Following a shocking case study exposing misogynistic behaviors in meetings, James Coker explores the prevalence of this issue in the cybersecurity industry and questions what can be done to address it?
The lack of female representation in cybersecurity, particularly in high-level positions, is no secret. It’s also widely reported that many women face significant barriers while navigating a career in the industry, and conversations around the need for broader cultural and structural changes are increasingly commonplace.
Nevertheless, a recent case study highlighting misogynist behaviors towards two highly accomplished female cybersecurity professionals during meetings is indisputably shocking. Dr Andrea Cullen, Lorna Armitage and Jonathan Slater are co-founders of cyber startup company CAPSLOCK. They decided to run an unorthodox experiment counting the number of times they were referred to by name while holding meetings with external parties.
The initiative was triggered by a video call held with a prospective supplier back in July, when all questions and discussions were directed at Slater. In contrast, Armitage and Cullen were largely ignored. Tallying up, the trio discovered that Slater was mentioned by name 14 times during the 30-minute call, while Armitage’s name was said only once and Cullen’s not at all.
This was not an isolated incident and they were thus motivated to undertake a similar count for the next 17 meetings they held with external parties. Throughout these conversations, Slater’s name was mentioned a whopping 110 times, compared to just 16 for Armitage and 11 for Cullen; a disparity that surprised even the two seasoned female CAPSLOCK co-founders. Speaking to Infosecurity, Armitage explains, “We’ve been in the cyber sector for a long time, so you come across micro-aggressions in meetings a lot – being spoken over or saying something and nobody picking up on it and then one of the men in the team saying exactly the same thing and everyone being like ‘oh that’s a great idea.’
“But for me, it was a little surprising when we picked up on it at CAPSLOCK because I thought, maybe naively, that we’ve started our own business and we’ve got three co-founders here.”
It is important to ask whether these disparities between Slater and his female colleagues result from misogynistic attitudes, subconscious or otherwise, or are other factors at play? For Armitage and Cullen, it’s hard to see past gender bias. “We’re a cybersecurity training business and mine and Andrea’s backgrounds have been in education and cybersecurity for many years – we’re educated up to Ph.D. level, and we’ve consulted at the highest level in cybersecurity, so we’ve got the credentials and reputation,” states Armitage. “If you compare that to Jonathan, he’s got a recruitment background but not the same business, cybersecurity or education experience.”
She points out that it is unusual to continuously state the name of someone with whom you are speaking in a meeting, another indicator that Armitage and Cullen were deliberately sidelined. “There were times where it wasn’t even relevant to say anybody’s name, never mind just Jonathan’s. So it was a very conscious decision for a lot of people to purely address Jonathan,” adds Armitage.
A Particular Problem in Cyber?
Cullen agrees that while sexist attitudes and behaviors exist across all sectors, it is particularly apparent in cybersecurity and tech in general, a traditionally male-dominated domain.
The issue clearly goes far beyond the CAPSLOCK team. Jenny Radcliffe, founder and director of Human Factor Security, recalls patronizing moments she has experienced in meetings over her career. “It doesn’t happen often, but I’ve certainly been at the end of some ‘mansplaining’ in the past, including about social engineering, which is always an interesting experience!” she reveals.
There have also been occasions where she has been starkly faced with the differences between the way men and women are often treated in cybersecurity. “I’ve also been in a meeting where a man was congratulated heavily on an award nomination, and my four nominations were not even discussed,” adds Radcliffe.
“I’ve also been in a meeting where a man was congratulated heavily on an award nomination, and my four nominations were not even discussed”
In the US, Tayla Parker, founder and executive director of the BGiC Foundation, also known as Black Girls in Cyber, has had numerous experiences of this nature, one of which was especially disturbing. “I remember earlier in my career, I sat in a meeting with a client who did not want me to speak directly to them. I pinged my (Caucasian male) manager on chat and provided a list of answers to the clients’ questions. He communicated that list. Although I was the subject matter expert in the room, their bias had a complete disregard for me,” she recalls.
Impact on Women
Considering there is a well-publicized cyber-skills gap and growing recognition of the need to diversify the cybersecurity sector, it is even more shocking that these kinds of micro-aggressions towards women persist. Armitage says: “I think it’s really damaging; it discourages women from speaking up and from taking senior positions in the sector.”
Her frustration with the situation is palpable, and Armitage continues, “It’s all well and good saying we want more women in senior positions and in the sector; what’s the point if nobody’s going to listen to them and people speak over them and address only the men in the room?”
It is also essential to recognize that some women are more likely to experience micro-aggressions than others. For example, Parker points out that women of color face particularly profound difficulties navigating a career in a sector like cybersecurity. “These challenges are especially prevalent to women of color. The New York Times wrote an article titled, Surprise: Women and Minorities Are Still Underrepresented in Corporate Boardrooms and there was a study by the Alliance for Board Diversity, collaborating with Deloitte, which shows minority women – which includes Black, Hispanic and Asian women – represent the smallest slice of boardrooms at both Fortune 100 (7%) and Fortune 500 (6%) companies,” she explains.
Radcliffe agrees that this issue needs to be considered within the context of broader socio-economic issues. “It is essential that we understand that sexism and misogyny are influenced by wider factors such as race and class and that everyone’s experiences are different. We need to keep the conversation going and continue to speak up and show up wherever we can,” she outlines.
It is also clear that such experiences will affect different personalities differently. As an assertive, outgoing person, Armitage notes she will “just speak louder if I’m ignored.” A robust response is one that Radcliffe also employs when she experiences misogyny in meetings. “I’ve had men take credit for my work in meetings and had a suggestion ignored then repeated back to the group as if that man had thought of it himself. I pointed it out immediately and publicly,” she describes.
However, it is not an approach that suits everyone. Armitage points out that with reserved people, such as her colleague Cullen, “what will happen is she doesn’t speak and shuts down. Then we lose her expertise in those meetings.”
Cullen agrees, adding, “There’s a lot of people that react as I do. They think it’s not fair, I’m not good enough and that imposter syndrome can really kick in.”
So how should women react in this situation, particularly if they are uncomfortable with challenging sexist micro-aggressions directly?
Armitage believes it’s important to find others facing similar challenges and form networks to offer one another advice and support. “Find a network of like-minded people who wouldn’t mind bits of advice – not so you can go on a whinge fest, but so you can look at ways you can positively contribute,” she advises.
Even more importantly, women should be unwilling to accept these experiences as a matter of course and be willing to change jobs to find an employer and working culture that genuinely values their contributions. Cullen says: “Find a place where you can bring your whole self to work, where you can be the voice in the meeting where they celebrate that.”
“Find a place where you can bring your whole self to work, where you can be the voice in the meeting where they celebrate that"
Ultimately, it’s about getting into the mindset that such behaviors are always wrong and never the victim’s fault. “A lot of people, especially women, try to adapt to fit the situation,” explains Armitage. “But ultimately, it’s not them that’s the problem; it’s society and the sector.”
Radcliffe offers additional approaches women can use to help reduce these types of behaviors occurring: “I’d try to make sure that at the introduction stage people know your role and what you expect to contribute to the discussion. Speak out if you feel able to do so and support other women when they contribute. We need to have each other’s backs or we can’t move forward.”
What Can Men Do?
Many men in the industry will likely ask what more they can do to improve women’s experiences in meetings upon hearing such testimonies. After all, sexist behaviors in meetings are often not a result of malice. As Armitage puts it, “it’s not always malicious; we’ve all got learned behaviors. But unless we start to have these conversations and call out these behaviors, how can people change them or even be aware of what they’re doing?”
It is, therefore, crucial that other men take up the mantle when they see such behaviors being exhibited by fellow men. Armitage notes, “Unfortunately, men are more likely to be listened to by other men on these things.”
Parker agrees and sends the following message to men in the industry: “Acknowledge it is happening. Hold your counterparts accountable. Use your privilege to speak up on someone else’s behalf.”
Additionally, making efforts to “actively bring others into the conversation,” such as deferring to the expertise of women on specific topics, can be of significant help according to CAPSLOCK’s Cullen. Armitage notes this is an approach their colleague Jonathan regularly uses, with mixed results. “Sometimes it works, and other times it’s totally disregarded and they’re still referring back to Jonathan,” she says.
Such actions should, in time, significantly reduce these types of behaviors being exhibited. However, Armitage believes a minority with overtly sexist attitudes will continue to act in this way, come what may. “If somebody’s calling you out on that and you still continue to do it, then it’s no longer a learned behavior; now you are actually choosing to behave in that way,” she comments.
CAPSLOCK’s case study powerfully highlights the extent of micro-sexist behaviors that many women face daily in industries like cybersecurity. As Radcliffe puts it, “What’s interesting about what Lorna and Andrea did was that they tried to quantify the situation with some data so that we could verify what we believe with something solid.” Hopefully, stark analyses like these will lead to self-reflection, changing behaviors and speaking out when needed