Thursday, July 19, 2007

The Ladies of Infosec

I was at an event not long ago, and the woman in the group was really pissed. In a room full of nothing but security geeks, someone asked her "Oh, do you do security work?"

This didn't happen with any of the guys. The question they got was "Where do you work?"

I was thinking about this today, and I realized that every woman I know who works in infosec has told me a similar story. That might be a slight exaggeration, but not much. Literally every one I can think of right now has told me one of these stories.

They get things like:
  • Are you here with your boyfriend?
  • She used to be a man
  • Take your shirt off
Yes, sadly I have heard jerks yell out "take your shirt off" when a woman was trying to give a talk.

How much do women hate this? You can read what Raven thinks about it.

Let me tell you a little about this particular woman in question that reminded me of all this. She has worked in some of the most important software companies in the world, in the security groups. She has worked at at least two security companies that I know of. Pick just about any well-know security male, and they know who she is and they respect her work.

If you've been paying attention to the infosec world, you probably know who I'm talking about. Keep it to yourself, because this particular woman is not the point.

I have met a number of women at various conferences. I'd look really foolish if I went around assuming they weren't attendees or didn't know what they were doing. I've met a woman who works for the CIA. I've met one who was a heavy-duty cryptographer. I've met one who does BGP vulnerability research. Yes, the women are rare. Staring and asking stupid questions doesn't help improve that.

Because of how hostile the infosec world is to women, the ones who manage to survive tend to really love what they do, and have worked very hard to stay in the field. This may mean that the woman you just met is better at security than 90% of the men. That probably includes you (and I'll happily concede that includes me.)

Keep that in mind.


alan shimel said...

Ryan - it is not just woman in security, it is woman in tech. I have spoken to many woman who may not be geeks, but are doing the marketing, sales and other tasks in the security/tech market. The crap they put up with is BS. Guys have to get with the program here and take these people for what they are, every bit as smart and capable as any of us. This is why I write about the booth babe stuff, it is just degrading.

Anonymous said...

Hmm. Maybe I'm not looking hard enough, but I haven't seen much of that. If I did think that someone was patronizing me, I just decided that he was an idiot in general and moved on. (Usually, he was.) Or maybe I look too much like a geek to be mistaken for anything else. Maybe it's just the good-looking women that have this problem.

Ryan Russell said...

To the anonymous commenter just before this comment of mine:

I don't think you're looking very hard. I rarely get blog comments at all. I just had to delete three of them that illustrate how stupid these guys can be.

As a semi-experiment, I've had this blog open for almost a year, with no limits on who can comment, no CAPCHAs, nothing. Despite all the career trolls who hate me, I've not had one out of line comment before today.

Yes, the problem exists.

Anonymous said...

Dang, Ryan, why didn't you leave them up as an example?? ;-)

Anonymous said...

I think this sort of thing is pervasive in science and technology in general. However this think the situation is worse (e.g. derogatory comments) in the *hacker* community. I know of and have worked with a number of female cryptographers have have never heard them complain about this sort of thing, so I don't think other areas on information security are worse than the average. The *hacker* community tends to be younger and far more predominantly male than the general IT security community. The young part probably explains the higher occurrence of derogatory comments.

Ryan Russell said...

Ah, that's an interesting observation. You're right, there is a set of the population there that is (or so it appears to an old guy like me) already irreverent, antisocial, or maybe socially inept. I could easily see that translating easily to this kind of problem.

shrdlu said...

You could be really mean (and, perhaps, accurate) if you explained that the young hackers were still rebelling against their mommies and therefore couldn't get over their misogyny.

Ryan Russell said...

Heh, another interesting possibility I don't think I had considered.

hyperfukbot said...

i see this sort of thing in all sorts of 'nerdy' areas, not just technical fields.