While U.S. salary rates for cybersecurity professionals across seniority levels are strong, a closer look at gender-based breakdowns reveals a concerning trend, according to an ISC2 survey of nearly 15,000 participants.

Female cybersecurity professionals in non-managerial, mid-advanced staff positions earn an average of $131,000, representing a 5% disparity compared to their male counterparts, who earn $138,000. This discrepancy widens among managerial roles, with women managers earning $138,000, which is 9% less than men in similar positions who earn $150,000.

However, the gender pay gap begins to narrow among directors and middle managers. Women earn an average of $177,000 annually, essentially the same as men’s earnings of $175,000 (a 1% difference). Women in the C-suite and executive level command an average salary of $220,000, which is 4% more than the average salary for men holding equivalent roles.

Historic Trends Lead to Pay Inequality

As Clar Rosso, CEO of ISC2, explained, the cybersecurity industry has historically been male-dominated, and this has led to pay inequity.

“Our research points to unconscious bias that leads individuals to hire and advance people with the same background and qualifications as themselves, which can create pay disparity,” Rosso said. “However, in recent years, we have seen incremental progress with salaries as the gap between men and women is closing.”

Gender pay gaps are prevalent in many industries, Rosso noted, with high gaps occurring in industries such as accounting/banking, construction, engineering and manufacturing. “Until we directly address the bias in hiring and advancement practices, we are likely to see these gaps continue across all sectors,” Rosso said.

The cybersecurity workforce is currently estimated to be around 25% female, with this number steadily increasing. While there is a significant gender imbalance, women are making impactful contributions to the field.

The Role of Unconscious Bias

Sarah Jones, cyber threat intelligence research analyst at Critical Start, said unconscious bias from recruiters and managers can lead to lower initial offers for women with equal qualifications.

“Women may negotiate less aggressively, perpetuating the gap,” Jones added. “The industry’s relative youth can also create an unfounded perception of men having more experience.”

Plus, Jones said, the “motherhood penalty” stereotype can hinder women’s promotions and salary growth.

To address this, organizations can implement strategies such as standardized salary bands based on experience, promoting salary transparency for open positions, and diversity and inclusion training to combat bias.

“Regularly reviewing salary data through pay equity audits can also help identify and rectify existing disparities,” Jones said.

Kate Terrel, chief human resources officer at Menlo Security, said organizations should always be looking at their pay practices to ensure they are fair and equitable. “Conducting audits to understand gaps allows organizations to find and then rectify potential problems,” she said.

Early Encouragement for Women in Cybersecurity

Initiatives or programs to encourage more women to pursue careers in cybersecurity can start as early as high school.

Terrel pointed to programs such as Girls Who Code, which (among other ventures) conducts summer camps for girls interested in coming into the field. At the university level, cyber organizations hosting externship and internship programs can help cultivate a pipeline of young women coming into the industry.

“Exposing this next generation to our purpose—fighting bad actors—and the interesting and challenging work that exists in cyber may give them ideas they never even considered from a career perspective,” Terrel said.

Encouraging more women in cybersecurity requires a multi-pronged approach, added Jones. “Early outreach programs can introduce cybersecurity to young girls and women, while mentorship programs can connect them with experienced role models,” she said.

Scholarships and internship programs specifically for women can create a more accessible pathway into the field.

The Power of Leaders and Role Models

Highlighting the achievements of successful women in cybersecurity can further inspire others and demonstrate the viability of these careers for women.

“By adopting these strategies, organizations can cultivate a more equitable and inclusive work environment, attracting and retaining top talent regardless of gender,” Jones said.

Having women in leadership positions within cybersecurity teams can encourage career advancement and fair compensation, Rosso said. “Our research shows men acknowledge the importance of diversity on their security team less than women, and when men are in decision-making positions, there may be less awareness of the need for equitable practices,” she said.

Rosso recommends organizations set specific hiring and advancement metrics. Establishing specific targets encourages organizations to grow and promotes a workforce that closely reflects the diversity of the population.

“Professionals have told me they lack a sense of belonging when they are the only woman in the room,” Rosso explained. “To be considered a place where women can have successful cybersecurity careers, you must demonstrate a commitment to the advancement of women.”

Photo credit: Money Knack on Unsplash