1. You can upload one, or pick one hosted off-site somewhere. To do this, go to the main menu and select "Profile" and then "Forum Profile" from the drop-down menu.
2. However, if you opt for an off-site avatar, you need to make sure that website offers an HTTPS:// option.
When you cut-and paste the URL into the "Specify your own avatar by URL." field, make sure to change the beginning to https://
If it doesn't work, then try another website/service. Any commercial image host will offer https://
3. CathInfo recently switched to 100% secure mode, https://, to get with the times (again) since every browser and their grandmother is throwing a fit about ANY site that doesn't offer a secure connection for everything. (They now consider passwords as "sensitive information". They didn't as recently as last year!)
4. When in secure mode, you will only get the green "secure" padlock if ALL the images are also served up https:// secure mode. If someone's avatar is served up regular http://, then CALL IN THE ARMY! RED ALERT! The message changes to, "The site is only partly secure." or some such nonsense.