Which Information Security Job Titles Are Least and Most Common?

What job titles are popular in the information security industry? Which ones are least common? I collaborated with John Hoyt, a Security Infrastructure Engineer at Clemson University, to take a look.

Bing as the Arbiter of Job Title Popularity

John and I decided to query a web search engine (Bing) for every possible title in the data set to see how many hits we’d receive. When the searching for the title produced zero hits, we eliminated that title from the listing to determine which titles were actually being used. This method also allowed us to estimate the relative popularity of titles by determining how often they appear on the web.

The titles we encountered were generally a permutation of the following terms:

Not all word combinations make sense, but you get the idea. Our experiment wouldn't stand up to scientific scrutiny, in part due to the inconsistency and limitations of search engine results. However, we believe it offers a reasonable way of comparing the popularity of infosec titles.

The number of hits we received for each query varied from 0 to 250, providing a decent distribution of relative title rankings. We manually cleaned up the results to eliminate those titles that produced no hits and those that seemed unrelated to information security. This resulted in 822 variations of infosec-related titles.

The Least Common Information Security Titles

397 titles in the resulting listing received less than 10 search engine hits. These included uncommon designations such as:

  • Senior Information Security Assurance Consultant
  • Senior IT Security Operations Specialist
  • Regional Information Security Analyst
  • Principal Cyber Security Manager
  • Chief Information Security Consultant
  • Principal Information Assurance Officer
  • Senior Information Security Risk Officer
  • Information Security Assurance Analyst

Yes. These and many other relatively uncommon titles are out there.

The Most Common Information Security Titles

Lots of infosec titles shared the most popular spot on our listing. Not surprisingly, these included:

  • Chief Information Security Officer
  • IT Security Engineer
  • Information Assurance Analyst
  • Security Systems Administrator
  • Senior IT Security Consultant

Less popular, but still relatively common designations were included Data Security Strategist, Application Security Engineer, IT Security Lead, and many more.

Analyze the Data

John and I encourage you to perform your own analysis of our data set. We’d love to hear your conclusions! You can download the cleaned up XLSX spreadsheet or the original CSV file. You can also download the Python script we used to generate the raw results.

Moreover, we know that the search engine technique we used to determine the relative popularity of job titles is far from being optimal. If you can recommend a better way of doing this, please let me know.

For a fun perspective on this analysis, take a look at my random security title generator.

Updated February 12, 2015
Lenny Zeltser

Did you like this?

Follow me for more of the good stuff.

About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more