Minority cybersecurity professionals in the US hold higher academic degrees than their Caucasian counterparts, yet make less money and hold fewer managerial and leadership positions.
Such is the state of diversity in the industry today, according to a first-ever study of the topic by the (ISC)2. Minority representation is actually slightly higher in cybersecurity – 26% - than in the US workforce overall, which is 21%. But disparity in salaries and management roles for underrepresented groups remains a common theme, even for an industry that faces a shortfall of some 1.8 million unfilled security positions worldwide by 2020, according to data from Frost & Sullivan.
While the average US cybersecurity professional earns a salary of $122,000, the average salary for people of color is $115,000, the study shows. Men identifying as minorities make more than women on average: $121,000, versus $115,000 for women of color; Caucasian women make $6,000 more than women of color.
The average Caucasian male earns $124,000 on average, and most of those professionals had received a raise in the past year while their minority counterparts had not, according to the study.
Less than a quarter of minority cybersecurity professionals hold job titles of director and above, which is 7% under the overall US job average and below the number of Caucasian cybersecurity pros with such management-level titles (30%). Of those minorities in leadership roles, 62% hold Master's degrees or higher, while just half of Caucasian cybersecurity pros do.
This disparity in salary and education reflects the hurdles and challenges minority groups and women face in the cybersecurity field: they often "educate up" to boost their resumes. "I hear from a lot of members … What happens when you get an underrepresented group – gender or ethnic – they tend to feel that they have it that much harder to maybe break, or break into that glass ceiling," so they pursue higher educational degrees, says David Shearer, CEO of (ISC)2. "They take nothing to chance."
Of the 9,500 US respondents in the (ISC)2 study, 9% identify as African American or black; 4% as Hispanic; 8% as Asian; 1% as American Indian, Alaskan Native/Native Hawaiian/Pacific Islander, while 4% classified their ethnicity as "other." And 17% of minority cybersecurity professionals are female, which is higher than the overall representation of women in the industry, 14%. The study was based in part on data from (ISC)2's larger Global Information Security Workforce Study (GISWS).
International Consortium of Minority Cybersecurity Professionals (ICMCP) president Aric Perminter, whose organization co-authored the "Innovation Through Inclusion: The Multicultural Cybersecurity Workforce report" with (ISC)2, says the disparity data reflects several issues minorities face today. Some aren't provided the support to navigate their career paths toward senior positions, he says. "That can stem from what college or university they went to," Perminter says, noting that if it's not the "right schools" that offer them that access and preparation, they may face challenges.
The other issue, he says, "is unconscious bias that exists despite the different [diversity] programs that companies have stood up to fight" against that bias, which can influence a minority professional's career advancement options.
The report points to a recent McKinsey & Co. study of 180 publicly traded companies that found diversity in leadership can help the bottom line. "The findings were startlingly consistent: for companies ranking in the top quartile of executive-board diversity, Returns on Equity were 53 percent higher, on average, than they were for those in the bottom quartile. At the same time, Earnings Before Tax and Interest margins at the most diverse companies were 14 percent higher, on average, than those of the least diverse companies," the McKinsey study said.
Diversity advocates point to the cultural benefits of an organization with professionals from various ethnicities, backgrounds, and experiences.
Even so, discrimination still haunts many organizations. Some 32% of minorities say they have experienced discrimination at work, a number that Perminter says is likely higher for professionals not in leadership positions. The survey did not poll the types of discrimination those workers experienced.
"We … have to continue to raise awareness through reports like this. People may have hiring biases subconsciously they are not even aware of," (ISC)2's Shearer says.
Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here.