The authors extend previous RAND Corporation research conducted for the U.S. Department of Defense to support its zero-based review of cybersecurity and information technology (IT) personnel. For the purpose of this research, the authors developed a common taxonomy based on work roles, key tasks, and responsibilities to examine the proportion of cybersecurity and IT work roles, workers' salaries, and demand across private and public sectors.
- How does job allocation in the cybersecurity and IT workforces differ between the private and public sectors?
- How do salaries differ for cybersecurity and IT work roles between the private and public sectors?
- Which cybersecurity and IT work roles are most in demand? Does demand differ between the private and public sectors?
Direct workforce comparisons between U.S. Department of Defense (DoD) and private sector organizations are complicated because of available data and the different taxonomies used to classify cybersecurity and information technology (IT) workforces. On one hand, some data use the U.S. Bureau of Labor Statistics (BLS) Standard Occupational Classification (SOC) system, while other data use the Defense Cyber Workforce Framework (DCWF), an extension of the National Institute of Standards and Technology's workforce framework for cybersecurity.
In this report, the authors update and extend previous RAND Corporation research conducted for DoD to support its zero-based review of cybersecurity and IT personnel. For the purpose of this research, the authors developed a common taxonomy across BLS SOC and DCWF schemes based on work roles, key tasks, and responsibilities.
Using this common taxonomy, the authors examine the proportion of cybersecurity and IT work roles and workers' salaries across private and public sectors, as well as three technology-related industry sectors, using ten years of BLS data (2012–2021). The authors also examine the demand for these jobs as measured by job opening data from CyberSeek, an online data analysis tool supported by the National Initiative for Cybersecurity Education.
- Overall, the public sector emphasizes allocation of computer and IT support and administrative roles, while the private sector emphasizes allocation of software development and testing roles.
- Not only is the public sector hiring more IT support workers (e.g., Computer User Support Specialists) relative to the private sector, but also it is paying these workers considerably more in annual salaries.
- The Information sector shows the greatest demand for Information Security Analysts: It hires most of these workers and is willing to pay them, on average, 20 percent more than other private sector industries and 50 percent more than the public sector.
- DoD should engage BLS to encourage the adoption of the DCWF as the industry standard taxonomy used for classifying cybersecurity and IT work roles. Adopting a uniform framework and methodology of classifying work roles will enable greater transparency and allow the federal government to assist with workforce planning and identify talent gaps more accurately.