The location quotient also identifies where there are shortages of a particular skillset. If the location quotient is less than one, a higher number of jobs are available in that location. While people with security engineering skills might be present, “Those people might be looking for something more challenging. They’re in a little pond, so to speak, and they want to be in the big pond,” Mahmud says.
Mahmud searched for “information security analysts” using public data and determined the position’s median salary in each state (from $55,140 in Montana to $119,560 in the District of Columbia), the states with the highest opportunities and salaries (Virginia, Maryland and D.C.), the locations with the most people holding that title (Virginia, Maryland and Minnesota), and projected increase in future job openings for the position. Data shows an increase of almost 20 percent by 2024. That data can be cross-referenced to zero in on the best pool of job candidates, he says.
Define 'security worker'
Some users of public data argue that the BLS underestimates the number of professionals with cybersecurity skills, says Tim Herbert, senior VP for research and market intelligence at CompTIA. While the BLS reported 93,000 cyber professionals nationwide in 2016, CompTIA puts the number closer to 780,000 because many professionals with non-security titles have cybersecurity responsibilities. For example, computer support and help desk staff report to CompTIA that 25 percent to 30 percent their jobs involve security.
The categories of cyber workers are also somewhat dated and narrow, Herbert says. CompTIA began looking for more accurate data, and in November 2016 it launched CyberSeek, a free website that offers interactive tools and data for finding pockets of cyber talent. The website
combines job demand data from labor market analytics firm Burning Glass Technologies and workforce supply information gathered from five skills-certifying bodies that together formed the Cybersecurity Credentials Collaborative.
While there’s no one source that keeps tabs on every certification, Herbert says, “We’re relying on security certifications as our proxy for identifying workers [who are] in security in some capacity. They could be a network engineer, and security could be 50 percent of their responsibility.”
CompTIA’s supply/demand heat map compares the number of jobs available to the number of cyber-skilled workers by state or metro area. “Looking outside of [the areas] we know to be tech hubs around the country is a good place to identify untapped areas with a very high ratio of workers relative to the number of jobs there,” Herbert says. “It could potentially be an indicator that this could be a spot for recruiting.”
Data on midsize cities reveal several hidden pools of talent. Midsize metro areas with favorable ratios of candidates to security jobs include Jackson, Miss.; Charlottesville, Va.; Boise City, Idaho; Tulsa,Okla.; Amarillo, Texas; and Youngstown, Ohio, according to data from CyberSeek.
Sign up for CIO Asia eNewsletters.