To take a barometer of the cybersecurity industry early in our year, we’re looking at a few areas this March. In addition to a general market update and where money is being invested, we’re also looking at what could be the costlier mistakes organizations make when it comes to over-arching cybersecurity strategizing and maintenance.
One topic that continues to niggle the back of my mind on the daily is the challenge to diversity in staffing we still see in many organizations. Myriad factors play into this problem, but the more vexing of these is consistent experiences of harassment, misogyny and prejudice. This issue simply is unacceptable. Whether in this profession or another, the actions individuals decide to take that are being driven by subtle or quite blatant biases should not be experienced or ignored, say, at events, online, in business meetings, or as part of general corporate operations. In infosec this truth was reaffirmed near the start of 2020 when yet another incident was revealed.
As a follow-up to reported accusations and shared anecdotes by various women of a somewhat known infosec professional using his position to offer them mentoring that eventually would turn into sexual harassment, the man was found by a few individuals in the industry to have created a female sock-puppet account on Twitter that he was using to infiltrate women community groups to further harass and manipulate them. Some of the women, accounts say, were the ones who complained about his previous conduct.
These and other bad behaviors continue to show up in the infosec industry. During our tenure, we’ve explored such occurrences not only intermittently throughout the years, but also in our annual Women in Security special coverage that will hit this summer because this seemingly persistent problem of harassment and abuse, then the sometimes subsequent acts of retribution, leave those women and other minorities who are too-frequent targets feeling fearful, angry, exasperated and just bone-weary.
Talk to any working woman and she likely will be able to share more than one example of harassment and maybe an instance or two of retribution for taking action to stop it. Indeed, recent and past experiences abound for women, people of varying races or religious beliefs, and the LGBTQ+ community in the infosec space and still additional industries. As well, options for retribution against those who already are dealing with either consistent covert or more overt actions are ample. On top of the initial affonts, retaliation gets even more malicious and stealthy, and quite demoralizing. This is the substantive stuff that will continue to leave some wondering if whatever industry in which they’re working is truly the right fit. And that’s not going to help the cybersecurity space address the overwhelming need to fill critical roles or be perceived as champion of diversity in the workplace. We can do better. It’s 2020. We need to do better.
Armstrong is VP, editorial of