Aanchal Gupta, director of security at Facebook, is posing a question to her panel of five experts onstage when she has to catch herself.
“You guys are presenting ... ”
She stops. “Sorry, I’m so used to being around guys,” she says. "This is my first panel where it’s all females.”
Both the speakers and audience laugh, but everyone knew Gupta wasn’t really joking. The one-day event held here Tuesday was explicitly designed to to show that the privacy and security sector has a healthy share of female and minority experts who can speak to a wide spectrum of issues relevant to a male-dominated industry.
OURSA, short for Our Security Advocates, was conceived in early March after a major security convention, the RSA conference, announced a list of 20 keynote presenters with only one woman: Monica Lewinsky, who was to speak on cyberbullying. (RSA later issued a revised list with more women, saying this was always its intention.)
In response, a group of indignant men and women decided to stage an “alt-conference” the same week as RSA. OURSA vowed to bring together speakers from diverse backgrounds who were renowned in their field, and to move beyond discussing minority experiences to call attention to the excellent work already being done by women and racial and ethnic minorities.
"One of the things we wanted to focus on was having presenters and speakers really represent their work, not just talk about what it’s like to be a woman in security," says Melanie Ensign, head of privacy and security communications at Uber. “There are major segments of our community that are just so tired of talking about being in security and our gender.”
Like the rest of the tech sector, cybersecurity is notorious for its gender and diversity gap. In the US, African-Americans and Hispanics make up less than 12 percent of the cybersecurity workforce, while women make up about 10 percent, according to the International Consortium of Minority Cybersecurity Professionals. The rate is not much different worldwide.
With a rise in cybercrime across the globe that is expected to triple the demand for cybersecurity workers by 2021, observers say addressing the diversity gap now is crucial. And conferences – an important platform for showcasing expertise – can be a key part. “To have a percentage feel excluded at these events is a detriment to the field,” says Wendy DuBow, senior research scientist at the National Center for Women and Information Technology.
OURSA, which took place at Cloudflare headquarters in San Francisco, offered a short-term antidote that attracted around 250 people. Sessions revolved around a diversity of perspectives – the day’s first discussion, for instance, was on the intersection of technology and advocacy for high-risk populations, led by a panel of activists, programmers, and researchers from diverse backgrounds.
“You couldn’t have that conversation with just a group of white men,” says Ms. Ensign, the conference's media coordinator.
Organizers say it wasn't hard to find diverse voices. The real challenge in putting together her session on applied security engineering, says Ms. Gupta, was saying no to dozens of quality submissions. “That shows that there are so many passionate people out there who care about security, privacy, and online safety,” she told the audience.
Attendees were as diverse as the presenters and added to the sense of empowerment at the venue. “The composition of the room can really change how you approach a topic,” says Anna Lauren Hoffmann, an openly trans assistant professor of technology and culture at the University of Washington. While her scholarship doesn’t traditionally fall within the security sector, she was able to lend her expertise to a session on the ethics of emerging technologies. “It’s a strength of this event that they were able to broaden their lens,” she says.
Some preferred to keep to a minimum any talk about their lived experiences. Window Snyder, chief security officer at cloud-computing service provider Fastly and a top voice in application security, spoke onstage about the need for girls and women to embrace their femininity as they cut their teeth in the industry. But after the session, she said she only wanted to take questions on application security. “I can talk about that for as long as you like,” she says.
OURSA’s organizers aspire to see a world where women and other minorities no longer have to talk about their struggle for recognition in cybersecurity. For now, they’ll settle for proving that there is a way to do conferences differently.
“We hope that other conferences will try a little bit harder to give women and others a chance to participate,” Ensign says. “Our hope is that a year from now, we don’t feel like we need this event.”