OURSA Conference

Responding to the lack of diversity at the RSA Conference, a group of security experts have announced a competing one-day conference: OUR Security Advocates, or OURSA. It's in San Francisco, and it's during RSA, so you can attend both.

Posted on March 9, 2018 at 6:24 AM • 35 Comments

Comments

Robert ThauMarch 9, 2018 7:20 AM

Also, already sold out (in about 12 hours). There's some chance of a few more tickets being released later (per Alex Stamos on Twitter, a few more might be released once arrangements are closer to finalized); they're also working on livestreaming arrangements.

SluaghadhánMarch 9, 2018 10:27 AM

Is this a reaction to the RSA conferences having too much white men or something? Looking at the participants list, this looks to not include any white men, only three men in fact out of 21 participants. Does this division really help? Looking at some news articles, it looks like the only woman at the RSA conference was going to be Monica Lewinsky (why?). That's obviously ridiculous, but is this really the best solution? Sorry if this causes a commotion, I think that these conferences should do better to reflect the demographics of the industry but this just seems to go in the opposite extreme which could cause division.

Dan HMarch 9, 2018 12:11 PM

At Google the tech workers are only 17% women; at Facebook they are 15%; while at Twitter they are only 10%.

They say the numbers for women tech workers is getting worse, too. So if the general numbers are that low, the numbers in computer security are going to be a lot lower; then reduce that number even more for specialized security dealing with encryption and then how many of those few women are skilled and qualified to speak at the RSA conference is going to lead to what they have.

This new conference of women (mostly) is the result of the society we’ve created. If there were qualified experts in this specialized area they would have been asked.

echoMarch 9, 2018 1:01 PM

There are very good reasons for holding a conference which creates a safe space for women and minorities. I am aware though of the broad spectrum of discrimination and sensitive to the fact white males can and do suffer from discrimination.

There are reports and studies in the medical area which discuss these issues. Sadly the medical industry itself is very discriminating. (Males who are economically and socially disadvantaged tend to be erased, the medical side itself is heaviliy biased towards male control, key studies often emphasise or only select males for study which can obscure diagnosis and treatment for women, and sexist controls of women's bodies and budgets for healthcare employment and provision remain.) Key areas of attention are "white knighting" is itself psychologically disabling for women and lack of well reasoned and thought through guidelines allowed discrimination to push into a domain up to the point it can get away with. This is a horrible vicious cycle hence why I suspect the number of cisgender heterosexual white men invitees is very low (i.e. none existant).

That said the focus of this conference seems spot on. It will make very interesting reading to know what emerges from discussions.

WombatMarch 9, 2018 1:51 PM

@Dan H

"If there were qualified experts in this specialized area they would have been asked."

I think that's the crux of it. Do there exist one or more women who believe they are qualified, and who are interested in speaking at RSA, and who were not offered the opportunity to speak there? (Perhaps ask some of the attendees of OURSA?)

If so, that's a problem.

If not, there is no problem, provided that when such individuals appear, they are judged solely on the content of their work rather than any other factor. The industry's ability to produce a variety of qualified speakers is a separate problem.

Clive RobinsonMarch 9, 2018 2:34 PM

@ Bruce, Sluaghadhán,

Responding to the lack of diversity at the RSA Conference

As with oh so many technical conferences that start off well, they generaly don't scale. Thus others take over the "running". Which means that the organisational motivations change. Eventually "The lunitics take over the asylum" effect happens and people either stop going or a compeating event starts...

This is the fate of all conferences where those primarily with money in mind take over from those at the grass roots with the technology in mind. If OURSA wants to outlast RSA they need to understand this in depth.

Part of which is they need to understand that there are also dangers involved with grass roots success. Just part of which is discrimination in it's various forms, another of which is "inclusion". Whilst the dangers of discrimination are generally easy to see the dangers of inclusion are more difficult to see.

Much as we have been conned into thinking it, society does not run on votes but worked for cooperation and consensus. Voting is a way of abdicating responsability and actually produces a hostile and conflict ridden dystopia, not either cooperation or consensus. Thus it is always "off course" and gets from a starting point to an unknown destination by throwing the helm hard from port to starboard and back again each time disruptively "rocking the boat" creating inefficiency and thus redundancy at every turn. Redundancy is always seen as an opportunity by those with self interest at heart. As it gives them opportunity to profit, thus it is in their interest to ensure the helm gets thrown hard as often as possible.

LiMarch 9, 2018 2:50 PM

To the best of my knowledge, RSA goes with what is available to them. This career field has always been predominately male and mostly white, but I don't think it's been projected as some kind of exclusive club. Since at least the 1980s, there have been articles in ACM and IEEE publications trying to figure out how to get more women into computing and engineering.
Maybe it's sort of a reverse discrimination: Most of the people I know think that my career, beneath the Hollywood-portrayed veneer, seems extremely boring. Maybe it's mostly white men who are stupid enough to put up with it over time!

A Nonny BunnyMarch 9, 2018 3:12 PM

@Wombat

Do there exist one or more women who believe they are qualified, and who are interested in speaking at RSA, and who were not offered the opportunity to speak there?
I'm not convinced that "believe they" should be there. People that aren't qualified might believe they are, and ones that are qualified might believe they're not.

Dumbo DudeMarch 9, 2018 3:52 PM

It is complete rubbish. At the end of the day I don't care the color of the skin or the nature of the genitals of the person who phished me and got into my gmail account. I care that they violated my privacy and information got into the wild that can't be taken back.

I am opposed to quotas in all their forms. If women are not being given equal opportunity, that is a problem. But a group of second-rate women having a public hissy fit serves no one well and...more importantly...makes us all less secure.

WombatMarch 9, 2018 4:06 PM

@A Nonny Bunny

It's a tricky thing. Crackpots believe they're qualified for all sorts of things they're not. Filtering them out is just as difficult and just as eternal as filtering spam.

If a qualified person does not believe they're qualified, then I opine that half of the problem is outreach, but the other half is for the person to adjust their own level of self-confidence. If a qualified person does not believe they are, then they probably will fail the second check, and not seek to present at RSA.

Recognizing that biases are difficult to get rid of, I wanted to express that the sole factor RSA should be judging is the quality of a presenter's work, at the end of the process. The start of the process is the person deciding for themselves that they wish to speak.

justinacolmenaMarch 9, 2018 4:35 PM

OURSA. "Responding to the lack of diversity."

In San Francisco.

In French: C'est un ours. It's a bear.

"Bears" are somewhat a "gay" male thing. Emphasis on the male. Not necessarily "gay" per se. Bears trying to break into the beehive, that sort of thing. As a matter of fact, enforcing the lack of diversity.

Monica Lewinsky. Like a lot of celebrities, she probably has a lot of personal interest in computer security, but that does not generally equate to technical interest, which is unfortunately not as common as it should be among women.

Let's just say, --> http://www.sfzoo.org/

@Wombat

If a qualified person does not believe they're qualified, then I opine that half of the problem is outreach, but the other half is for the person to adjust their own level of self-confidence.

If a company is not interested in hiring qualified persons in the first place, it is probably not going to stay in business very long. Encouraging applicants to increasing their level of arrogancy and aggressiveness is not the right answer.

WombatMarch 9, 2018 5:20 PM

@justinacolmena

"Encouraging applicants to increasing their level of arrogancy and aggressiveness is not the right answer."

A person misses 100% of the shots they don't take.

echoMarch 9, 2018 5:54 PM

@Wombat

I was able to obtain a high value contract with a public utility consulting business which was very profitable. On the first day I had to contend with macho management, desks which cost £10,000 per seat, a male executive stuck in hospital who wanted a work colleague to bring in a laptop so he could continue working, a floor full of women doing admin work who wouldn't say boo to a goose, money wasted on computer hardware maintence insurance when a store of spare machines would cost a tenth plus have resale value, and a board level meeting discussing computer project development and procurement. I recommended they use this as an opportunity to review what was required i.e. consider whether their scheme was suitable for the job required (and whether they werewasting money on half-brained vanity projects). I was fired at the end of a telephone when I got home at the end of my first day.

I guess I was just the wrong kind of idiot to work there but this privatised consultancy which couldn't fail to make guarenteed fat margins in a captive market went bankrupt due to mismanagement and debt three years later.

WombatMarch 9, 2018 6:27 PM

@echo

Your point is unclear, but as I hear it, I'm by no means saying that a person makes 100% of the shots they do take. No one says that.

There's a difference between confidence in one's abilities and an aggressive entitled attitude. I'm only talking about people who are qualified but do not believe they're qualified. That may be a small group compared to those who are qualified, believe they are qualified, and are excluded from places due to bias. Again, I'd ask the attendees of OURSA, and also look forward to what comes out of it.

echoMarch 9, 2018 7:20 PM

@Wombat

I thought I was clear enough about macho management. But, yes. This isssue is reasonably well studied. I have plenty of papers and media citations in my database such as the gendered difference in goal seeking and group biases and so forth but would prefer reading the view of half decent sociologist who can make better more readable sense of this.

I felt the key sections of the OURSA conference were well chosen.

Clive RobinsonMarch 9, 2018 7:38 PM

It is not just a question of qualified v nonqualified when it comes to giving talks. There is another dimension that is the willingness v unwillingness of people to stand up infront of a crowd and talk.

Talking is after all a slow way to communicate, you also have the problem with a technical subject of who do you leave behind and who do you leave dissatisfied. That is there is the old comment about the twenty pages an expert needs versus the book or three a novice needs.

There are better ways these days. Not only can you read two to five times faster than you talk, reading gives you the ability to go at the speed you need for comprehension. But look at it this way, in return for talking to a bunch of people for an hour you have to give up two to four days of your life packing, traveling, checking in to your hotel then after the talk you do it all in reverse...

We now have markup languages that allow people to write a document at all comprehension levels. That is the twenty page document can expand out giving more information such that if you expand it all the novice can read and comprehend it all.

It begs the question do we need speakers at all? Be they willing or otherwise.

One of the joys of a small pad or large smartphone is you can use them just about anywhere, in bed, in the bath, strap hanging on a crowded commuter train etc. You can tap away with just one finger or two thumbs or in some cases actually aproximate touch typing.

Thus you can write documents in whole or part where ever you are. You can then put these up on web sites etc for people to read when it's convenient to them.

The question then becomes "Why do we need conferences?" and the answer to that is perhaps not what you would like...

Personaly I'm at that time of life where home comforts and the ability to work quietly in a place that feels like it's my own makes me a lot more productive, than getting squeased, squashed, jostled, out of sync sleeping in a bed that god alone knows how many others have done what ever the devil put in their heads etc and all manner of other little ills and slights lost bags missed taxies broken conections etc just so people can see me sweat under bright lights whilst croaking along trying to be entertaining whilst educating... Just does not do it for me any longer...

To be honest I don't know how much they pay popular talkers these days but it had better be a lot ;-)

HmmMarch 10, 2018 2:11 AM

"A person misses 100% of the shots they don't take."

And in a game where if you completely miss 1 shot and you're pretty much out?

65535March 10, 2018 3:02 AM

I endorse it and encryption product competition is just what RSA needs. Currently, RSA is in a quasi-monopoly position and seems beholden to the USA spy agencies. RSA is closely bound to M$, Oracle and many large silicon valley corporations. That is not good. I would like to attend but it is a long flight and my major customer does a huge amount of work around mid-April. I have to forgo this one but hopefully the make the next.

LarryMarch 10, 2018 6:12 AM

@Dumbo Dude
I agree! But we are probably the only ones here who think this way.

ATMarch 10, 2018 9:57 PM

The underlying premise of a push to racial and gender diversity is itself the prejudiced notion that people's behavior and thought is significantly influenced by their race and gender ... it takes us back to 50's-era Star Trek sociology.

Inviting (almost entirely) women to present at a conference because of their gender is no less reprehensible that only men on the same basis.

In this particular case, neither conferences are likely to have any significantly interesting technical content, and they can both be safely skipped.

unbobMarch 10, 2018 10:13 PM

I don't remember there being this much push back when B-Sides took on the overflow and rejected submissions from Black Hat. Seems like they are filling a gap in the content coverage at RSA. Good for them.

MajorMarch 11, 2018 10:49 AM

@echo

You have to give people credit for the work they've done if you expect them to listen to you. You accumulated a massive amount of negativity for a single day on the job. You obviously think that you were the smarted person there. From their perspective and from the perspective of a reader of your post, that is far from clear. Even if you tend to feel the smartest, as many of us do, it is a consulting error to push this in people's faces.

A consultant needs to create agreement and buy-in and avoid being seen as the stereotypical jerk consultant. This is one reason why good consulting practice devotes an initial period to developing an "AS-IS" model before developing and presenting a "TO-BE". It allows the existing people to be heard and not have their work discarded without time for it even to be fully presented and understood.

As far a macho management goes: What you are saying is simply a slur without hard examples. Somebody wanting to work from hospital is not a negative from my perspective.
You come across as antagonistic. Were you really surprised to be fired?

MajorMarch 11, 2018 11:28 AM

Since women are a slight majority of the population I have always wondered why women don't just start companies with the values that they prefer.

In that sense I am happy to see OURSA come into being.

I believe that RSA has totally sold out to surveillance interests and that their products are therefore largely ineffective - mostly because of what I have read on this blog - so all the better.

However, based on the website, this conference seems to have little concern with computer security per se, and more with making a statement. Perhaps this simply reflects its newness. But its web page is so primed for offense and so tense that I wouldn't attend this any more than I would check into a local jail for a holiday weekend. Perhaps it is I, however, who is tense! I'm curious to hear reports from attendees.

echoMarch 11, 2018 3:40 PM

@Major

It was an anecdote I threw out there. Stuff happens and if you are being fair you would highlight their failings too given how things turned out. I also have a habit of putting my foot down and insisting my vote at a meeting is recorded even when in contravention of the sometimes "unanimous" voting left on the record demanded by an MD. Like, what part of "no" didn't he (because it usually is a he) hear but this is getting into a project with another business (where I was being seperately advised by an expert). This last one is funny as later I was walking out the door of one business he was in the way in looking for another job. He didn't get the job thank the gods. He may be smooth in a meeting and make all the right noises but I found him duplicitous and untrustworthy. This gives me an excuse to cite this latest study on voice analysis:

https://www.sciencealert.com/identification-infidelity-partners-using-voice

"According to research, published in the journal Evolutionary Psychology and written about in The Conversation, you may just need to listen to someone's voice to figure out whether they will cheat on you or not."

Women do start businesses. I have no idea what the ratios are with respect to busiensses started by men but they do exist even if they orientate around goods and services not always in the kinds of markets shared with men, or even the same organisational styles which brings us to this:

https://www.theguardian.com/money/2018/mar/10/media-stereotype-women-in-financial-coverage-study-finds

When the reader was female, the landscape of financial planning tended to be painted as complex and threatening, “a minefield”, and imagery tended to be of women who were emotionally or even physically overwhelmed – cowered by an oversized credit card, for example – and often included infantile imagery such as piggy banks and pennies. A third of articles also assumed women to be responsible for family support and care. By contrast, articles aimed at men painted their readers as savvy financiers and the financial landscape as packed with opportunity. Rather than “saving pennies”, male-directed articles talked of portfolios, calculated risk, and rely heavily on stereotypes of aspirations to combat, strength and power. They also heavily implied that the reader was competitive, with matey phrases such as “having a punt” or “playing the game”.

MajorMarch 11, 2018 4:39 PM

@echo

I see you are posting interesting stuff on the squid thread. However, I have a hard time following your argument concerning women issues. I am in my fifties and I believe you are significantly younger so perhaps I am missing some context that would help me follow.

It is premature to have negative assessments (maybe suspicions) in one day on a job. The company no longer existing can have many explanations and your satisfaction at its demise says more to me about you at this point than the company. You were there for a day. How much could you know about it?

In business, people just don't roll over and do what you say. Yes, a lot of people and decisions seem idiotic to me, but I may not be right, and, anyhow, everybody is somebody's idiot. If you have a better idea part of the skill set is bringing people to your view. It's not automatic. It takes time, patience and a bit of empathy (or investing enough years so that you are the boss and can demand it.)

You quote a lot of studies that do not seem to be directly in line with the discussion. I do believe that bias and discrimination exist. (I also believe women have biases.) But I have known many women who have flourished in business despite that. It may be a challenge, but it doesn't explain every failure. It's important to realize that your actions matter and that you have power over your life, even in challenging circumstances, because your actions are the only factor you have direct control over.

As a white male of privileged background I still had to suffer many indignities of the sort you enumerate. Business politics largely suck. I was happy to go independent after 20+ years of corporate work. Ah, but still there are the clients to deal with!

I perceive you as being agitated. I believe I would feel the same way if you were a man. I feel like saying: "It's ok. Be cool. Everybody has experiences like these. Don't let it get to you."

I have no question that women are equal to men. I enjoy working with them or for them more than men, generally. They are as smart as men and as capable of men in doing anything. But I don't think the world is generally out to get them. Men and women have co-evolved a culture and that evolution hasn't kept up with a changing environment where separate areas concern (home vs work) no longer work for many women and men. And much has therefore changed for women and is changing. Change is also psychologically difficult and sometimes there is static and backlash. But I don't think men intend to oppress women and sometimes, believe it or not, we feel oppressed by women too.

Anyhow, thanks for the reply. Obviously, all the above should be couched as my opinion. We develop a model of the world as we live and hopefully update it as we go along. It's never a finished project.

echoMarch 11, 2018 5:30 PM

@Major

I sometimes have a habit of people never knowing when I am being serious or not. I wouldn't worry too much about my anecdote. I would note though that I am concerned with discrimination in general. I don't disagree with you and could and have said similar myself. Language is a crude vehicle and I'm sure you accept too these things can be a little complex.

MajorMarch 11, 2018 5:45 PM

Ah! The mask of the internet strikes again! And all the chatter that runs through our heads.

Sure, things are way complex. We are a predatory species whose brain spends most of its time thinking of post hoc rationalizations for our actions, most of which come straight from the Id! (lower level motivational system of brain). We hardly know what we are doing half the time or why. :)

But it still can be fun!

GabrielMarch 11, 2018 9:51 PM

I don't understand. Does RSA discriminate on the basis of race and gender?

MBMarch 11, 2018 11:57 PM

The original conference seems to have served some useful practical purpose. The new one seems simply meant as a political statement. This does not bode well.
For example, are they going to follow the newest fashion and only allow male attendants to make comments after each talk only after the female attendants have spoken their piece (include your own preferred underrepresented categories here), as the latest fashion seems to be?
Still, I hope it succeeds beyond all expectations and proves all haters wrong.

RickleMarch 12, 2018 2:04 PM

It disappoints me that we have more outrage over lack of affirmative action than we do over companies like SANS making bank on teaching courses on FOSS tools while not actually donating any of their proceeds to the upkeep of the tools themselves.

We may eventually have an industry with gender parity for engineers and slave labor for tool creators. That is - if they don't give up altogether.

echoMarch 13, 2018 12:52 PM

This is a somehat contentious article.

https://www.theguardian.com/commentisfree/2018/mar/13/women-robots-ai-male-artificial-intelligence-automation

The overarching problem of men dictating the rules has found new expression in something that is currently changing the way we live and breathe: artificial intelligence (AI).

Let us be clear. There are great benefits in the use of AI and we should cherish them. However, the issue is not innovation, or the pace of technological improvement. The real problem is the governance of AI, the ethics underpinning it, the boundaries we give it and, within that, who is going to define all those.

With that in mind, I think the next fight for us women is to ensure artificial intelligence does not become the ultimate expression of masculinity.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.