After recent reports of groping at conferences and inappropriate texts, the cyber security industry could be on the brink of a #MeToo movement. One woman is hoping to fight back, with the launch of a code of conduct aiming to stamp out bad behaviour at events.
MD of Cyber Security Capital and founder of the IN Security Movement, Jane Frankland has long been an advocate for gender diversity and equality in cyber security. She came up with the idea for the code of conduct in June, after being trolled on social media following her comments about an event organiser’s use of so-called ‘booth babes’.
As her comments spread and the vitriol against her deepened, Frankland was compelled to write a blog to explain. But what happened next was a surprise: Along with messages of support, she was also contacted by multiple women reporting sexual harassment incidents.
“I wanted to ensure nothing like this happened again, so I began developing a code of conduct,” she says.
Aside from anecdotal evidence, Frankland concedes that it’s hard to tell how severe the problem is. As she points out: “Statistics for harassment and abuse at cyber security events have never been measured.”
But she says the anecdotal reports, are “global, widespread, and have been documented for years.”
“Many come from the USA, but that could just be because of the sheer size of the country rather than a trend.”
Among the examples, one senior woman reported being groped by another industry executive at an event. Another young woman was sent inappropriate texts by the member of a board committee. “He’d managed to get hold of her cell phone and was texting messages like,‘You’re too cute, remind your boyfriend how lucky he is’; and ‘Good night, I need to quit while you still think I am a good man’,” says Frankland.
When reporting the behaviour, the event organiser dismissed the complaint, saying that “she hadn’t even been touched,” and that she was “a flirt.”
This type of response goes some way towards explaining why inappropriate behaviour isn’t always being called out. “There’s fear,” says Frankland. “People worry it will damage their career or that they’ll be targeted online and suffer further abuse or harassment. Regrettably, they may be right to think these things, too.”
However, she adds: “I think we could be on the verge of a #MeToo movement. Tensions are high, men are worried – and women are tired of having to keep quiet.”
Launched just before DefCon and Black Hat this year, the code’s purpose is to ensure participants are fully aligned on what constitutes unacceptable behaviour; how victims can report it; what will be done about it; and what timescales can be expected.
The objective is to set a standard of behaviour that can be expected of event attendees, speakers, sponsors, partners, facilities staff, and organisers. It exists to provide a safe environment for all people in security – not just women, Frankland says – and it guarantees care and support.
Frankland is now planning to gain approval from chief information security officers (CISOs), event organisers and major certification and membership bodies. She already has the support of her peers, including Colin Lobley, CEO of the Cyber Security Challenge and Deshini Newman, MD of (ISC)2 EMEA.
Deidre Diamond, founder of CyberSN and Brainbabe, says: “Our educational events must display professional behaviour. If we want more women to stay in our industry rather than leave it, our event culture needs to change. Whatever the nature of abuse, I want to encourage everyone to be compassionate and supportive to those who share their story. No one should feel uncomfortable, unsafe or fearful about doing this.”
And it will take time, but Frankland is hoping the code of conduct will start to change behaviour. “Security events should represent a safe, enjoyable and inclusive environment for all people, irrespective of gender, race, ethnicity, age, sexuality, religion, disability, socioeconomic background and experience. I believe no one should undergo harassment, bullying or abuse – and that any sign of such behaviour should be deemed unacceptable and be handled with a zero-tolerance policy.”
The code of conduct explains exactly what is meant by ‘unacceptable behaviour’, says Frankland. “It’s a standard – and I hope that we’ll be able to affect change.”
Powered by WPeMatico