AISA boss suggests member revolt is a cover for sexism

The deputy chair of Australia's peak representative body for IT security has sensationally claimed that a member revolt over recent board decisions could be a cover-up for unease at the number of women elected as directors.

The chair also revealed that the Australian Information Security Association (AISA) had suffered an unreported data breach mid last year.

It's the latest to come out of an increasingly messy saga sweeping through the AISA.

A group of AISA members recently banded together to launch a campaign against the board for sacking AISA CEO Arno Brok just before Christmas last year.

They are petitioning other members to vote for a sweep-out and re-election of the current board - six out of the eight of which were newly appointed just prior to Brok's departure - over dissatisfaction at its performance.

"[We] believe that the board has lost its mandate to lead the organisation, as such we are seeking to call a full election for all positions. As the board has refused to run this election we are seeking to force this change ourselves," the petition states.

However, deputy chair of AISA Damien Manuel - also the CISO at Blue Coat Systems - claims the campaign could be a mask for resentment of the number of females on the eight-strong AISA board.

He told iTnews he had received complaints about the board's 50/50 gender representation.

"We've had some emails and LinkedIn comments from members who aren't happy about that," Manuel said. iTnews was unable to independently substantiate the claims.

He said he couldn't say for certain whether the complaints about the gender diversity came from the aggrieved group, given none had contacted the board with their concerns, but argued their claimed gripes about performance didn't hold water.

"We've done everything in accordance with the AISA constitution, Australian Corporations Act, and employee agreements," Manuel said.

"If we've been doing everything for the members, for the community, and to improve member engagement and improve member value, and participation with government, what other grievance could they have?

"I really struggle to see what else there is."

One of the central instigators of the campaign against the board, who requested to stay anonymous, slammed Manuel’s comments as an attempt to deflect attention away from the board’s sacking of Brok. 

"Sexism is a serious issue and accusing the AISA members who have signed this petition of sexism actually demeans the issue for society, and is an affront to the women who persevere in the face of sexism daily," the AISA member said.

"Any right thinking person would want women to know that they are welcome and safe at any AISA gathering. 

"By making this desperate accusation, the current AISA board is sadly demonstrating yet more of the immaturity and poor judgement that the members are objecting to and why we have signed the petition."

Manuel indicated he wasn’t concerned about the impact his claims of sexism would have on AISA’s image, saying he expected the vast majority would drown out the vocal minority.

“It’s probably no different to every other organisation that will have similar challenges. These things are normally smoothed out by the majority,” he said.

‘We’ve had lots of support from thought leaders in the industry and behind the scenes from branches. Everybody wants to get on with the job AISA needs to do: improve security for members, industry, and bring government, industry, and academia partners together.”

Unreported data breach

Manuel also revealed the AISA board had recently been made aware of a data breach that occured last May, which had exposed all the membership's sensitive personal details online.

The breach occured on May 27 and saw the details exposed until June 16. AISA said the breach was reported to the Privacy Commissioner earlier this month.

Manuel told iTnews an AISA member had discovered fellow members' names, home and email addresses, phone numbers, and membership numbers freely available online following a configuration error by an AISA solution provider.

The breach was discovered on June 15 and rectified by the vendor the following day, he said. Manuel declined to name the vendor.

Manuel said the AISA board was "concerned" with the previous leaderships' decision not to disclose the breach to the board, Privacy Commissioner, or members.

AISA has just under 3000 members.

Updated 14/2 to clarify the relationship between the breach and the CEO sacking