The most infuriating advice I’ve received about succeeding in cybersecurity is to, “Have a thick skin,” usually followed by, “Don’t take him seriously, he doesn’t even realize what he’s saying.” These are not words of wisdom—they’re a defense of predatory behavior that belittles the issues women face every day and normalizes sexual harassment.

For my recent report, “Best Practices: Recruiting And Retaining Women In Cybersecurity” I spoke with many women and allies in cybersecurity about best practices for achieving success in the industry. The women consistently brought up rampant sexism that they’ve experienced, ranging from more subtle comments like, “It’s so great to see you in a dress!” to being directly propositioned by other coworkers, to everything else that falls in-between. All instances are awful, but the subtler examples are often categorized as ‘not a big deal’ or ‘misinterpretations’. Those categorizations are wrong. Harvard Business Review detailed an entire study showing how this subtle discrimination can be even more damaging than the more blatant cases. Subtle discrimination is linked to poor performance reviews, lower salaries, and fewer promotions.

The women I spoke with mentioned that they were taught to manage, deflect, and defend against inappropriate behavior. These lessons brand sexism as uncontrollable and accidental male behavior that women must accommodate. This is the wrong approach. Firms need to address issues of sexism head on to recruit and retain female employees. Your firm needs to take a hard look at its policies, procedures, and current culture to determine the unconscious and direct biases that are maintaining a toxic environment.

The industry is making enormous strides, but with women occupying only 11% of cybersecurity positions, the playing field is still not close to level. The industry needs to change its recruiting and retainment efforts to better the workplace for women and all employees as it fills the millions of open jobs. For more details on how to do this for your organization, check out my latest report: Best Practices: Recruiting And Retaining Women In Cybersecurity.