Do you think an information security conference of only women speakers is a good idea?

On International Women’s Day, earlier this week, I did a small poll on Twitter about women’s profile at information security conferences:

I usually do research on larger and more random samples but for this question I specifically wanted people in the information security industry to respond, so twitter seemed like the perfect place. The tweet got 231 votes and nearly 9,000 impressions. 52% of people voted against the idea of an infosec conference featuring only female speakers, and 48% voted yes.

women infosec cons analytics

 

 

 

 

 

 

 

As much as I wanted to do the poll, I also wanted to generate discussion and hear people’s opinions. The idea of a conference with female-only participants occurs to me pretty much every time I attend or speak at a conference, as the representation of women is always very low. But, I’ve never been fully convinced that it’s the right thing to do.

Shared opinions, in response to the poll, can probably be categorised into:

  • No, it’s sexist
  • Gender does not matter, only that the speaker is good at what they do
  • It’s the content which is important, not who is delivering it
  • Do blind submission instead
  • Conference organisers need to try harder
  • Yes

“It’s sexist”

I completely understand and support the argument that women and men should share the stage. That is the ultimate goal. We do not have that at all right now. Quite a few people argued that ‘you wouldn’t have a men-only conference’ which honestly surprised me as we often have conferences and panels which feature only men speaking. Not all conferences, but, at best, there will always be far more men speaking than women. There are more men working in this industry than women, so you would expect more male speakers than female ones, but I feel the disparity in speakers is greater than the disparity in those working in the industry. There is also the concern that we only reinforce the issue of wider gender disparity if women in the industry aren’t seen and heard.

“Gender does not matter, only that the speaker is good at what they do”

Again, in principle, I completely agree. If only society was structured like that. Do people honestly think that only 29% of our MPs are women because they’re the only ones good enough to do it? That less than 10% of UK FTSE100 CEOs are female because the rest of us aren’t up to the task? Or, for that matter, that conferences which feature only male, or overwhelmingly male, line-ups do so because there aren’t any women who are equally as good at what they do?

“It’s the content which is important, not who is delivering it”

See above – do you think that mainly men speak at conferences because the women working in this industry don’t have valuable content? If so, it seems a conference of female-only speakers is not just a good idea, but imperative to challenge such a misconception.

I have sat through countless presentations where the content should be interesting but the presenter does not have great speaking skills. Content is of course very important, but a good speaker can make anything interesting (see Morgan Freeman reading Justin Beiber’s lyrics if you don’t believe me). Of course, I don’t mean to imply that women are better presenters than men, but I wanted to make the point that the person delivering the content does matter.

“Do blind submission instead”

See above. The issue with blind submissions is that some presentations sound great on paper, but delivery matters. This argument also assumes that conference boards are to blame, selecting largely male speakers. However, having spoken at lots of conferences for the last few years, and often being the only woman or one of only a couple of women speaking, I’ve always asked the conference organisers why this is. I’ve lost track of how many times conference boards have told me I’m the only woman to have submitted. Most say that they are very keen to have more female speakers.

“Conference organisers need to try harder”

I agree that this would be very helpful and is possibly the best solution. The support of conference organisers for IRISSCON, Steelcon, Manchester Bsides and EMFCamp has been really encouraging to me over the last few years. However, the flip-side of this is that conference organisers want people who are very keen to speak to submit to their call for papers (cfp). They don’t want to have to convince you, because then the experience will most likely not be particularly enjoyable for you or for the audience. I don’t think this should stop organisers from reaching out to women and suggesting that they submit to the cfp, but it does mean that they are justified in not ‘twisting your arm’.

“Yes”

It would be great to hear more women in information security speaking about their work. It would showcase how many intelligent and inspiring women work in, study and support this industry. It may encourage younger women to consider information security as a career, it could encourage more women to speak at existing ‘mainstream’ events and it would highlight to conference organisers the women who are willing and able to speak at those existing events.

However, despite all of my arguments above, I’m still not convinced that this is the best solution to the issue of a lack of women presenting at infosec conferences. As some people commented, when seeking equality is it beneficial to create a divide? Would focusing on gender mean that the focus is on being a woman in security rather than a professional in security?

I’m inclined to think, as I always have, that this issue is a symptom of a complicated problem which is inter-related with women’s role in society in general, and the lack of women in this industry. What do I mean by that? I mean the man who ‘joked’ about a pre-teenage girl being ‘sexy’ on twitter. The woman who told me she loves working in such a male-dominated industry because there’s less ‘competition’. The man who drunkenly shouted at me, after one of my talks, that I only get work because I’m ‘pretty’ (dude, you could be too: it’s called mascara).

I’m impatient. I want solutions to problems that are taking too long to progress. I know you all relate to that, its information security in a nutshell. But, as with information security, there is no quick fix. One respondent replied ‘in unity is strength’, which I very much agree with. Let’s keep working on being unified.

Ps – shout out to Bsides London where 33% of talk submissions are currently by women. Bigger shout out to all the women thinking of submitting – do it! The deadline for Bsides London cfp is March 28th. For information on other conferences which you may want to attend or – better yet – speak at, take a look at my post on the top infosec conferences of 2016.

By Dr Jessica Barker