Understanding the Latest IT Security Employment TrendIs Quarterly Jump in InfoSec Unemployment an Anomaly?
An increase in unemployment isn't always a bad sign. It could reflect that more people are entering the workforce and looking for work, but have yet to land jobs.
Could that be happening with IT security practitioners?
Information Security Media Group's latest analysis of U.S. Labor Department's Bureau of Labor Statistics employment figures for the first quarter of 2017 shows an uncharacteristically high number of unemployed IT security practitioners, officially categorized as IT security analysts.
In the first quarter, the number of unemployed IT security practitioners reached an annualized 5.5 percent, down from 3 percent in the final three months of 2016 and 1.9 percent a year earlier. Last quarter's jobless rate was the highest percentage for IT security practitioners since 2011, when BLS adopt the current way to measure employment.
Information Security Analysts Workforce
In some quarters over the past five years, IT security unemployment barely registered, hovering in the low single digits. (Some quarters, when the employment numbers and workforce size were equal - which normally would mean 0 percent unemployment - BLS did not provide an unemployment number because of the small sample size of the IT security workforce.)
The data for the employment numbers come from the government's Current Population Survey of American households, the same survey that produces the monthly national unemployment rate. Because of the relatively minute size of the IT security workforce, the data for the IT security job classification aren't considered statistically reliable, and that's why the bureau does not publish the figures on the BLS.gov website, although it makes them available upon request. To boost the statistics' reliability, BLS economists recommend annualizing each quarter's data by adding the four last quarters numbers and dividing the total by four. That's the process we follow.
What likely occurred was that the data the government collected for the first quarter, which is not annualized, showed that out of a workforce of 101,000 IT security practitioners, 10,000 of them were unemployed. In the previous three quarters, the non-annualized number of unemployed was much lower: 7,000, 2,000 and 1,000.
Letting You Judge
Why do we report this information if the statistics are unreliable? The BLS stats are the only data available that describe the size of the IT security workforce in the United States. Our thinking: We'll provide you with the available data, with all the caveats that go with them, and let you decide their merits. I've been conducting such analysis since the beginning of the century - even before I joined ISMG - and have found BLS data to fairly reflect trends in IT and IT security employment over the years. Still, from one reporting quarter to another, anomalies surface in the data, but over the course of quarters and years, they tend to iron out.
BLS defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. They may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses. Job titles could include computer security specialists, network security specialists and internet security specialist.
Of course, other practitioners, especially those working in other computer-related occupations, have IT security responsibilities, though they're not labeled as IT security analysts. Here's our latest calculation of the workforce size of all BLS computer occupations:
Computer Occupations Workforce
First quarter, 2017
|Computer and information systems managers||623,000|
|Computer and information research scientists||22,000|
|Computer systems analysts||531,500||Information security analysts||91,500|
|Software developers, applications and systems software||1,530,500|
|Computer support specialists||598,300|
|Database administrators||88,000||Network and computer systems administrators||223,500||Computer network architects||111,500|
|Computer occupations, all other||631,300|
BLS recognizes that shortcomings exist in the way it defines IT and IT security occupations; they don't reflect the changing roles of those in the field. The bureau says it's revising its Standard Occupation Classification and might add new information security occupation descriptions. BLS says it expects to publish shortly new SOCs that would take effect as early as 2018. The last update of the SOC occurred in 2010, with the first employment surveys based on it occurring in 2011.