The authors extend previous RAND Corporation research conducted for the U.S. Department of Defense to support its zero-based review of cybersecurity and information technology (IT) personnel. For the purpose of this research, the authors developed a common taxonomy based on work roles, key tasks, and responsibilities to examine the proportion of cybersecurity and IT work roles, workers' salaries, and demand across private and public sectors.
Download eBook for Free
| Format | File Size | Notes |
|---|---|---|
| PDF file | 0.3 MB | Use Adobe Acrobat Reader version 10 or higher for the best experience. |
Research Questions
- How does job allocation in the cybersecurity and IT workforces differ between the private and public sectors?
- How do salaries differ for cybersecurity and IT work roles between the private and public sectors?
- Which cybersecurity and IT work roles are most in demand? Does demand differ between the private and public sectors?
Direct workforce comparisons between U.S. Department of Defense (DoD) and private sector organizations are complicated because of available data and the different taxonomies used to classify cybersecurity and information technology (IT) workforces. On one hand, some data use the U.S. Bureau of Labor Statistics (BLS) Standard Occupational Classification (SOC) system, while other data use the Defense Cyber Workforce Framework (DCWF), an extension of the National Institute of Standards and Technology's workforce framework for cybersecurity.
In this report, the authors update and extend previous RAND Corporation research conducted for DoD to support its zero-based review of cybersecurity and IT personnel. For the purpose of this research, the authors developed a common taxonomy across BLS SOC and DCWF schemes based on work roles, key tasks, and responsibilities.
Using this common taxonomy, the authors examine the proportion of cybersecurity and IT work roles and workers' salaries across private and public sectors, as well as three technology-related industry sectors, using ten years of BLS data (2012–2021). The authors also examine the demand for these jobs as measured by job opening data from CyberSeek, an online data analysis tool supported by the National Initiative for Cybersecurity Education.
Key Findings
- Overall, the public sector emphasizes allocation of computer and IT support and administrative roles, while the private sector emphasizes allocation of software development and testing roles.
- Not only is the public sector hiring more IT support workers (e.g., Computer User Support Specialists) relative to the private sector, but also it is paying these workers considerably more in annual salaries.
- The Information sector shows the greatest demand for Information Security Analysts: It hires most of these workers and is willing to pay them, on average, 20 percent more than other private sector industries and 50 percent more than the public sector.
Recommendation
- DoD should engage BLS to encourage the adoption of the DCWF as the industry standard taxonomy used for classifying cybersecurity and IT work roles. Adopting a uniform framework and methodology of classifying work roles will enable greater transparency and allow the federal government to assist with workforce planning and identify talent gaps more accurately.
Research conducted by
This research was sponsored by the Principal Advisor for Cybersecurity, Strategy, Planning, and Oversight in the Office of the Department of Defense Chief Information Officer (DoD CIO), and conducted within the Forces and Resources Policy Program of the RAND National Security Research Division (NSRD).
This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.