Women of Infosec call bullsh*t on RSA's claim it could only find one female speaker

Rival OURSA conf found 14 in five days after only Monica Lewinsky made RSA's agenda

By Iain Thomson in San Francisco

Posted in Security, 7th March 2018 02:46 GMT

Day one of the annual RSA conference in San Francisco on April 17 will have some competition after a group of female infosec professionals decided to hold their own shindig - titled Our Security Advocates or OURSA - to showcase the work of women in the field.

Last week RSA was hammered on social media when its keynote speaker lineup included a grand total of one non-male speaker - Monica Lewinsky. Ms Lewinsky is an expert in her field of online bullying and harassment, but the lack of diversity and RSA's tone-deaf explanation that there weren't that many women in cybersecurity anyway got people riled up enough to take action.

"It's not just RSA but all of the conferences, or at least 99 per cent of them," Melanie Ensign, Uber's head of security and privacy communications, told The Register. "But the latest keynote list was the straw that broke the camel's back. All you have to do is try, it's not that hard to create a diverse conference, so we're calling bullshit on the excuse."

In just five days female technologists had pulled together 15 speakers, 14 of whom are women, for the OURSA security conference. It'll be hosted at the SF headquarters of Cloudflare (co-founded by Michelle Zatlyn) and the US$100 tickets sold out in less than 24 hours, but the event will be livestreamed.

Conference tracks include applied infosec engineering, security policy and privacy protection, plus discussion groups. The whole gig will be sponsored by Facebook, Google, Dropbox, Netflix, Uber and hosts Cloudflare.

"I was inspired to help make something happen after seeing all the discussion on Twitter," OURSA cofounder Parisa Tabriz, Google's engineering director for browsers, told The Register. "Our community already has a tremendous diversity of talent, and I’m excited to help give these experts a forum to present their work."

In RSA's defence, sort of, the show's organizers have limited control over the keynote speakers as it auctions a large number of them off to the highest bidder. But, as Ensign pointed out, that means companies like Microsoft, Cisco, IBM and other RSA keynote buyers aren't putting female talent forward either.

While women make up only 11 per cent of the IT security industry you wouldn't guess that from most conferences, where queues for the ladies restroom are seldom seen, female headliners are scarcer than hen's teeth and the scent of testosterone can be overpowering. Some are better than others - Enigma being a prime example - and Ensign said she hoped OURSA would be a one-off event.

"If we continue to have to have separate conferences then we're defeating the point," she said. "I hope this is something we don't have to do again, I hope it becomes a model for other conferences."

In response to the storm of criticism RSA has now added more female speakers and will host a two-hour women's leadership reception on the evening. One suspects that most of the real leaders in the field for the future will be down the road at Cloudflare HQ instead. ®

Sign up to our NewsletterGet IT in your inbox daily

29 Comments

More from The Register

No way, RSA! Security conference's mobile app embarrassingly insecure

Sorry about the hard-coded passwords, can we sell you some crypto now?

RSA coughs to critical-rated bug in its authentication SDK

Yup, that means if you code with it, your projects inherit the problem. Yay!

RSA SecurID admin console can issue emergency access to decent social engineers

Put the management interface behind the firewall, pronto

RSA ransomware

ROCA 'round the lock: Gemalto says IDPrime .NET access cards bitten by TPM RSA key gremlin

Here's what to do if you have an affected badge

Cryptocurrency miners go nuclear, RSA blunder, Winner back in court, and plenty more

Roundup The ups and downs of security this week

I, Robot? Aiiiee, ROBOT! RSA TLS crypto attack pwns Facebook, PayPal, 27 of 100 top domains

Two-decade-old hole lets hackers unlock encrypted data

Cloud-surfing orgs under attack, Microsoft antivirus for Chrome, Windows 10 S bypass, non-RSA gigs, and more

Roundup Your guide to this week in infosec

What do you call a firm that leaves customer financials unencrypted on a hard drive? RSA

No really. Insurer's details on 60k people lost forever

Hitchhacker's Guide to RSA clones conference badge with a towel

RSA 2016 Flannel rag again shown to be essential kit for freeloaders