In a recent article, "Infosec Joblessness Remains Steady, at 0%", Govinfosecurity.com editor, Eric Chabrow, discussed the startling fact that employment in the information security analyst career field had increased by 16% in the last quarter. Surprisingly, this was based upon a survey conducted by the Bureau of Labor Statistics (BLS) – an agency of the US Department of Labor. Why is this a surprise? It appears that BLS is tracking information security as one of the twelve computer-related career fields. So, is it now fair to say that at least one federal agency has recognized the fact that information security has reached the status of a separate, distinct career field?
Unfortunately, the federal Office of Personnel Management (OPM) has not reached the same conclusion and appears to be content with keeping security as merely one of the “parenthetical specialty titles” within the 2210 (IT Management) Job Series. OPM is now in the third year of its campaign to study the information security career field in the federal government. It does not appear that this effort has brought OPM anywhere closer to affording information security its own job series designator within the federal personnel system.
The case for a separate job series is nothing new. There have been individual campaigns that argue the case for information security going back as far as the early 1990s. Historically, OPM’s position has been:
- There are insufficient numbers of individuals working in the information security field.
- The field of information security lacks sufficient granularity.
Those conditions have certainly changed over the past eighteen years as the information security field has grown significantly and has established a distinct career path that progresses from entry-level analyst to Chief Information Security Officer – a statutory position. Additionally, the information security field is now sufficiently diverse to pass any “granularity” test. There are people who work in the field as network security analysts, forensics specialists, penetration testers, etc. – the list goes on.
Is this just a classic case of the left hand not knowing what the right hand is doing in government, or is it the equally classic case of a government agency that has not caught up to the reality of change in the 21st Century? Either way, let’s hope that OPM joins the BLS in taking a forward-looking approach to the information security job series issue and provides information security professionals the consideration they deserve based on the vital role they now play in government.