Home Training Code of conduct not just for women, but improves industry as a whole, says cyber security expert

Code of conduct not just for women, but improves industry as a whole, says cyber security expert

Cyber security entrepreneur and CISO adviser Jane Frankland wants to establish a code of conduct for conferences, saying advancing issues that promote women in IT will benefit the industry as a whole, irrespective of gender.

Frankland entered the industry 20 years ago as a young entrepreneur, launching her own business with a colleague. Back then, people “fell” into security, she says, and the role and the industry evolved alongside the person. Within five years the company was specialising in penetration testing, and she owned and ran this business for 16 years, before pausing for 18 months.

Yet, when Frankland returned to the security industry it wasn’t the same industry she knew. She picked up a 2015 ISC2 report and was immediately concerned by two figures: first, the low number of women in the industry in general, and secondly, the decline. In 2008 19% of security professionals were females, and this was down to 10% in 2015.

Frankland was so disturbed she felt compelled to write about it, describing her own experiences in the industry, and striving to promote the value of women in IT. She pressed ‘Post’ on LinkedIn and took her dog for a walk, concerned by the response she might receive, but recognising she needed to be brave and discuss the topic. Happily, the response was incredibly positive and even weeks and months later she was still receiving supportive feedback.

When returning to the industry, Frankland considered she didn’t simply want to run another penetration testing business, but could instead use her skills and experience in other ways to help entrepreneurs get their business off the ground, and to promote the industry in general, seeking ways to benefit it globally.

Consequently, she saw she could deliver value to the industry — to men and women alike — by expanding her article, adding guidelines, and interviewing others, and turning it into a book. She launched a KickStarter campaign and the book — “InSecurity - Why a failure to attract and retain women in cybersecurity is making us all less safe” — was fully-funded in five days, and subsequently published at the end of November 2017.

During her research, Frankland saw what she describes as “well-intentioned, but inadvertent” mistakes in the industry that ultimately worked against bringing women into IT in general, and security specifically.

An example is the language used in marketing roles and the messages sent out. Technology is no longer a hard-core technology field, she says, with many diverse roles and opportunities that span a rich set of skills and experiences. Instead of copying and pasting job specifications to replace roles, Frankland advocates they be written from the ground up, putting thought into what was the person who had this job like when they first came into it, rather than someone ready-made, and performing a better job of explaining the job specifications in gender-neutral language.

“Everyone is biased,” she says, “but we can all do something about it. Everyone can be empowered. Nobody has to be a victim. You can do something, you can take ownership."

Frankland also supports having appraisals and exit interviews to find out why people are leaving, and looking at culture and leadership, with the goal of making the environment best for everyone.

While Frankland says it is the lack of women in the industry which motivated her, her driver is ultimately to have systems and improvements in place which constrain bias and assumptions and attract the best and most suitable candidates for jobs, no matter if they are men or women.

She opposes what she describes as “an addiction to drama”, and is similarly concerned by people who would say “I’m a woman and it’s not fair".

In reality, she states, women do not want to be singled out, but simply wish to get on and do their job. Sometimes women are reluctant to get involved in certain, well-meaning initiatives to support women in technology because they do not wish to be differentiated. “If you are, then you are singled out and that can be divisive and make us vulnerable. It’s very tricky and complex.”

The Code of Conduct, Frankland’s current project, is shaped by this same thinking – making events a better environment for everyone, no matter gender or orientation or race or other factors.

This was occasioned by Frankland’s attendance at a UK InfoSec event where she came across the typical “booth babes” at an exhibitor stand, where models had been hired, dressed in red ball gowns. She sent a tweet to the event organisers to bring it to their attention, and both the organiser and exhibitor apologised and resolved the matter swiftly.

However, the story went to press, described as “Cyber firm blasted using booth babes” and received a flurry of attention. “I was trolled on Twitter for four days,” Frankland says. She received criticism as well as support, as did people contributing to the Twitter thread, with men and women attacking other men and women on all sides of the dialogue. “Some of the discussion got quite vicious and some people were suspended by Twitter.”

The explosion was surprising and shocking and once it settled down, Frankland turned her mind to what are the lessons, and how the industry could learn from this.

Following this event, Frankland reports a woman was groped at a security event by an influential man while he was under the influence of alcohol, and then further security events where again “booth babes” were employed.

The industry needed a code of conduct, she determined. While various conferences have published their own individual codes, Frankland could not see any that had a process, explaining, “here’s our commitment, what you can expect, if you have feedback regarding harassment or bullying here’s how you report it and how we will acknowledge and investigate it.”

None of this existed, so she set about to create it, providing a model code of conduct for the industry so event organisers can use it and provide a safe environment for attendees.

Already ISC2 has said it is behind the code, as has Cybersecurity Challenge in the UK.

Frankland is now working on her second book, “InPower,” looking at what it means to be in power in the industry.

She will be delivering a keynote speech at the AISA Cyber Conference in Melbourne, in October.

Returning to cyber security, she notes: “Our adversaries are not tied to regulations. They seek to fulfill their obligations which are usually stealing, manipulating or corrupting data. Our job is not the same as theirs. We have a very difficult job to do, and the industry can do a better job if it looks at things in a different way.”

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

10 SIMPLE TIPS TO PROTECT YOUR ORGANISATION FROM RANSOMWARE

Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.

DOWNLOAD NOW!

David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

 

Popular News

 

Telecommunications