After seven straight quarters of recording no joblessness among IT security professionals, an unpublished U.S. Bureau of Labor Statistics report suggests a small number of information security experts are out of work and looking for jobs in the field.
See Also: Ransomware: The Look at Future Trends
BLS each quarter creates tables that breakdown employment data for 535 occupation categories but doesn't publish them. They're available on request. The tables show a 3 percent unemployment rate for the fourth quarter of 2012 and a 0.9 percent jobless rate for the entire year among information security analysts, a catchall occupation category for professionals with a variety of IT security skills.
All organizations are at risk, as there not enough people with the right skills.
Don't take these percentages as gospel; BLS doesn't.
The data in the tables come from the government's Current Population Survey of American households that produces the monthly unemployment rate, but the sample size is too small to be deemed statistically reliable because very few households have someone living in them who works in IT security. BLS Economist Karen Kosanovich explains that occupations such as information security analysts with a base of fewer than 50,000 individuals for annual averages and 75,000 for quarterly averages don't meet the bureau's publication standards.
Still, they're worth noting, and each reader can decide whether to believe these numbers or not. I've been tracking IT employment trends for more than a decade, and historically the BLS numbers have been indicative of IT employment.
With that caveat in mind, let's look at what's in the table.
The fourth quarter table shows the number of people who consider themselves IT security professionals - the IT security workforce - reached 65,000, which includes 63,000 employed and 2,000 unemployed. That would produce an unemployment rate of 3 percent.
IT Security Workforce on the Rise
To get a truer picture of the employment environment, I annualize the quarterly BLS data by simply taking the past four quarters of statistics and divide by four, making them more consistent. In effect, the annual numbers BLS records does just that for the fourth quarter. The aggregated fourth quarter 2012 figures (or the 2012 annual numbers) show the IT security workforce averaged 52,000 people. That workforce number is up 7.2 percent from the 48,500 individuals working as IT security pros in 2011.
The BLS table shows an unemployment rate for IT security analysts of 0.9 percent for 2012, even though it displays a 0 under the column for total unemployed, an anomaly explained by the relatively small sample size for the fourth quarter. (In past reports, BLS didn't record an unemployment rate for information security analysts; instead under unemployment, the bureau used a dash to indicate not enough available data were collected to designate a jobless rate.)
But let's not focus too much on what is a statistically insignificant unemployment rate. Even if joblessness among IT security professionals stands at 3 percent, that's still a relatively law rate. "All organizations are at risk, as there not enough people with the right skills," says Bill Rogers, the former chief information officer of the state of New Hampshire.
Any Infosec Joblessness Pales Vs. Other Occupations
As a comparison, the overall unemployment rate in the U.S. stood at 7.3 percent last year. Many economists see full employment in the United States as an unemployment rate of 4 percent or less.
IT security fared better than any other computer occupation. Including information security analysts, the overall IT unemployment rate for 2012 was 3.7%, down 0.1 point from 2011. Here's the aggregated unemployment rate for 2012 among other IT professions:
- Computer and information research scientists: 1.7%
- Computer and information systems managers: 3.2%
- Computer network architects: 2.1%
- Computer occupations, all others: 3.2%
- Computer programmers: 4.5%
- Computer support specialists 6.5%
- Computer systems analysts: 3.6%
- Database administrators: 3.6%
- Network and computer systems administrators: 4.0%
- Software developers, applications and systems software: 2.8%
- Web developers: 4.3%
Many employers gripe that they can't find sufficient IT security expertise to hire. It's a problem that will continue for years, regardless of what the numbers say.
In my next posting [see Security Skills Shortage Places IT at Risk], I'll share with you the thinking of IT security practitioners and thought leaders on meeting the challenge of a full-employment in this space.