On Sunday, a woman who works in cybersecurity was headed to the beach and posted a selfie wearing a bikini on her Twitter feed. When she woke up hours later, after not checking Twitter for a while, she saw that someone was complaining about her posting a picture in "underwear" even though her bio says she works in infosec, suggesting that what she did is unprofessional.
Her response quickly went viral, prompting several women who also work in cybersecurity—and a handful of men—to come out in her support.
As of Wednesday, at least two dozen people posted pictures of themselves in a bikini, or shirtless selfies in the case of men, to show solidarity and to show that it's OK to share one's personal side on Twitter, no matter what industry you work in.
The story shows once again how the cybersecurity industry can still be toxic and sexist. It is well known and documented that women and feminine-presenting non-binary people in the industry face constant harassment, both online and at conferences. In 2019, a popular Facebook group of hackers and cybersecurity professionals baselessly blamed "Social Justice Warriors'' for the shutdown of a hacker conference. The accusation was the last in a long series of sexist and misogynistic comments in the group.
Coleen S, the woman whose tweet sparked the wave of solidarity, said in an online chat that after her tweet she "received some terrible comments and unsolicited DMs over it, but so, so much more support."
"It's really awesome how supportive the community has been through all of this. It gives me hope for our industry which is rife with issues," she said. "I am a little self conscious after all of this though. As I am a trans woman, posting pics with my bony knees like this can be risky—especially with this degree of reach—but I do try very hard to be a positive role model for younger generations of people who are gender diverse and women in general."
"It's disgusting to have people constantly trying to police what we post."
Gabrielle Hempel, a security researcher and one of the women who posted a selfie of herself in response to the harassment Coleen S faced, said that "it's disgusting to have people constantly trying to police what we post."
"We aren't robots built to churn out only tech content—we're women with lives outside of work. To be frank, we've continued to be shamed for living our lives outside of our careers for far too long, and it's time that it stops," she told Motherboard in an online chat.
Rik Ferguson, the vice president of security research at cybersecurity firm Trend Micro, and one of the men who supported Coleen S, said that this is about people trying to act as gatekeepers.
"Women in infosecurity are regularly singled out for harassment, are judged, often to arbitrarily higher standards, on a totally made up scale of 'good enough' or shamed and frightened into silence and acquiescence. This must end," Ferguson said in an online chat. "If you don’t speak out against it, your silence legitimizes it instead. As an industry, if we ever hope to truly professionalize, then there can be no space for these kinds of abuse and judgemental nonsense."
Nicole Beckwith, a security engineer, said that there's a clear double-standard for women or LGBTQ folks in cybersecurity.
"A man can post weight lifting photos half naked, bourbon, car and cigar photos but if a trans female or woman posts a photo of herself in a nice outfit or a bikini, we are called attention whores who are in need of external validation," she said in an online chat. "The double standard has to stop."
Melanie Ensign, a long-time spokesperson for the well-known Def Con hacking conference, said that "sexist attitudes and commentary distract everyone from the important responsibilities we claim in our Twitter bios."
"The harassers are certainly responsible for being sexist assholes and for creating the distraction," she told Motherboard in an email, "but as a communications expert, I'm also very aware of how much oxygen the rest of us give these toxic crusades through our well-intentioned but misguided attention."
Subscribe to our cybersecurity podcast, CYBER.