Governance & Risk Management

InfoSec Workforce Continues Robust Growth

34 Percent Increase in the First Quarter
InfoSec Workforce Continues Robust Growth

In the first three months of 2015, the number of information security analysts in the United States grew at a much stronger pace than other occupations within the information technology sector.

See Also: Now OnDemand | C-Suite Round-up: Connecting the Dots Between OT and Identity

According to an Information Security Media Group analysis of the latest government data, issued last week, the number of people in the United States who consider themselves information security analysts soared by 34 percent to 74,000 during the first quarter of 2015 from 55,300 in the same quarter a year earlier. In the fourth quarter of 2014, the IT security analysts' workforce soared by 42 percent.

By comparison, the IT workforce in the United States grew by 7 percent in the first quarter, compared with the same period a year earlier, to a record 4.87 million. And the overall American workforce grew by 6 percent. The workforce consists of the employed and the unemployed actively seeking jobs.

David Foote, chief analyst at the IT employment advisory firm Foote Partners, says the military is helping drive the growth in IT security analysts' employment. Though the Defense Department can't compete dollar-to-dollar with the private sector on pay, DoD is more aggressive than most private-sector companies in seeking IT security personnel. For instance, the military's five-year-old Cyber Command employed 1,800 professionals a year ago and expects to grow to 6,000 employees by 2016.

But a 2014 study by the Labor Department's Bureau of Labor Statistics showed that consulting firms specializing in computer system design and related services employ more information security analysts than any other sector.

Six-Figure Salaries

That 2014 study placed the mean annual wage of an information security analyst at $91,600. The annual salary of experienced information security analysts - those in the top 75 percentile - averaged $113,900; for the top 90 percentile, the average was $140,460.

How does the government define information security analysts? These analysts implement, upgrade and/or monitor security measures for the protection of computer networks and information as well as ensure appropriate security controls are in place that safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses.

But other IT occupations, such as database administrators and network and computer administrators, perform some of the same IT security tasks. Both of these occupations, for instance, make sure that proper security controls are in place. Those job categories also experienced growth in the past quarter, albeit as a more modest pace than information security analysts, with the workforce of database administrators increasing by 5 percent and network and computer systems administrators rising by 3 percent.

The workforce and employment numbers in this report come from the government's Current Population Survey of American households that produces the monthly unemployment rate. Survey takers interviewing households ask respondents characteristics about their jobs, and then determine their appropriate occupation category.

BLS each quarter furnishes, upon request, a breakdown of 535 job categories, including the ones labeled information security analysts, database administrators and network and computer systems administrators. Because the survey size for some individual occupation categories, such as information security analysts, is too small to be statistically reliable, BLS neither officially publishes this data, nor claims it's reliable. BLS Economist Karen Kosanovich explains that occupations, such as information security analysts, with a base of fewer than 75,000 for quarterly averages, don't meet the bureau's publication standards.

Yet, the numbers historically have reflected IT and information security employment trends, especially after they're annualized, which we've done for this report. That's attained by adding four quarters worth of survey data and dividing the result by four.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.