Respect in Security initiative aims to build reporting lines for infosec bods suffering harassment at work, conferences and online

Some of the stuff going on in the industry is completely out of order

A new initiative aims to make it easier to report personal abuse and harassment within the information security industry – without the involvement of social media mobs.

Respect in Security, launched today with support from Trend Micro's veep of security research Rik Ferguson, Lisa Forte, a partner at Red Goat Cyber Security and other notable folk from the UK infosec scene, aims to set up a "vulnerability style" reporting scheme for infosec professionals to flag up harassment and abuse to abusers' employers.

Research commissioned by Respect in Security said about a third of 302 industry professionals had experienced harassment at work while online and in-person, with a significant amount of in-person harassment occurring at industry events and during work socials.

Ferguson told The Register: "I was relatively shocked to find that professionals within the cybersecurity industry think it's OK to abuse other people within the industry... because of the way they look, the way they act, who they are, or to bring into question the level of their professionalism."

While it's easy for some to dismiss this kind of thing as coming from individuals unable to handle robust disagreements with other pros in a competitive industry, RiS aims to tackle behaviour that everyone agrees is completely unacceptable.

Forte shared her personal experience of the kind of harassment she hopes the initiative will tackle: "A gentleman in the industry printed out my profile photo, cut a hole where my mouth was, and then proceeded to film himself doing obscene things to that and send that to me on LinkedIn with his name and his company attached to it. And that's... Well, yeah, a what the fuck moment."

On a call with The Register, Ferguson read aloud a similar story, of a woman working in infosec who had connected on LinkedIn with a C-suite level infosec person at a large, non-infosec company. They swapped numbers so they could speak on the phone. Ferguson said:

He sent her an initial message saying could she send a picture of herself because her LinkedIn profile picture and her WhatsApp profile picture looked very different, so could she clarify… Then he started asking how tall she was. So it's not immediately perverted. But again, slightly off base. "He started calling me sweetheart, told me I'm very fuckable" and she at this point was "questioning whether you'd ever heard of the Me Too movement" and tried to steer the conversation back to cybersecurity, not wanting to lose out on the opportunity to learn from someone…

"Your voice is very agricultural... I think your voice is very agricultural, darling. Do you like [explicit sexual question]?" My response was along the lines of sorry, what the fuck did you just say on what level? Is this appropriate? I thought we were talking about cybersecurity. "Oh, sorry, darling. That was terribly naughty of me. I bet you're quite naughty. I'd love to talk to you about Cyber Essentials while I'm [obscene gerund followed by further disgusting suggestions]."

The conversation then moved to recorded voice messages being sent to the woman's WhatsApp account. All with the perp's real name attached.

RiS' aim is to encourage reporting of harassment directly to employers. Rather than calling for sackings, it aims to provide a way for people receiving this sort of thing to raise it through an appropriate channel. After all, if you're engaging in this sort of behaviour on a social media platform with your employer's name attached to it and sending it to somebody who's supposed to be a professional contact, it's not difficult to say that your employer ought to know about it.

Importantly, RiS aims to sidestep the social media that have become part and parcel of life in the 2020s. Forte told us: "People screenshot [posts containing horrible material], they put it on Twitter, they write some big sentence about how, you know, this is horrendous, look what this person's written. Then a large quantity of community members start going 'you need to block this person, do this, do that'. And that isn't appropriate."

RiS wants cybersecurity companies to sign a public pledge saying they are "committed to the preventions of all forms of harassment within our industry". So far Trend Micro, Red Goat Cyber Security, Custodian360 and more have signed within the first few days of the pledge's existence. It aims to have 50 organisations signed up by the end of this year, and to create a "diverse advisory board".

Though it is currently a UK-dominated organisation because of its origins in the Cyber House Party online social event, RiS' founders hope it will expand to become a global initiative. It is also seeking advisory members from human resources, legal, technical and marketing backgrounds.

Ferguson pointed out that harassment in cybersecurity can affect anyone, saying: "We've had people approaching us – not just exclusively women, we've had men and women approach us with stories of abuse and humiliation that are nowhere near that gray area… people creating fake social media profiles, in order to call into question your integrity or basically to to defame you."

Four out of five of those polled by RiS (82 per cent) said their organisation has an anti-harassment policy and complaints procedure, though nearly half (45 per cent) argued that their employer should do more to ensure all employees understand what constitutes harassment and what acceptable behaviour looks like.

The initiative is also open to non-infosec companies. As Forte put it: "This is for end users as well, because a large company may have a SOC, they may have a very large security team employing a large quantity of security professionals." ®

Similar topics

Narrower topics

Other stories you might like

  • US Supreme Court puts Texas social media law on hold
    Justices Roberts, Kavanaugh, Barrett help halt enforcement of HB 20

    The US Supreme Court on Tuesday reinstated the suspension of Texas' social-media law HB 20 while litigation to have the legislation declared unconstitutional continues.

    The law, signed in September by Texas Governor Greg Abbott (R), and promptly opposed, forbids large social media companies from moderating lawful content based on a "viewpoint," such as "smoking cures cancer" or "vaccines are poison" or hateful theories of racial superiority. Its ostensible purpose is to prevent internet giants from discriminating against conservative social media posts, something that studies indicate is not happening.

    Those fighting the law – industry groups and advocacy organizations – say the rules would require large social media services such as Facebook and Twitter to distribute "lawful but awful" content – hate speech, misinformation, and other dubious material. They argue companies have a First Amendment right to exercise editorial discretion for the content distributed on their platforms.

    Continue reading
  • Florida's content-moderation law kept on ice, likely unconstitutional, court says
    So cool you're into free speech because that includes taking down misinformation

    While the US Supreme Court considers an emergency petition to reinstate a preliminary injunction against Texas' social media law HB 20, the US Eleventh Circuit Court of Appeals on Monday partially upheld a similar injunction against Florida's social media law, SB 7072.

    Both Florida and Texas last year passed laws that impose content moderation restrictions, editorial disclosure obligations, and user-data access requirements on large online social networks. The Republican governors of both states justified the laws by claiming that social media sites have been trying to censor conservative voices, an allegation that has not been supported by evidence.

    Multiple studies addressing this issue say right-wing folk aren't being censored. They have found that social media sites try to take down or block misinformation, which researchers say is more common from right-leaning sources.

    Continue reading
  • Supreme Court urged to halt 'unconstitutional' Texas content-no-moderation law
    Everyone's entitled to a viewpoint but what's your viewpoint on what exactly is and isn't a viewpoint?

    A coalition of advocacy groups on Tuesday asked the US Supreme Court to block Texas' social media law HB 20 after the US Fifth Circuit Court of Appeals last week lifted a preliminary injunction that had kept it from taking effect.

    The Lone Star State law, which forbids large social media platforms from moderating content that's "lawful-but-awful," as advocacy group the Center for Democracy and Technology puts it, was approved last September by Governor Greg Abbott (R). It was immediately challenged in court and the judge hearing the case imposed a preliminary injunction, preventing the legislation from being enforced, on the basis that the trade groups opposing it – NetChoice and CCIA – were likely to prevail.

    But that injunction was lifted on appeal. That case continues to be litigated, but thanks to the Fifth Circuit, HB 20 can be enforced even as its constitutionality remains in dispute, hence the coalition's application [PDF] this month to the Supreme Court.

    Continue reading

Biting the hand that feeds IT © 1998–2022