Which Information Security Job Titles Are Least and Most Common?

What job titles are popular in the information security industry? Which ones are least common? I collaborated with John Hoyt, a Security Infrastructure Engineer at Clemson University, to take a look.

Bing as the Arbiter of Job Title Popularity

John and I decided to query a web search engine (Bing) for every possible title in the data set to see how many hits we’d receive. When the searching for the title produced zero hits, we eliminated that title from the listing to determine which titles were actually being used. This method also allowed us to estimate the relative popularity of titles by determining how often they appear on the web.

The titles we encountered were generally a permutation of the following terms:

Not all word combinations make sense, but you get the idea. Our experiment wouldn’t stand up to scientific scrutiny, in part due to the inconsistency and limitations of search engine results. However, we believe it offers a reasonable way of comparing the popularity of infosec titles.

The number of hits we received for each query varied from 0 to 250, providing a decent distribution of relative title rankings. We manually cleaned up the results to eliminate those titles that produced no hits and those that seemed unrelated to information security. This resulted in 822 variations of infosec-related titles.

The Least Common Information Security Titles

397 titles in the resulting listing received less than 10 search engine hits. These included uncommon designations such as:

  • Senior Information Security Assurance Consultant
  • Senior IT Security Operations Specialist
  • Regional Information Security Analyst
  • Principal Cyber Security Manager
  • Chief Information Security Consultant
  • Principal Information Assurance Officer
  • Senior Information Security Risk Officer
  • Information Security Assurance Analyst

Yes. These and many other relatively uncommon titles are out there.

The Most Common Information Security Titles

Lots of infosec titles shared the most popular spot on our listing. Not surprisingly, these included:

  • Chief Information Security Officer
  • IT Security Engineer
  • Information Assurance Analyst
  • Security Systems Administrator
  • Senior IT Security Consultant

Less popular, but still relatively common designations were included Data Security Strategist, Application Security Engineer, IT Security Lead, and many more.

Analyze the Data

John and I encourage you to perform your own analysis of our data set. We’d love to hear your conclusions! You can download the cleaned up XLSX spreadsheet or the original CSV file. You can also download the Python script we used to generate the raw results.

Moreover, we know that the search engine technique we used to determine the relative popularity of job titles is far from being optimal. If you can recommend a better way of doing this, please let me know.

For a fun perspective on this analysis, take a look at my random security title generator.

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He presently oversees the financial success and expansion of infosec services and SaaS products at NCR. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more