The ‘Why women in security are being paid more' report, which is based on over 400 responses by recruitment agency BeecherMadden, was presented at last week's Infosecurity Europe conference and it found that women in the sector are earning up to 30 percent more than men, despite women nationally earning 19.7 percent less across all sectors.
The recruitment firm found that around 14 percent of information security workers are women, with this around the same level at CISO level, and indicated that most of these do not have a computer science degree or technical background. As a result, they said that women are well represented in consulting but less so in very technical roles.
At the conference, COO Karla Jobling and operations director Gemma Mahoney detailed real-time examples, including one where a woman with much less IT and cyber-security experience was earning up to £10,000 more in consultancy than a male applicant.
The duo said women are getting paid more because of better networking, communication skills and broader background, and noted in their presentation that it was ‘belittling' to suggest the rise had anything to with supply and demand.
The recruitment agency believes that more can be done, especially at education level, and says that more training is needed generally for men and women. But they suggested: “We want to attract more women into the industry. Many women in here will be quite pleased but I think most people agree there should be equality in salaries.”
BeecherMadden suggests that companies could look to hire more women by using women in the recruitment process, consider their own working environment, and look to retain those already on the payroll by discussing maternity and flexi-time, as well as further working opportunities.
Women looking to progress should move jobs, even every 18 months to three years, and get a technical skillset where possible, while still playing to their own strengths. Men are encouraged to develop their softer skills, like communicating with the business.
“Get more exposure to clients or in presenting. Broaden your outlook past the tech and be able to talk about business needs," reads the presentation notes.
Speaking after the show to SCMagazineUK.com, Jobling said: “Women are being paid more than men because they are coming into cyber-security with skills that enable them to communicate to the business. Typically, women come from a non-IT background and bring skills in sales, PR, communication and project management. Apart from some very technical roles, where women are still under-represented, these are the jobs where companies struggle to recruit.
“Two years ago, cyber-security was dominated by technical roles, now there are more roles in strategy and policy. The CEO knows about cyber now and that makes cyber-security more exciting for everyone, but especially women who are maybe not as interested in the tech.
"According to our database, the number of women in cyber has increased by almost 50 percent in the past year. While women are very much under-represented still, numbers are increasing and that makes the industry a more comfortable place to be. Plus you can see you career progress and salary increase at a rate that other industries struggle to match. In 12 months' time, I think the conversation will have moved on again hopefully we can talk about the top CISOs who just happen to be women, rather than pinpointing the few.”
Dr Jessica Barker, an independent cyber-security consultant, told SC today that ‘statistics only tell one side of the story' but said: “I can see, if you assume the statistics are right, that organisations might want to show diversity and attract more women, and will be willing to pay more for them to do the job, and to show that diversity.”
She added on the report's findings, “I do suspect it's because we're relatively rare in the industry, and companies are aware they need to be diverse, so they're willing to pay more.”
Barker said that the industry has recognised the value of other skills in recent years, but warned that any sort of pay gap is never a good thing.
“The pay gap is not necessary a good thing, it's not good for morale for one thing. It can actually damage gender relations.”
Sarah Clarke, MD of Infospectives, said in an email to SC said the study was hard to evaluate as roles were broken down by salary and experience, not by gender.
She too warned: “Salary inequality is never good, but it can signpost a shift in the kind of skills desired. Women have historically been seen as strong with skills like marketing, risk, sales and team leadership. Beecher Madden's real life example saw a woman with three years marketing experience secure a consultancy role paying £10k more than one secured by a man with a degree, professional qualifications and far, far more technical experience. That, if I'm honest, doesn't surprise me. Consultancies need superb communicators to get and keep clients. They also intimately know the benefits of having both women and men in customer facing roles (for both appearance sake and productivity).”
Clarke said she would be ‘curious' to see any comparable cases for private sector, and suggested this rise may be temporary.
“This is more than likely temporary. The cyber skills market has a rocket-like trajectory, money is now there to go beyond bare minimum recruitment and address the need for far better communication and more diversity. Do I care why this has happened? Not really, because once in the post, women will either prove they're worth their salary or they won't.
“If they do - which I think they will, as folk who can speak business and security continue to be in high demand - a proportion of recruiters, businesses and male candidates will note their success and follow suit skills-wise. That establishes non-IT routes in as a new norm, and gives women a chance to counter stereotyping as 'soft skill specialists from the inside'. We may finally see this 15 percent ceiling for female representation in security decisively breached.”
Get a copy of the next SC Magazine to read our latest 'women in security' feature.