Respect for security challenges cyber abuse and harassment

Approximately one-third of cybersecurity professionals have personally experienced face-to-face and online abuse and harassment in the course of their work, according to survey data commissioned by. Respect for security – A newly established scheme that encourages organizations to promise support to create a harassment-free workplace and security community.

Sapio Research surveyed 304 cyber professionals from multiple age groups and senior levels, from small and medium-sized enterprises (SMEs) to large enterprises. While the majority of employers operate harassment prevention policies, nearly half of respondents can do more to clarify what harassment is and what acceptable behavior looks like. I found out that I believed.

Most people who reported experiencing face-to-face harassment said it happened at an industry event (36%), office (47%), or workplace socialization (48%), but online harassment. Is most likely to occur on Twitter (44%) or via email (37%).

“There are many forms of harassment. It can be online or face-to-face, physical, verbal or non-verbal, and involves direct communication or intentional action to exclude an individual. It is an individual’s. It can violate dignity and create an intimidating, hostile, degrading, humiliating, or offensive environment for victims, “said Rick Ferguson, vice president of security research. Trend Micro..

Respect in Security initiative with Ferguson Red goat Lisa Forte follows an online panel session on harassment and abuse in early 2021 Cyber ​​house party The event that Forte was talking about. Ferguson told Computer Weekly that he was “blown away” by what Forte had experienced.

“As individuals, we knew nothing. Of course, we knew that abuse would occur within. In a relationship with the house“He says. “But what was very shocking to us was that even within a personal circle with industry colleagues and colleagues, it wasn’t really good, and sometimes even worse.”

The two talked after the event, and the initiative came from these conversations. “It wasn’t because I said,’That’s terrible, I’m really sick of you,’ but because of the desire to actually do something to change the status quo and take on the challenge,” says Ferguson. “We wanted to be able to do more than that.”

Big problem

It is very difficult to know the exact scale of a security issue. This is because there have been no reports of mass abuse or harassment, such as online via social media, face-to-face at work, or industry events. Forte, who founded Red Goat in 2017 following a successful counter-terrorism and law enforcement career, says it’s hard to challenge.

“There were many reports from many different people suffering from harassment, men and women, and of great concern about the behavior of people at meetings,” she says.

“Some people had threats of murder, threats of rape, Stalker, Their name was dragged into the mud – Rik and an individual I know created a fake profile with their name in an attempt to undermine their credibility. All the shades you can really imagine. “

Forte states that he previously thought that harassment was limited to sexual harassment of women, but as the survey shows, Abuse and harassment The cyber community is not strictly gender-divided, and the targeted people are fairly evenly divided among respondents identified as male, female, and non-binary.

“This is not just protection High tech woman.. People of various races, religions, and genders have emerged. This transcends all that, “she says.

Online drama

According to Forte, it’s not always accurate to say that individuals in the cybersecurity community are more likely to be abused and harassed than people working in other parts of the IT sector, such as software development and channels, but some Factors are involved. It may increase its prevalence.

“For example, our community attaches great importance to being online. This is a big part of the security community,” she says. “Anonymity is infosec / hacker community.. “

Ferguson adds: “We are large because we are pursuing the types of work we do, the types of skill sets people in this industry have, and the knowledge, contacts, and wider circles we have ever seen. The percentage of working days online, if not one day, whether on a social network or in a closed group.

“The aspect of always being connected and having a very global wide social and professional circle is harassing because people are more connected, talked to and involved with people who may not actually know it. It’s easy to be a case, and it opens itself up to many other people they don’t know at all. “

When an individual is involved in a so-called online pile-on, if someone is attacked by a large number of people by speaking or doing something on social media, security experts can participate with the best intentions, such as protecting friends. There is sex, just to contribute to online dramas in a negative way.

“The entire information security community has an activist side and will probably be more useful to those who want to take action.”

Lisa Forte, red goat


“I think the entire information security community has an activist side that will probably help people who want to take action and do something more than any other industry,” says Forte.

And such an explosion can happen in the most common way – sometimes even having nothing to do with cybersecurity, she adds.

“I posted a picture of a cute monkey a few months ago and wrote a tag such as” It’s cute. ” Probably within 10 to 15 minutes, he helped buy and sell animals and was accused of being part of it. A kind of organized crime ruler. All from pictures of monkeys, “says Forte.

“It doesn’t ruin my day-in fact, it’s funny in a way-but the important thing is,” When I go to write tweets and LinkedIn posts, I stop and what people say Think about it, how I’m criticized, and where the abuse comes from.

“And sometimes they think,’I’m not going to share that image, this idea, or this question because the results are bad,’ so the net effect is that the community is actually silent. is.”


Respect for security Require companies to sign pledges. For more information on the pledge, please visit our website. This pledge promises organizations to work towards a harassment-free and fear-free work environment both inside and outside the company.

Ferguson states that this goes beyond the established code of conduct for harassment and bullying in the workplace by clarifying who signed up and the exact commitment they signed up for. This is important because, unlike internal anti-bullying policies, the security community is spread across thousands of vendors and service providers, millions of individuals and end-user organizations.

“I hope most companies have an internal mechanism to deal with harassment and bullying, but it’s not covered if person A in company 1 is targeted by person B in company 2.” Says Ferguson. “Where are they going? Who do they talk to?

“We want the victims to know that they are reliable and can go somewhere. They take them seriously whether the company has signed a pledge. You will find that they are listening and that they are in place to deal with such types of incidents. “

Ferguson found Trend Micro vulnerable to one of its products Disclose responsibly..

“We have externally documented steps about what you do-this is the email address you write, the time frame we respond to, and what you can expect from us. I want a similar structure and confidence in the process surrounding harassment complaints, “he says.

Respect in Security hopes to sign up for about 50 companies in 2021 and grow the program from that point on. The founders also want to hear from stakeholders and organizations in other countries who may be interested in localizing their local schemes.

But that’s not all. This initiative also plans to have a way for individuals to promise personal assistance to eliminate abuse and harassment. “It’s not about talking to or reporting to people. It’s not creating a Stasi-like move within the industry,” says Forte. “But that’s what we share and say,’I’m a supporter of this movement,’ and that’s about personal accountability.”

Ferguson concludes: But we are certainly comfortable to know the profession they chose to work in, and hopefully the employer they chose to strive to believe in a fair and respectful environment without fear or harassment. And we are there to give people safety. “ Respect for security challenges cyber abuse and harassment

Back to top button