Today we have the pleasure or not one but two guests, Lisa Forte, from Red Goat Consulting, and Rik Ferguson, from Trend Micro. Together they share the shocking success of the recently-launched initiative Respect in Security. TechBritannia Co-conspirator Rose Ross discovers what prompted the formation of Respect in Security and what they aim to do to tackle the harassment and bullying that’s hitherto failed to be adequately addressed in the UK cybersecurity industry.

This eye-opening conversation covers Lisa and Rik’s careers, meeting at Cyber House Party where Lisa was a guest on one of the panels, and the events which led them to the creation of Respect in Security. They explain how the response they got was beyond what they expected, particularly from those who felt threatened by the movement.

The chat also includes what you can do to help and how to get in touch, or where to go if you are currently experiencing harassment and want support or to know what your options are. Watch the full podcast here:

YouTube:

Also available on:

• Spotify
• Anchor

Interview transcript:

Rose Ross: Hello, everybody and welcome to the We are Tech Britannia podcast, I’m Rose Ross and I’m here with Lisa Forte and Rik Ferguson from Respect in Security. Good morning to you both.

Rik Ferguson: Good morning. although it’s good afternoon for me.

Rose Ross: Already?

Rik Ferguson: Yeah, we’re now ahead of you.

Rose Ross: Yes, just so if people aren’t aware, Rik is in Warsaw, in sunny Warsaw, so at just after midday, but I’m still thinking about croissants myself, Rik.

Rik Ferguson: You’ll find here it’s a legal obligation, I have to only think about pierogi, that’s it.

Rose Ross: Pierogi sounds interesting, what’s pierogi?

Rik Ferguson: Like little stuffed dumplings. If you’ve had dim sum, that’s like Chinese pierogi. But they can be stuffed with potato and cheese, they can be stuffed with meat, or cabbage and mushroom, and they can even be stuffed with fruit and eaten with cream. They’re great.

Rose Ross: I’m going need to find some of those in London. My mum was born in Poznań, so she’s honorary Polish, although she’s actually German because of the timing of when it all happened.

Well, it’s great to have you guys here. And you’ve had an amazing week and a bit since the launch of Respect in Security. I thought it would be great, just to find out a little bit about you both. I’m going to start with Lisa. Because I’m absolutely fascinated, Lisa and I have not met, although I’ve known of Lisa for a long, long time, a bit of a legend in the cybersecurity marketplace, that’s going to make her really uncomfortable, wished she’d worn different earrings perhaps!

Lisa, you’ve got a very interesting background, now how does somebody start their career by dealing with Somalian pirates? I’m sorry, that was never a career choice for me at school, they never said ‘Rose, I think you’d be amazing.’ I probably wouldn’t have chosen Somalian and I might have chosen a bit more Caribbean perhaps. But how did this all start, your adventure in cybersecurity, and security, obviously.

Lisa Forte: I was trained to be a lawyer, specialising in maritime law and international law, so law around conflict and that sort of thing. And to my parents great dismay I found a job with a security company that basically secured ships from pirates, and they needed someone to advise on aspects of maritime law, and it’s obviously incredibly complex with regards to import/export of weapons, and so on and so forth. So, I joined the company in that capacity, and then quickly took more to the operational side of things, so abandoned law to my parents further dismay. And that’s sort of how I got stuck into security and working with a company that had not a single other woman in it. They were all male, ex-Royal Marines, so it was a baptism of fire for a young blonde law student, but it was awesome. Then I progressed into counterterrorism, intelligence, policing, and then into one of the UK Police Cybercrime Units, and then started my own company in 2017.

Rose Ross: Great, which takes us up to the present day, and Red Goat. I love the story about why it’s called Red Goat, I get the Red bit because of the security element, I’m assuming. But do you want to just quickly tell the story about why you chose Goat or why the team chose Goat?

Lisa Forte: This was all my fault! Basically I couldn’t think of a name for the company at the time of forming it, and I was reading New Scientist and there had been a study done by some people in London on goats, and they realised that goats can recognise intruders into their herd just from their voice. And so I thought, well that’s very similar to social engineering and what we’re hoping staff will be able to do with attackers. So Red Goat was born, but the by-product of it, is that one of my clients is an investment banker, and when I show up at the office, the receptionist would call up and she would say ‘the goat lady is here’, and I just thought that was the best thing that’s ever happened to me!

Rik Ferguson: So, is that now on your business card? Because it should be.

Lisa Forte: Goat lady – chief goat herder.

Rik Ferguson: It should be Lisa Forte, Goat lady, Red Goat Security.

Lisa Forte: Yeah, that would be the best title!

Rose Ross: So, goat rescue farm potentially in your future.

Lisa Forte: I love a goat.

Rik Ferguson: Yeah, that’s paying it forward. That’s what you have to do eventually.

Rose Ross: Absolutely. Absolutely. That’s brilliant, Lisa. I love those stories, and what an adventure so far, and delighted that the Marines didn’t put you off for life in security! God bless us, my other half is a Marine, I absolutely loved bootnecks, so no issue there.

Rik you’ve a slightly less treacherous path to cyber security, although I liked your LinkedIn post of when you were at Sharnbrook, drama, smoking in the woods, and detention were your activities at school.

Rik Ferguson: Yeah, yeah, that’s mostly what I did at school. If you were going to just let me roll into my introduction I was just going to be like, yeah I’m Rik Ferguson, I used to work in tech support. That’s basically it, that’s where my career came from, it just started a very long time ago. I didn’t take an academic route into security; I didn’t really take an academic route into anything other than accidents and adventures. I had never really planned anything. And from a school perspective, a very long time ago when I was considering which subjects to study, I just took the path of least resistance and the things I was most likely to get good grades at.

But even that plan didn’t totally succeed, so I ended up studying French at university and then I went off and lived in France for a while. Eventually, real life caught up with me as I was in my mid-20s, 24 I was and I had to get a proper job, quote, unquote, ‘proper job’, I’d been working in bookshops, record shops and timber yards and things up until that point, and singing in a band for beer money, and that was basically the whole of my life.

My first job was quote, unquote, ‘I knew a bit about computers’. I had studied it for O-level at school, yes I’m that old, and had studied it in my first year at university, but I had had a computer since I was 12. My first computer was ZX Spectrum 48K. 48K it was huge! By then I was fluent in two languages, English and French, so my first job was on a European tech support desk. And it snowballed from there basically. So since ‘94, back when TCP/IP was still a choice, you could have other protocols on your network if you wanted to. And in fact, you were highly likely to have IPX/SPX, and maybe even have Token Ring as well as Ethernet. Our operating environment when I first started was Windows 3.11 on the desktop, and Banyan VINES on the network. So, stuff that no-one knows about anymore, but that was what was…

Rose Ross: I do!

Rik Ferguson: There you go.

Rose Ross: But, I’m not going to say how old I am of course; I’ve just done a lot of research!

Rik Ferguson: You say Banyan VINES to someone now and they’re like, mmm?? But, it was it was a baptism of fire as tech support is for anyone who does it, and anyone who has done it, or is doing it will know exactly what I mean. The only thing you do all day is deal with stuff that doesn’t work, and the entirety of your job is to find out why it’s not working, and what you have to do to make it work again. So, for the job that I’m in now, that was the perfect place to start, particularly given that my focus from day one was on network activity and network protocols, and PostScript, PostScript is less relevant now than it used to be. But from a network and networking protocols perspective, a lot of my troubleshooting was around that, and it was across every available platform. It wasn’t just Windows, Mac, and Linux, we had customers who were using IRIX. We had customers with those brand new – I forget what they were called – those beautiful silicon graphics workstations when they tried to become like an Apple of the world briefly. Indigo I think they were called, Indigo workstations, and all kinds of different network operating systems, Novell NetWare 3, Novell NetWare 4, I remember Windows NT being released.

So, my career has gone on from there. I think I did 12 years in tech support, something like that. And the problem with tech support is, the longer you do it the more valuable you become, and the less willing to let you go, or progress the organisation is, because you’ve developed this wealth of knowledge of how to fix common things. So, usually to break out you have to change employer, which is unfortunate, but the way of the world. So, I ended up in security architecture for a system integrator, didn’t like not being at a manufacturer anymore, so then went back into manufacturer world 14 years ago, which was Trend Micro, and I’ve been there ever since. That’s it.

Rose Ross: Fantastic. And obviously you guys have probably met, worked together. I’m hearing this thing about a party, which I never had an invite to, so I’m a little bit miffed.

Rik Ferguson: Hey, neither have I, so if you’re hearing rumours about a party, then it’s going to be Lisa’s party.

Rose Ross: No, you do know about this Rik, Cyber House Party.

Rik Ferguson: Oh!

Rose Ross: Oh, that party, that party! Can you tell me a little bit about that? Because that was the beginning really wasn’t it of Respect in Security.

Rik Ferguson: It was, yes. So, Cyber House Party is something that was set up, not by me, I wasn’t involved in the creation of it, but I have been involved in several of them. It was set up during the first instance of lockdown in the UK, as a way of people being able to come together. There is technical and social and learning content, and there’s also a lot of fun. There’s the ‘Have I got a cyber quiz for you’, which is hilarious. And then in the evening, there’s three or four DJ sets on YouTube, where people socialise through the YouTube chat, or they have their own get-togethers on things like Zoom or whatever and listen to the DJ sets at the same time. There have been three or four of those now.

There was one at Easter which Lisa was a guest on one of the panels, and the panel was about harassment and abuse within the industry. It was hosted by Eleanor Dallaway from Infosecurity magazine, and Lisa was one of the people. I was watching it because I attended every one of the Cyber House Party events, and when Lisa started to talk about her own personal exposure to experience of abuse, it was an absolute epiphany, eye opener for me, like seriously this stuff happens, and people think it’s okay to do this? And not just anonymously, but from real accounts, and they do it on LinkedIn? Everything about it was blowing my mind, and I wasn’t the only one, as I watched the comments scrolling by during the event; other people were having the same visceral reaction to what they were hearing, like, What!! as was Mark Avery, one of the founders of Cyber House Party. So, he and I had a conversation afterwards saying, we want to do something, what can we do, other than being an ally, and being down with that sort of thing, what can we concretely do to make a difference? The conversation was born out of Lisa’s testimony, and it resulted in Respect in Security, and obviously Lisa was a very obvious person for us to contact and say, please come and be part of this, along with all of the other co-founders.

Rose Ross: It’s amazing how these acorns are created. So, Lisa, having been the catalyst I suppose really for this whole new movement; how do you feel about that, that something that obviously wasn’t a great experience at the time is hopefully going to go on, and is already going on and bringing awareness, and hopefully changing the way that people conduct themselves, and how organisations ensure that people do conduct themselves in an appropriate and respectful way.

Lisa Forte: I think it’s obviously a positive thing to come out of a negative experience. For me personally, I still find it really difficult. I still find it causes me a huge quantity of anxiety, despite obviously all the good that’s coming out of it, it’s still something that I’m not comfortable at all with. And I think one thing for me was the number of people who contacted me and others who’ve co-founded the group, when we launched, telling their stories, a lot of which were way more horrific than what I’d gone through.

It was sort of a weird emotion because we had men, women, all different shapes and sizes of every type of person you could imagine, who had a story. So, it’s not a woman issue, it’s not an older woman or a younger woman issue, it’s not broken down like that. And actually I found that quite reassuring, I found that made me feel less like I was hated, or there was something wrong with me, and that actually this was a problem with the perpetrators. There were lots of victims of all different shapes and sizes, and I was just one of those victims. So, it sounds like a little bit of a strange thing to say, but actually I got a lot of reassurance from the fact it was happening to others, despite the fact that obviously that’s a horrific situation.

Rose Ross: And so just out of interest, how long ago did this happen? How long have you been carrying this one around, without really sharing it in the way that you did?

Rik Ferguson: Ask Lisa, has it stopped yet?

Lisa Forte: No. I literally, as Rik will know, was it last weekend Rik, I had to change my mobile phone number and I had to do that urgently, and my telecoms provider were excellent. But I had to do that because the number of voicemails that were threatening, were horrendous, so I had to change my number.

Rik Ferguson: But you know what that means, obviously that is not a pleasant experience for anyone to go through. On the positive side of things, we’re annoying a lot of people, there’s a lot of people who are rattled by the fact that Respect in Security exists, and that are worried about the kinds of changes that may happen within the industry, and that’s a real net positive. It’s kind of one of the aims, if people who think it’s okay to harass and abuse others are concerned and feel threatened by what we’re doing, that’s really good, that’s a really good thing.

Lisa Forte: Several co-founders of the group since launch, have had some pretty horrible abuse come their way, and going after their character, or whatever. And I think Rik’s right, I think it’s rattled people, because the people, the general reception I would say from 99.9% of the population has been hugely positive and supportive. Yet there are a few people who have sort of self-identified themselves by lashing out.

Rose Ross: Interesting response to something like that. I mean even if that’s how you felt, I think to do it publicly must be an interesting choice, shall we say, an interesting choice.

Rik Ferguson: Some of it could be people that are rattled, concerned, and worried. But I think it’s also fair to say that some of the negative response, and like Lisa said, when we say negative response it’s a tiny minor, minor, minor part of all the responses that we’ve had, it’s overwhelmingly successful.

Rose Ross: Yes, because everything I’ve seen is very-very positive when I was looking at the feedback.

Rik Ferguson: But you know, I have had people come to me, politely, privately expressing concerns, for example, ‘Hey, aren’t you inviting vigilantism here? What is this reporting mechanism? How are you going to guard against malicious reporting?’ I had an article that was covered in an interview that Lisa and I had given, but it very definitely focused on me at the end; the second half of the article was all about me where they basically had gone through the entirety of my Twitter timeline. It was a hard right American news website who I won’t dignify by pointing to, but they had basically gone through my timeline, decided that I was extreme left wing, politically, and then we’re asking questions like, ‘Is this the right kind of person to be trusting to censor you?’

And we need to make it really clear, because I can understand confusion around this issue, but we do need to make it really clear; we’re not here to police anyone’s behaviour. We’re not here to pass judgement on anybody at all. The twin aims of Respect in Security, if you like, are to give support to victims of abuse and harassment, in that we will signpost them to the correct resources to be able to help them, things like the Cyber Helpline just for example, but all of those resources and signposting is on the Respect in Security website, that will tell you if you’re being victimised here’s where you should go, here’s the kinds of things that you might want to consider doing. So, that’s one side of the aim.

And the other aim is to encourage companies to open up and say, ‘Hey, if you have a problem with someone who works for us, we are open to listening to you’. And that’s it, just that, ‘We are open to listening to you’. When it comes to taking action based on complaints, of course, there should be due process, but that is down to the company that employs the individual, and the process that they are going to follow internally. What they’re signing up to when they take the Respect in Security pledge, is that they will have a process, and that they will publicly advertise that process, and how you go about contacting them in order to kick that off. That’s all, we’re not here to pass judgement or mete out punishment to anyone, that’s not what we do.

Rose Ross: And I think with what Lisa was saying, around the fact that for her as somebody who’s been on the receiving end of this type of abusive behaviour – and it was something that was post World War One, when they found that they didn’t have enough resources to deal with the challenges that soldiers were coming back from the frontlines with, is that just talking about the fact that you’ve had a problem, and you’re not the only one who’s experienced this, and are feeling the way that you feel is actually really helpful. So obviously, in this day and age we can do it on a much wider scale.

I suppose one of the things that people are probably saying is, do we need this? Because obviously there’s been anti-harassment policies in organisations for a long time. But in reality I think the research you did, and that was a great piece of work, because obviously coming out with Respect in Security without solid statistics, to talk about that there really is a problem would have been a bold move, and perhaps you would have been a lot more vulnerable to, as you say, the negative comments.

But, I think I made a quick note of that, lots of people, male and female and trans, had experienced this, and were continuing to experience this. Despite the fact that there are policies in place in organisations, I think part of the reason is that by nature, cyber security and tech and most industries have a high degree of networking.

Rik Ferguson: Yes.

Rose Ross: So, you’re going outside of maybe – and I’m not saying it’s always a safe zone within your organisation, where at least you feel that you have someone you can directly go to, there’s hopefully an obvious route for you if there’s an issue. And if you bump into somebody at a networking event, or you contact them, as Lisa or Rik, you may have spoken about somebody else who had contacted somebody, because they felt that they were somebody who was useful as a contact, they responded, exchanged numbers, and within a short period of time it had gone from talking about cyber security to basically somebody’s trying to have cybersex with them. So, yeah it’s an important letter to change at the end, to not change at the end, shall we say?

So, I think what you’re saying is that you’ve been overwhelmed by the response that you’ve had, but also surprised. I’m surprised that there’s been public negativity, particularly where it’s gone beyond maybe questioning or inquiring in, being a bit of devil’s advocate, but being aggressively abusive about what you’re trying to do.

Rik Ferguson: To be very clear, we need that, and we encourage; if people have concerns and questions about Respect in Security, absolutely come and talk to us and come and allow us to address those concerns with you, we are fully open to that. And we’ve already done it with multiple people on more than one occasion. And it’s great, because we get to learn from it as well.

Rose Ross: It’s about a dialogue, isn’t it? Things don’t change without communication.

Lisa Forte: And we don’t have all the answers, so it’s actually really nice when community members come forward and say, oh, have you thought about this? Have you thought about that, and we can then have a discussion. Because it’s really important to us that what we’re looking at, what we’re tackling on any level is actually representative of what’s happening. And the only way you know that is by having that dialogue with the community as a whole. And that’s what we’re here for, we’re here for the community. So, we’re not just sitting in our little porcelain tower, dictating what is and isn’t harassment, we really want that engagement.

Rose Ross: Yes, and harassment to one person perhaps isn’t to another, it might be seen as playful banter. But obviously, in the majority of cases, it goes well beyond any sort of element of perhaps inappropriate fun.

And I noticed you’ve got some interesting supporters, a friend of mine Ian Murphy, the irreverent CyberOff, and I’m sure he’s got some very vocal views on his support for that, which is fantastic. But what do you think has been the greatest… and I’ll ask you first Lisa, what’s the greatest thing that you think has come out of this very early part of Respect in Security, and what do you want to see more of?

Lisa Forte: So for me, it’s people who have written to myself or to any of the co-founders directly, the number of messages I’ve had where people have said, I’ve been really close to leaving the industry, really, really close to leaving the industry, because of all these things that have happened. And to have the courage to come out, and most of them have said, I’ve never told people this, and they’ve come out and shared their story; and we say to people we don’t want names, we don’t want screenshots or anything like that, we’re not that organisation, but they come and they just share the story of what happened, which helps them offload some of that, which is great.

But also, it informs us that we’re sort of on the money here, in terms of the need for this kind of thing to exist, because we can’t have an industry where we’re encouraging people into it and saying, ‘we need you, we need you, come and join our industry’, then simultaneously knowing there’s a whole load of talented people who are considering leaving because they are being harassed and abused. Those two things, they can’t coexist.

Rose Ross: Very much true. I kind of am a visitor of cyber security, I’m not a resident, I’m a holiday maker, I dip in and out. Although I do spend a lot of my time vacationing in cybersecurity lands. Obviously the tech industry, it’s got to be the same across most elements of this. I can’t say that cyber security is exceptional, with regard to this. Have you had any contact from other parts of the tech industry around this?

Rik Ferguson: So, the thing with Respect in Security is that obviously we are addressing the cyber security industry because that’s the industry that we’re a part of, that’s the industry that we are connected in, if you like, and exposed to. And when we started this thing we had no idea how or if it would be successful, we were absolutely blown away. We had set ourselves a relatively arbitrary target before we launched, because we honestly had no idea. We knew we were doing the right thing, we felt we were doing the right thing and we wanted to act, and we got all our ducks in a row, as my mum would say, and we decided that we could talk about it forever, or we could launch. So, we got everything sorted and we launched.

But we didn’t really know how it would be received, or how successful it would be or wouldn’t be. So, we came up with some targets to what we want to achieve in the rest of 2021, the second half of 2021 after we’d launched, and one of the targets had to be about how many organisations are we hoping to get signed up. So, we kind of went… 50, let’s aim for 50 organisations signed up. We got over 50 in six days; we were blown away by the response.

But we must remember, and it’s reflected in the organisations that have already signed up, and I hope it will be more and more reflected as time goes by; we’re not addressing this initiative at cybersecurity companies exclusively, we’re not addressing this at only cybersecurity vendors and companies that focus only on things like penetration testing, or things that are specifically cyber. This is open to any organisation where there are cyber security professionals, and if they want to expand the initiative organisation-wide, then there’s nothing to stop them doing that. Because one of the points in the pledge, the final point and the thing that really differentiates it from standard anti-bullying, anti-harassment policies, is that when an organisation signs up, one of the things that they are committing to doing is, to have this grievance handling policy and procedure in place, to have it documented, and also to have it published, publicly available, with how do you contact this organisation if you have a grievance that you would like to address. That’s what’s been missing up until now.

So, if an organisation… let’s say one of the people that have signed up, British Telecom, they’ve signed up which is fantastic, a huge organisation. We came to their attention through the world of cyber security, but if they’re publishing something on British Telecom bt.com, that says here’s our grievance handling policy, and here’s our contact address, there’s no reason why that needs to be restricted to cybersecurity, and that’s a wonderful thing.

Rose Ross: And aspiration-wise, you’ve smashed your ‘to the end of 2021’ goal.

Rik Ferguson: Yeah, totally.

Rose Ross: What’s next? I noticed that there was a pledge to move that to 100.

Rik Ferguson: Did we say that?

Rose Ross: But, I don’t think you’re going to necessarily struggle to get that, it will be next week!

Rik Ferguson: So, we definitely said that internally, but in all honesty, we’re still in ‘finger in the air’ territory. 50 came in and we went, wow, that’s astounding! What next? And of course, the obvious next number you’re going to pull out of a hat is 100. Who knows, the sky’s the limit. this is a huge industry, and this is a big problem that we’re addressing.

What’s next, Lisa? Not in numbers, we both know what our next goal that we have to hit is.
Lisa Forte: So I think a really big thing for us is, we are quite aware that we’re not a hugely diverse group of people, most of us are either UK British or European [laughs] in Rik’s case. We’re all white, we are not a diverse group of people in that respect. So, we are very conscious that what we need to do going forward is set up an advisory board that reflects geography, gender, every type of human input, and also professionals. We need people who are lawyers, we need people who might know about victim help and counseling, to really inform how we move forward as a group in the richest possible way, so that we don’t ignore any group of individuals, any concern.

We take into account all the different factors that come in, because it’s a hugely complex problem, especially when you then expand it outside of the UK’s borders, it becomes more complex; there are different languages, law enforcement is different, the signposting for victims has to change. There’s all these cultural subtleties that have to be thought about and brought into. So, I think that would be a really key point for us as an organisation, and obviously that will bring in complexities as well, in terms of vetting advisory board members, making sure they are consistent with the messaging and they’re consistent with the sentiment behind the group. So, there’s a lot of work to do to make the group, I suppose, even better and more effective and…

Rik Ferguson: More representative.

Lisa Forte: More representative, exactly.

Rose Ross: Well, that sounds interesting. When are people going to be able to get in touch with you, with regards to if they would like to be part of that advisory board, or be considered to be part of that?

Rik Ferguson: So, in all honesty, like I said, before we launched we had no idea. We are a group of friends and colleagues who’ve come together with a shared aim, and a shared desire to solve something that we see as a pressing problem. That’s the Genesis of this. We didn’t know how successful we would be, and like I said, we had high hopes and lower expectations than our hopes, and we’ve been blown away by the response so far. So, over the last month it’s been a bit runaway train’ish, we had to get everything in place for the launch, we had to do all of the interviews to support it once the launch was taking place. And we had to deal with all of the interest from people that want to take the pledge, and individuals that want to help or show their support in other ways.

So, we had a lot of incoming and outgoing all the time, we have been very much in runaway train mode. We need now to stop, we need to carry on with the day to day, which is welcoming supporters, which is fantastic and that’s what we’re here for, supporting victims in terms of giving them the resources they need. But we also need to regroup between us, the founders, and say, okay, here’s our roadmap and here are our dates. And in all honesty, I can’t give you a firm date for when we will launch the invitations for applications for people to be a part of the advisory group. It will be as soon as we are capable of dealing with what comes in from that, and it will be this year.

Rose Ross: Fantastic. So, from that perspective, if people want to find out more, where should they go? Tell us what the website is.

Rik Ferguson: Looks like we don’t know, but I was giving Lisa a chance to talk!

Lisa Forte: You’ve got such a beautiful voice Rik, it’s a shame to throw mine in!

Rose Ross: Oh you charmer, Lisa.

Lisa Forte: I’m Italian, that’s what we do.

Rik Ferguson: It’s the microphone, it’s all about the microphone.

Rose Ross: Yeah, he’s got a voice changer on it. It doesn’t sound anything like that really.

Rik Ferguson: respectinsecurity.org is the website. There is a form there to be able to contact us if you’re interested in taking the pledge. The entirety of the pledge is there because we think transparency is extremely important, so if somebody has signed up to the pledge, then people who want to know what that means have to be able to go somewhere and find out exactly what it is that company is committed to, so the pledge is there. There are resources there available for people who are currently being victimised, or worried about being victimised in terms of who can they turn to for help. And other guides of people they might consider talking to, or policies and procedures they might consider following, in terms of protecting themselves and safeguarding evidence, that kind of thing.

But, if you just want to contact us to talk about what we’re doing, or to talk about any one of us, then we are all available online individually, and you are perfectly free to take advantage of that. Or if you want to contact Respect in Security, then the contact details also, in the name of transparency, are available of course on the website, respectinsecurity.org.

Rose Ross: Lisa, Rik, any final words on where you’d like to see this go, and what your further aspirations are for Respect in Security.

Lisa Forte: For me, I think the key thing, I’m already seeing this manifest itself, is taking this harassment and abuse that happens to all sorts of people in our industry, out of the shadows and onto people’s front doorsteps and saying, look, this is what’s going on, let’s do something about it and make our industry better. And I think there’s nothing better than being able to do that, and the safer we can make it for people, the more welcoming we can make it for people. The more we can feel we’re all on one team, or on one side I suppose, the better because however resilient you think you are; I know for a fact myself that when it happens it ruins your day, it ruins your week, it’s horrendous. So, I’m just glad that people are seeing our message and are finding that empowering.

Rik Ferguson: For me it’s about from an organisation, obviously everything Lisa said I echo 100 percent, and I’ve received a large number of messages from people within the industry, both that I personally know and have never met at all, but for whom our mission has resonated strongly and who have contacted me sharing their stories. So, thank you to all of you, if you’re watching this, I’ve read every single one and replied, I think to all of them.

So, over and above the victim stuff, the other thing that I’m really looking forward to, and again we’re still working out some of this stuff, we’re just a group of people trying to make a difference, is how do we take this global, because Respect in Security is already unavoidably global when an organisation like my employer takes the pledge. We’re a global organisation, we have 7000 employees around the world, and we’ve taken the pledge as an organisation. So, that step from a bunch of people, UK focussed, launching something to becoming global, was made even pre-launch with some of our first signatories. We need to work out how do we overcome the hurdles that are in our way, for making that a success for the victims in different geographies.

The pledge is a simple one. The pledge is already kind of a global resource anyway because it’s not restricted by geography or legislation or regulation. However, what you do and how you handle these things, as someone who’s undergoing abuse or harassment, will differ by geography, will differ by regulatory or legislative environment, and will differ by culture. All of those things need to be taken into account, and not least, the resources to help victims will differ in all of those ways, and also linguistically. So, we have a whole bunch of those kinds of hurdles to overcome, and we need to work out what the plan is to make that happen.

And then I’m looking forward to the global response. We’ve already had it from a number of different regions, but a global response of people saying, I want to help, I want to be part of this. That’s going to be fantastic, and another big challenge for us then is the one that Lisa mentioned already for the advisory group is, it’s going to be great that we get so many people who want to help, but how do we make sure we’re having the right people helping, so vetting is going to be another big hurdle for us.

Rose Ross: Well, it sounds like it’s going be a busy rest of 2021. And thanks to you and the other founders and everybody who’s got involved so far, it’s just not acceptable for people to feel that they have been harassed or bullied or worse, in any industry. And certainly, I think cyber security and the tech industry itself should be leading the charge on making this happen, because we do have some amazing people.

I think, as a woman who’s been in the tech industry for [coughs] decades, I’ve been mentored, supported by a whole range of people, and I’ve never suffered that type of activity towards myself, and I feel incredibly fortunate that that’s the case. But I know I’m probably the exception rather than the rule, unfortunately, with regards to that. But I hope that the tide is turning, and this is a big part of, of that. So, thank you both, and thanks to the rest of you, and wishing you the best of luck, and keep us posted on how things go.

As Rik said, respectinginsecurity.org if you want to find out more or get involved, and I’d like to thank you both Lisa and Rik for being here with us at We are Tech Britannia podcast.

Rik Ferguson: Thanks for having us. Been a pleasure.

Lisa Forte: Thank you.

Rose Ross: You’re very welcome. And if you’d like to find out more, as I said you should visit the website respectinginsecurity.org. I may have said that a few times, but I want to make sure people don’t miss it.

And if you want to find out more about us, we are at www.techbritannia.co.uk and you can follow us on Twitter @TechBritannia and find us on LinkedIn.

Thanks again to these guys and wishing them the very best of luck. Thank you.