Demand for information security experts in the United States is outstripping the available supply by a widening margin, according to a pair of recently released reports.
A report from Burning Glass Technologies, which develops technologies designed to match people with jobs, shows that demand for cyber security professionals over the past five years grew 3.5 times faster than demand for other IT jobs and about 12 times faster than for all other jobs.
[ Also on InfoWorld: Pentagon to add thousands of new cyber security jobs. | Keep up on the day's tech news headlines with InfoWorld's Today's Headlines: Wrap Up newsletter. ]
Burning Glass said its report is based on a study of job postings for cyber security professionals placed by U.S. businesses and government agencies over the past five years.
In 2012, there were more than 67,400 separate postings for cyber security-related jobs in a range of industries, including defense, financial services, retail, healthcare and professional services. The 2012 total is 73 percent higher than the number of security jobs posted in 2007, Burning Glass said. By comparison, the number of job postings for all computer jobs grew by about 20 percent between 2007 and 2012. Posting for all jobs grew by only 6 percent during the period.
The two most sought-after jobs by employers were information security engineers and security analysts. Close to one in three of all computer security jobs advertised last year were for information security engineers. Nearly 25 percent of the job postings were for security analysts.
Demand for cyber security professionals was especially strong in Baltimore, Dallas, Atlanta, Denver, San Diego, and Richmond, Burning Glass noted. The number of cyber security jobs in each of those cities increased by more than 100 percent between 2007 and 2012. Large defense contractors and IT firms appear to have driven the demand increases in all of the cities except Atlanta.
Matt Sigelman, CEO of Burning Glass Technologies, said the soaring demand for information security professionals suggests that enterprises and government agencies are putting a lot more money and effort into protecting their data against attacks and compromise.
"The other thing that jumps out at me is the question of whether there is sufficient supply in the market to meet this demand," Sigelman said.
For instance, over the past two years the number of jobs requiring a Certified Information Systems Security Professional (CISSP) certification has jumped from 19,000 to more than 29,000. "When you see 10,000 new job postings in a two-year period in a field that has just over 50,000 CISSPs, there is a question of availability," he said.
Another indication of the increasing difficulty U.S. employers face in finding qualified information security professionals comes from their job posting behavior. Employers typically have to repost or duplicate security job posts almost 35 percent more often than other IT job to find someone qualified, according to Burning Glass.
"Posting behavior suggests the possibility of a particular shortage of managers and analysts with cyber security expertise," Burning Glass noted in its report.
Julie Peeler, director of ISC2 Foundation, the developer of the CISSP program, said there is no doubt that soaring demand is exacerbating an already difficult demand and supply situation for security experts. Over the next year, Peeler estimated that there will be a need for 330,000 more IT security professionals worldwide. It's not clear that close to that many new professionals are graduating each year, she said.