systems managers||616,300|
|Computer and information research scientists||23,000|
|Computer systems analysts||543,000||Information security analysts||104,800|
|Software developers, applications and systems software||1,538,000|
|Computer support specialists||524,500|
|Database administrators||90,800||Network and computer systems administrators||206.800||Computer network architects||102,000|
|Computer occupations, all other||668,500|
A Bit of Skepticism
Each month, the Census Bureau surveys about 60,000 households for BLS, the same survey used to produce the monthly unemployment rate. Survey takers ask respondents about the characteristics of their jobs and then determine their appropriate occupation category.
Based on the latest monthly surveys, the unemployment rate in the third quarter among IT security analysts fell to 5.3 percent from 6 percent in the previous quarter, which was a record high. Economists point out that as an occupation gains popularity, more people seek jobs in the new field, reflecting higher unemployment until they find employment in that speciality.
Still, both percentages seem uncharacteristically high for the IT security field, and perhaps should be discounted. Over the years, our analysis shows the IT security analysts' unemployment rate rarely tops 3 percent; often it's lower. Indeed, raw figures for the last quarter that have not been annualized failed to show any unemployment among IT security analysts.
Because of the relatively small size of the IT security analyst workforce, the data for this occupation classification isn't considered statistically reliable, and that's why the bureau does not publish the quarterly occupation figures on the BLS.gov website, although it makes them available upon request. To boost the statistics' reliability, BLS economists recommend annualizing each quarter's data by adding the last four quarters' numbers and dividing the total by four. That's the process we follow to annualize the figures.
You Decide the Merits
Why do we report this information if the statistics are unreliable? The BLS stats are the only data available that describe the size of the IT security workforce in the United States. Our thinking: We'll provide you with the available data, with all the caveats that go with them, and let you decide their merits.
Since the beginning of the 21st century, I've been conducting such analysis and have found BLS data to fairly reflect employment trends in IT and IT security over the years. From one quarter to another, anomalies surface in the data, but over the course of quarters and years, they tend to even out.