Making Security Safe for all
Updated: Apr 23
Let’s take a second to understand what diversity truly means: I am white, female, I have been raped, I have been stalked, I have been abused, I am a survivor of domestic abuse and yet - I can in no way speak for all of the survivors of domestic abuse. I am but one story, one person, one piece in a much larger view.
Over the last 10 years of my technical career, I have seen trends towards diversity, with genuine attempts at ‘curing’ or ‘healing’ or ‘creating a safe place’ throughout the many parts of industry. However, let me remind you of one simple fact white men, they are a part of our industry too. Attacking persons simply because of their gender, that’s not creating a diverse environment or even a safe environment. Their opinions, points of view, knowledge, and experience - they matter! Want to create a diverse team? Create an inclusive environment. The rage I have seen targeted unfairly against my friends, diversity & inclusion heroes, the very people trying to help - it’s unfair.
In the words of Ian Thornton-Trump “Diversity all the things, hack all the things!” Want a diversity panel? “If you want to hack the system [as a group] respond to CFPs with an articulated response about the diversity issues and some credibility, put together a panel, gather your clans and hack the CFP system!” I reached out to him to hear his perspective – he’s white and male too. “The numbers tell us that the situation is improving – some folks feel it could be faster and it could be a greater improvement. I feel it’s about trajectory – year over year improvement this profession is only really 30 years old. This is the best time in the world to be in IT and cyber security. Jobs are abundant benefits and salary are climbing and we need everyone to face the current and future cyber threats.”
I know so many of the folks running infosec events and conferences and I think they would welcome a focused, constructive discussion proposal/CFP response on these topics; such as gender, diversity, inclusion and how to continue, support and accelerate the improvement, these are important topics! Unfair blame and anger just minimise the possible benefits. The real question? Is our profession mature enough to listen to both sides of the argument without devolving into toxicity?
The last point to make here is this and it came from a very wise security researcher: “Discussions on serious topics like gender, diversity and inclusion on social media is exactly the wrong and possibly the worst platform to try and have this discussion.” I could not agree with this statement more. This needs to be grassroots, early years effort. So get into schools, approach the next generation along with the current, get into hacker spaces, computer clubs and propose panels and workshops - work for a better environment for everyone.
Reality is, creating a culture of inclusion is how we create a world where you are not simply judged by your appearance or gender or your technical skill, but by what you say, produce, and share.
When I started my career I was straight up told “don’t pursue it [technology career] because I work in this industry, and I don’t want you to have to deal with them.”, “we don’t hire women, they’re too distracting to men”, and many more - now, we have our community. Let’s build from it.
Yes, there needs to be a greater balance of ethnic, cultural, technical, social, and gender within our industry, and we can get there! The way to do it - is to stand up, speak, share your knowledge, and actively make sure you’re supporting inclusion, not further diversion.