A dearth of information makes tracking employment among IT security professionals difficult. Even the most trustworthy organization in collecting employment data in the United States, the Labor Department's Bureau of Labor Statistics, furnishes information on IT security employment it admits isn't reliable.
See Also: Ransomware: The Look at Future Trends
BLS provides to those who ask, but does not officially publish, data on 535 detailed occupations, but says a large number of those, including information security analysts, lack enough respondents in its monthly surveys of 60,000 households to provide reliable data.
Unemployment among IT security professionals, if not zero, is almost non-existent.
"Typically, BLS will not publish any rate or percent that has a denominator of less than 35,000 for annual averages, 60,000 for quarterly averages, or 75,000 for monthly data, " Karen Kosanovich, a BLS economist, writes in a message accompanying the employment data. The quarterly denominator for IT security analysts has averaged 46,000 over the past four quarters, well below BLS's required 60,000. Still, the numbers are available, and are being reported here, so you must decide how these statistics reflect reality.
No Joblessness In Sight
The most impressive statistic - or lack thereof - is the number of unemployed IT security pros BLS reports. Actually, the bureau leaves the information-security-analysts unemployed column blank in its quarterly report, using a dash rather than a zero, signifying the sample size is too small to declare 0 percent unemployment.
Yet, BLS suggests annualizing the data - combining four quarters worth of data - to produce more reliable results. The current method BLS employs to determine unemployment among all occupation categories has been around only since January 2011. In its five quarterly reports, BLS numbers have never shown any unemployment among IT security analysts.
Does that mean IT security unemployment for the past 15 months has been 0 percent? Perhaps, but no one can make that claim with certainty. Yet it's safe to say that unemployment among IT security professionals is almost non-existent.
Anecdotal Evidence Reflects the Stats
I've been covering IT employment for more than a decade, and one thing that has been consistent - even if the quarter to quarter data on specific occupations can't be deemed "reliable" - is that the statistics mirror anecdotal evidence about the employment environment. Simply, the BLS numbers echo what the IT community says about the information technology job market. And, the scarcity of qualified IT security experts to hire has been a consistent complaint among employers for the past several years.
Comparing quarter-to-quarter data, especially for IT security pros, is inconsistent and demonstrates why individual quarterly numbers are suspect. But by averaging them over four quarters, a believable employment picture emerges.
According to the BLS-provided numbers, 41,000 people were employed as information security analysts in first quarter 2012, down 10,000 from fourth quarter of 2011. However, if you annualize those numbers - simply adding the results from the most recent four quarters and divide by four - some 46,000 were employed IT security pros, up 1,000 from third quarter 2011.
Because BLS uses occupation definitions that are five quarters old, only the results from the past two quarters can be annualized. In first quarter 2011, BLS data show a non-annualized 37,000 IT security professionals employed. The size of the IT security workforce - those employed added to those unemployed and seeking working in the field - is the same as those employed because there are no recorded unemployed professionals. Using just the quarterly figures, the IT security workforce increased by 11 percent in a year.
IT Unemployment Holds Steady at 3.8%
More reliable are the statistics used to determine employment and workforce levels and the unemployment rate for all 12 detailed information technology occupations.Using annualized numbers, ISMG's analysis of BLS data shows unemployment remained steady among IT professionals in the first quarter at 3.8 percent, unchanged from the previous quarter. American businesses, governments and not for profits employed 4,039,000 people in IT during the first three months of 2012, up from 3,983,000 during the final quarter of 2011. The number of unemployed IT pros remained virtually the same, increasing by 1,000 to 158,000 in the first quarter. The size of the IT workforce rose to 4,197,000 from 4,139,000 over the past three months, a 1.4 percent increase.
The government's definition of information security analysts is broader than the title suggests. Here's that definition: "Plan, implement, upgrade or monitor security measures for the protection of computer networks and information. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses." The definition explicitly excludes computer network architects.
If the supply ever meets demand, one day there may be enough IT security professionals employed in the United States to provide more reliable data. For now, we must make do with the statistics we have.
Correction: An earlier version of this story incorrectly stated that BLS tracks 840 detailed occupations.