The workforce of a key information security occupation - computer and network systems administrator - has experienced a decline in numbers in recent years, according to an Information Security Media Group analysis of U.S. Labor Department data.

In 2011, 243,300 individuals in the United States labeled themselves as computer and network systems administrators. Based on Bureau of Labor Statistics data from the past four quarters, that number has dropped to 205,500, a nearly 16 percent decline in just over two years.

"We have had to make do with others who are not really qualified but whom we can at least train minimally," says Danny Miller, system chief information security officer at Texas A&M University. "There is clearly a lack of qualified candidates to fulfill our needs."

Miller says the field doesn't attract as many people as it once did. "This is a very technical and challenging field," says Miller, the former principal and national practice leaders for cybersecurity and privacy at the accounting and business consulting firm Grant Thornton. "Because of the very broad requirements to keep up with the technology related to this field, we are seeing fewer and relying on fewer personnel."

The law of supply and demand seems absent within the occupation category of computer and network systems administrators; BLS sees the demand for computer and systems analysts to grow by 12 percent by 2022, with growth the highest at firms that provide cloud computing technology, according to a 2012 bureau analysis.

Technology as Substitute for Personnel

Miller says the dearth of qualified personnel means the university and other organizations must seek technical solutions and develop new processes in lieu of hiring people. Texas A&M has embarked on a very aggressive campaign to consolidate and virtualize computing environments and centralize the management of systems. He says the university has focused on a center-of-excellence concept, where it shares resources with other organizations within the Texas university system.

"Our universities and state agencies are sometimes very challenged to find appropriate help because of the lack of locally available qualified help and thus may share personnel from other locations," Miller says.

Hord Tipton, executive director of (ISC)², the not-for-profit information security accrediting and education organization, says the situation Miller finds himself in isn't unusual.

"Open information security positions are going unfilled; 56 percent of those responding to [a 2013 (ISC)² survey) feel their organizations currently have too few information security workers to manage threats now, let alone in the future," says Tipton, a former chief information officer at the U.S. Department of Interior.

Tipton cites a survey from Burning Glass Technologies, an IT-driven recruiting firm, that shows demand for information security workers grew 3.5 times faster than those in other IT specialties over the past five years.

Skill Set Most in Demand

While the workforce for administrators is in decline, that's not the case for information security analysts, which according to our analysis, has increased by 23 percent since 2011. For the four quarters ended March 31, the number of individuals who consider themselves information security analyst has increased to 55,300 from 45,000 in 2011.

"Overall, the skill set most in demand is for the security analyst, who conducts the integration and testing, operation and maintenance of systems security," Tipton says. "In addition, a security analyst possesses significant higher order skills and has a deep understanding of all business systems, knowing what information an organization cannot afford to lose."

But even with the increase in the number of information security analysts, there aren't a sufficient number to meet demand.

"We see fewer qualified analysts in the marketplace," Miller says. "We do not believe there are enough universities that are teaching this and we also sense that there is a lack of interest by students. It is causing some increased risk for our university and state agencies because of that."

Miller says he believes large businesses and the federal government "snap up" information security analysts, leaving few such experts available for smaller organizations to recruit.