US, Australia Security Teams are Behind the Times in Gender Pay Equality

The Exabeam 2020 Cybersecurity Professionals Salary Skills and Stress survey focused on a variety of key topics affecting people across the sector. Covering major issues such as attitudes to the increasing role of automation and job satisfaction, it has become a bellwether for the trends shaping the industry now and in the future. 

But of particular interest to those working in the U.S. and Australia will be the jarring salary disparities that continue to exist between those identifying as men and women. In the U.S., for example, on average, male respondents made $91K vs. $62K for female respondents. Australia has an even larger gap with males making approximately $131K, whereas females make around $95K.

Glassdoor shows that the average salary for a cybersecurity professional in the entry level was $59,184, mid level was $72,099 and senior directors saw an average salary of $114,421. Exabeam’s research concluded that by role and location, the gender disparities are even more concerning.

In New York, a man and a woman, each with 4-5 years’ experience and the same job title (information security director), are receiving very different salaries. While the female makes $33-46K, her male counterpart is making $98-130K — a huge difference and totally at odds with objectives relating to gender equality. According to Glassdoor, the average salary for information security director in New York is around $160K, so the female respondent is being seriously undervalued. 

Looking further afield, in Indianapolis, a woman with more than 16 years’ industry experience is making $60-72K. In Dallas, 14-15 years in the industry will secure $46-60K. However, men with the same level of experience made a minimum of $85K and in some cases up to more than $130K.

The situation for colleagues in Australia is just as concerning. A male information security manager with 1-2 years’ experience made $137-185K in U.S. dollars, while women made as little as $27K at the lower end of the pay scale, and between $100-$118K and $118-137K at the higher end, still significantly below the earning potential for men. For SOC professionals with 4-7 years of experience, females in Australia made $118-137K while the males made $137K+.

The endemic inequality faced by women in the workplace also seriously penalizes working mothers, which could be a contributing factor to these stark differences. According to a study by The National Women’s Law Center, “mothers are paid only 70 cents for every dollar paid to fathers”. That national average is even worse in some states, with mothers in Louisiana and Utah paid just 59 cents for every dollar paid to fathers.

And according to the National Bureau of Economic Research (NBER), first-time mothers “experience an immediate drop in gross earnings of almost 30%, while men experience no visible change in their earnings.” This disparity, according to the study, is never subsequently corrected and, “the long-run child penalty in the earnings of women relative to men 10 years after the first child is equal to 19.4%.”

Inequality by the numbers — not all bad news

Contrast the national gender pay gap in the U.S. and Australia with the situation in Singapore, where female respondents in the survey actually made more on average than men — $116K vs. $107K, and in the U.K. and Germany, pay inequality was also much less apparent compared to the situation faced by female professionals in the U.S. and Australia.

So, what needs to happen? The simple truth is that cybersecurity professionals should receive equal pay for equal roles, responsibilities and experience – gender must be irrelevant. It’s incumbent on employers to address the disparities in pay as a matter of urgency. Female professionals already working in roles should expect to see pay gaps corrected and the recruitment process for open positions must operate with a level playing field for candidates of comparable skillset and experience.

The risk of calling out this salary disparity in the U.S. and Australia is that women are put off from applying for roles in cybersecurity, but this is not the intent. The issue is still there whether we talk about it or not. Women should feel 100% comfortable asking at the time of the interview whether an organization has put a program in place to ensure pay equality. And having such programs should not be seen as an employee “benefit” but as a fundamental ethos.  

Given the chronic skills shortage affecting the cybersecurity sector, gender-based pay inequality is akin to an industry shooting itself in the foot. How, for example, can organizations in the U.S. hope to attract top female cybersecurity talent against the backdrop of widespread and egregious pay inequality? While momentum and awareness of gender pay inequality is certainly building, the key question is how quickly will employers act to close the salary gaps and deliver fair employment opportunities for all? 

By achieving gender pay equality, the cybersecurity industry in the U.S. has the opportunity to show leadership for an issue that remains in place across the economy. In practical terms, in-house gender diversity, equity and inclusion councils offer a recognized route to bringing issues such as this to the attention of organizational leaders. An increased role for these important initiatives is key to industry-wide progress. 

Now is the time to move forward, and move forward we must.