cyber industry must stop abuse and harassment

Research published by Respect in Security, a newly launched campaign group, confirmed what many of us within the cybersecurity community sadly already know: harassment and abuse of security professionals are rife. Furthermore, the research revealed the extent of this abuse, with a third of cybersecurity professionals experiencing harassment online, in the workplace or at industry events. So the question is, will 50 cybersecurity businesses sign a pledge to create both a workplace and a community that is free from fear and abuse?

Respect in Security research reveals the extent of abuse and harassment

Respect in Security has been established to support victims of this abuse and coordinate an industry-wide response to help prevent it. The harassment of women online is visible to anyone who cares to open their eyes and see it happening. However, the Respect in Security research found an even split between male, female and non-binary genders when it came to cybersecurity professionals who had fallen victim to this abuse online and in-person.

Regarding in-person harassment, work socials led the way on 48%, followed by at the office with 47% and at industry events for 36%. As for online abuse, the research suggested 44% occurs on Twitter, with 37% of cases happening by email.

That 82% of those questioned said that anti-harassment policies were in place at their employers, 45% felt those organizations could do more when it comes to ensuring everyone knows what unacceptable behavior looks like. Indeed, 40% argued that there was a need for better transparency when dealing with such cases, and 16% wouldn’t even report incidents.

This is where Respect in Security comes in, as an initiative looking to act as a catalyst for change. I’ve been speaking to two of the co-founders of the campaign, Lisa Forte and Rik Ferguson.

“They did it simply because they want to make the industry more diverse”

Lisa started her company, Red Goat Cyber Security, in 2017 after a career journey that began by helping to secure against pirates off the coast of Somalia. “I then moved into one of the UK Counter-Terrorism Intelligence Units, and then one of the UK Police Cyber Crime Units,” she says.

Rik has taken a somewhat different journey to arrive at his position of vice-president of security research at Trend Micro. “I started in my first helpdesk role back in 1994,” he says, “and just steadily worked my way up, picking up experience and certifications along the way.”

Both share an admiration for those in the industry who have helped them along the way. Lisa singles out social engineering pioneer Christopher Hadnagy and Have I Been Pwned founder Troy Hunt for special attention. “These two gentlemen have not just been incredible mentors to me,” Lisa says, “but have given me lots of their precious time for no public praise, no awards or public recognition. They did it simply because they want to make the industry more diverse and help people on their way up.”

Rik says that he is fortunate to have “had colleagues who have been incredible mentors, and bosses who have always been my greatest cheerleaders, and even the high-profile people within our industry are approachable and willing to share the benefit of their experience and wisdom.”

The sinister flip side of the cybersecurity community

But there is a flip side to this community coin that sees cybersecurity professionals subjected to “dehumanizing, demeaning and insidious harassment that saps self-confidence,” as Rik says, “leading to people pulling out of speaking slots, questioning their sense of self-worth and retreating into anonymity.”

Lisa has experienced such trolling and abuse, even stalking both online and off, across the last couple of years as her profile became more prominent. “I realized that actually, I have now experienced such a wealth of this behavior it has become expected and almost the norm,” Lisa told me. “I have been through a terrible time,” she says,” but I am one of the lucky ones.” Not being vulnerable or isolated, not suffering from mental health issues or having a difficult boss are all positives for Lisa. “If I have struggled this much,” she asks, “how dark does it get for people who have anxiety issues, for example?”

The Respect in Security initiative was born out of a presentation that Lisa gave at a Cyber House Party event detailing some of the abuse she had been subjected to, purely for daring to be a woman in cybersecurity. An initial conversation between Rik and Marc Avery, a co-founder of the Cyber House Party charity fundraising event, led to the birth of Respect in Security itself.

“I hope we can bring this issue out of the shadows and put it on people’s front door,” Lisa says, “I am not under the mistaken impression that we will ever totally rid the industry of harassment nor make a huge change overnight, but all fires start with a spark.” That fire starts today.

Will 50 cybersecurity businesses pledge to stop harassment in 2021?

The first goal that Respect in Security has set is to have at least 50 organizations taking a pledge by the end of 2021. “One aspect of the pledge,” Rik says, “is that organizations must make their grievance policy publicly available so in the case where one of their employees is a perpetrator, the victim knows how to approach the employer and has the confidence that they will be taken seriously.” As Rik Ferguson concludes, “the more organizations we get on board, the more we create an industry that is unequivocal in zero-tolerance for harassment.”

Several cybersecurity businesses have already signed the Respect in Security pledge, including Trend Micro, CyberOFF Ltd, IN Security Movement, Custodian360, SOC.OS and Arqiva.

“We want all our work environments to be inclusive, where everyone can be the best that they can be and feel safe and respected while doing so. We have a zero-tolerance approach to harassment to any person, in any form, and that is why we commit to the Respect in Security pledge,” Hayley-Rose Hill, the performance, engagement and inclusion lead at Arqiva, said.

“Creating and encouraging opportunities for open discourse relating to diversity, equality and inclusiveness, as well as encouraging a culture of compassion, is a key part of our culture, our DNA. This is why we commit to Respect in Security and our pledge to support a workplace and community free from harassment and fear,” Lauren McKenna, global senior human resources director at Trend Micro, added.

All fires start with a spark; respect in security starts here

You can find out more, including what signing the Respect in Security pledge entails for your organization, here. Individuals, meanwhile, can learn more, including how they can help make cybersecurity a safe and inclusive industry for all, here.

Unusually, I would like to finish this news story by making a pledge of my own:

  • I agree that our profession should be a safe, secure and supportive place, and I will ensure my behavior upholds this belief.
  • I will not harass or abuse others, whether online or in person.
  • I will engage respectfully with my peers with honesty, tolerance and integrity.

How about you? It starts here.

Read The Full Story