One in three security professionals have been harassed online. Marc Avery, co-founder of newly launched Respect in Security, explains the problem and urges readers to sign the pledge to end harassment
A few of you may have seen the recent furore that erupted online when a woman working in the cybersecurity industry was berated by a Twitter follower. Her crime: to post a bikini pic without warning. The incident highlighted the best and worst of the industry—revealing that online abuse is sadly very much a problem in infosec, but also that the community is quick to rally round when it spots unacceptable behaviour.
Unfortunately, this wasn’t a one-off incident. In fact, online and in-person harassment and abuse is more widespread than you might think. That’s why we’re launching Respect in Security: to take a stand against this kind of behaviour and urge organisations to sign our pledge to end harassment in all its forms.
Under the surface
If you think we’re making a lot of fuss over nothing, take a look at some research that Respect in Security recently commissioned for its launch. It found that around a third of cyber-security professionals have had personal experience of harassment online (32%) and in-person (35%), with most incidents taking place at work socials (48%), in the office (47%) and industry events (36%). Those that reported suffering such treatment were roughly evenly split between male, female and non-binary respondents.
Perhaps most concerning is the fact that, although nearly half of the industry professionals we surveyed said reports of harassment in the industry are fairly accurate, a quarter think they’re highly under-representative. Further findings bear this out. Nearly a fifth (16%) of those we asked said that if they were victim of harassment or even a witness to it, they wouldn’t speak out.
Time for change
This is not a new problem. And it’s not a challenge facing just cyber-security professionals. But as an industry, we do have an opportunity to take a lead here in stamping out harassment. I don’t think any of us that came together to launch Respect in Security really appreciated the scale of the problem until we dug a little deeper. Some of the stories we’ve heard are simply shocking, and it’s taken a significant amount of courage for the victims to come forward.
We want to make it clear that their experience is not the norm, that this kind of behaviour will never be tolerated in our industry, and that there is support out there for anyone suffering in silence.
We know that most organisations theoretically have an anti-harassment policy and complaints procedure. But according to those we spoke to for our poll, there’s not enough transparency, either around the investigation of alleged incidents, or what acceptable behaviour should look like.
That’s why we want organisations to sign our pledge. In doing so, they’ll commit to eliminating harassment in all its forms, no matter where it occurs or the personnel involved. They’ll empower individuals to come forward with reports, protecting their anonymity. And they’ll regularly educate employees and contractors about what constitutes harassment, while continually reviewing policy and reporting mechanisms.
At launch, we can already confirm that a number of organisations have committed to the pledge including Arqiva, Trend Micro, Custodian360, SOC.OS and CyberOff to name just a few.
We’ve all come through a difficult time in our lives—one characterised by isolation, uncertainty, change and anxiety. As we all start to get back to a semblance of normality, it’s important that we rebuild our industry with higher aspirations. That means creating a more open and supportive environment for those that need it, and a zero tolerance approach to keep our physical and digital workplaces free from harassment and fear.
The article is by Marc Avery, co-founder of Respect in Security. To find out more about Respect in Security or to sign the pledge, go to https://respectinsecurity.org/the-pledge
Main image courtesy of iStockPhoto.com