The Public Eye with Eric Chabrow

Governance

Understanding the Latest IT Security Employment Trend Is Quarterly Jump in InfoSec Unemployment an Anomaly?
Understanding the Latest IT Security Employment Trend
Photo: Mike Reyher

An increase in unemployment isn't always a bad sign. It could reflect that more people are entering the workforce and looking for work, but have yet to land jobs.

See Also: How the New World of Digital Banking is Transforming Fraud Detection

Could that be happening with IT security practitioners?

Information Security Media Group's latest analysis of U.S. Labor Department's Bureau of Labor Statistics employment figures for the first quarter of 2017 shows an uncharacteristically high number of unemployed IT security practitioners, officially categorized as IT security analysts.

In the first quarter, the number of unemployed IT security practitioners reached an annualized 5.5 percent, down from 3 percent in the final three months of 2016 and 1.9 percent a year earlier. Last quarter's jobless rate was the highest percentage for IT security practitioners since 2011, when BLS adopt the current way to measure employment.

Information Security Analysts Workforce

Source: ISMG analysis of U.S. Bureau of Labor Statistics data

In some quarters over the past five years, IT security unemployment barely registered, hovering in the low single digits. (Some quarters, when the employment numbers and workforce size were equal - which normally would mean 0 percent unemployment - BLS did not provide an unemployment number because of the small sample size of the IT security workforce.)

The data for the employment numbers come from the government's Current Population Survey of American households, the same survey that produces the monthly national unemployment rate. Because of the relatively minute size of the IT security workforce, the data for the IT security job classification aren't considered statistically reliable, and that's why the bureau does not publish the figures on the BLS.gov website, although it makes them available upon request. To boost the statistics' reliability, BLS economists recommend annualizing each quarter's data by adding the four last quarters numbers and dividing the total by four. That's the process we follow.

What likely occurred was that the data the government collected for the first quarter, which is not annualized, showed that out of a workforce of 101,000 IT security practitioners, 10,000 of them were unemployed. In the previous three quarters, the non-annualized number of unemployed was much lower: 7,000, 2,000 and 1,000.

Letting You Judge

Why do we report this information if the statistics are unreliable? The BLS stats are the only data available that describe the size of the IT security workforce in the United States. Our thinking: We'll provide you with the available data, with all the caveats that go with them, and let you decide their merits. I've been conducting such analysis since the beginning of the century - even before I joined ISMG - and have found BLS data to fairly reflect trends in IT and IT security employment over the years. Still, from one reporting quarter to another, anomalies surface in the data, but over the course of quarters and years, they tend to iron out.

BLS defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. They may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses. Job titles could include computer security specialists, network security specialists and internet security specialist.

Of course, other practitioners, especially those working in other computer-related occupations, have IT security responsibilities, though they're not labeled as IT security analysts. Here's our latest calculation of the workforce size of all BLS computer occupations:

Computer Occupations Workforce

First quarter, 2017

Occupations Size
Computer and information systems managers 623,000
Computer and information research scientists 22,000
Computer systems analysts 531,500
Information security analysts 91,500
Computer programmers 470,500
Software developers, applications and systems software 1,530,500
Web developers 215,300
Computer support specialists 598,300
Database administrators 88,000
Network and computer systems administrators 223,500
Computer network architects 111,500
Computer occupations, all other 631,300
Total 5,127,800
Source: ISMG analysis of U.S. Bureau of Labor Statistics

BLS recognizes that shortcomings exist in the way it defines IT and IT security occupations; they don't reflect the changing roles of those in the field. The bureau says it's revising its Standard Occupation Classification and might add new information security occupation descriptions. BLS says it expects to publish shortly new SOCs that would take effect as early as 2018. The last update of the SOC occurred in 2010, with the first employment surveys based on it occurring in 2011.



About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network