An ISC2 survey of nearly 15,000 participants found that U.S. cybersecurity professionals are well paid across seniority levels, but a closer look at the gender breakdown reveals some worrying trends. became.
Female cybersecurity professionals in non-management, mid-senior staff positions earn an average of $131,000 per year, compared to $138,000 for men, a 5% difference. This gap is even wider among managers, with women in management positions earning $138,000 a year, 9% less than the $150,000 annual salary of men in similar positions.
However, the gender pay gap is beginning to narrow among directors and middle managers. Women's average annual income is $177,000, which is about the same as men's annual income of $175,000 (1% difference). The average salary for women in C-suite and C-suite roles is $220,000, 4% higher than the average salary for men in similar roles.
Historical trends lead to wage inequality
As ISC2 CEO Clar Rosso explained, the cybersecurity industry has historically been male-dominated, which has led to pay inequity.
“Our research points to unconscious biases that lead individuals to hire and promote people with the same background and qualifications as themselves, which can create pay disparities,” Rosso said. ” he said. “However, in recent years, the gender gap has been narrowing and salaries have gradually improved.”
Rosso said the gender pay gap is prevalent in many industries, with significant disparities occurring in industries such as accounting and banking, construction, engineering and manufacturing. “Unless we directly address bias in hiring and promotion practices, these disparities will continue across all sectors,” Rosso said.
It is estimated that women currently make up around 25% of the cybersecurity workforce, and this number is steadily increasing. While there is a large gender imbalance, women are making influential contributions in this field.
The role of unconscious bias
Sara Jones, cyber threat intelligence research analyst at Critical Start, said unconscious bias among recruiters and managers can lead to lower initial offers for equally qualified women.
“Women are less willing to negotiate, which can perpetuate the rift,” Jones added. “The relative youth of the industry can also create an unfounded perception that men are more experienced.”
Additionally, Jones said the stereotype of a “motherhood penalty” can prevent women from getting promotions and pay increases.
To address this, organizations can implement strategies such as standardized salary ranges based on experience, promoting salary transparency for open positions, and diversity and inclusion training to combat bias.
“Regularly reviewing pay data through pay equity audits can also help identify and remediate existing disparities,” Jones said.
Kate Terrell, chief human resources officer at Menlo Security, said organizations need to constantly review their pay practices to ensure they are fair and equitable. “By conducting audits and understanding gaps, organizations can find and fix potential problems,” she said.
Early encouragement of women in cybersecurity
Efforts and programs to encourage more women to pursue careers in cybersecurity can begin as early as high school.
Terrell pointed to programs like Girls Who Code (among other ventures), which runs summer camps for girls interested in entering the field. At the university level, cyber organizations that host internships and internship programs can help foster a pipeline of young women entering the industry.
“By exposing this next generation to our purpose of fighting bad guys and the interesting and rewarding work that exists in the cyber industry, we are giving them ideas they may not have considered from a career perspective. They might give it to you,” Terrell said.
Encouraging more women in cybersecurity requires a multifaceted approach, Jones added. “Early outreach programs can introduce young girls and women to cybersecurity, and mentorship programs can connect them with experienced role models,” she said.
Scholarships and internship programs specifically for women can create a more accessible path into the field.
The power of leaders and role models
Highlighting the accomplishments of successful women in the cybersecurity field can further inspire others and demonstrate the feasibility of a career for women.
“By adopting these strategies, organizations can foster a more just and inclusive work environment and attract and retain top talent, regardless of gender,” said Jones.
Rosso said having women in leadership positions within cybersecurity teams can foster career advancement and fair compensation. “Our research shows that men are less aware than women of the importance of diversity in security teams, and when men are in decision-making positions, they are less likely to recognize the need for fair practices. “There is,” she said.
Rosso recommends that organizations set specific hiring and promotion metrics. Setting specific goals accelerates organizational growth and promotes a workforce that closely reflects the diversity of the population.
“Experts have told me that when you're the only woman in the room, you lack a sense of belonging,” Rosso explained. “To be seen as a place where women can succeed in cybersecurity careers, we must demonstrate a commitment to empowering women.”
Photo credit: Money Knack on Unsplash
Recent articles by author
