Patronising Penetration For Women

Image for post
Image for post

1st published in 2017

When I first decided to join LinkedIn and join groups on here, Females in Cyber type groups, I thought these would be a place to learn/share techniques and methodologies, with like-minded women. Oh boy was I wrong. Instead, I’m noticing an increase in the amount of winge articles about how women aren’t walking straight into CISO roles, or how men are conspiring against women in the security industry.

We hear stories of Jimmy being paid more than Jane, and are apparently supposed to be marching over this, with the fact Jimmy has 10 years more experience than Jane being all but glossed over.

Every single time I read one of these patronizing articles, I feel that they have the total opposite effect to that which their writer’s intended, these create a stereotype of women being weak and lazy. I’ve also noticed none are ever written by the women who work in technical roles, which I find baffling, to say the least.

Image for post
Image for post

I keep hearing of the “need to empower women in cyber’’ narrative. While this is an applaudable line of thought, I question how will that ever happen if our approach to this is simply to silence men and put women on a pedestal. Now, I love women, I’m definitely a feminist, I’m also a realist. But you can’t adequately address the problem of sexism by prioritizing one gender, just like you can’t abolish racism by prioritizing one colour. Sexism will not be stopped by ‘reverse’ sexism.

Just yesterday I spoke as part of a panel at the BCS Cyber Security Women’s day at the University of Westminster. It really struck me just how lost most women are in the early stages of their career in this industry. These women had skills, technical skills, they were self-driven, but none of them seemed to know where to direct that drive. Many of the “role models” in this industry are using this as a soapbox to project their own politics. Giving them useless advice or pushing them into roles they simply don’t have the desire for, if a woman approaches you asking for some pointers on how to be a penetration tester, and she has years of relatable tech experience, don’t tell her she’d be better off in Compliance because it’s more friendly! At this point, you are working off stereotypes and causing more problems to the industry than you are solving. (I won’t be naming names).

Image for post
Image for post

Infosec isn’t a hotbed of fat, long-haired, women-hating, greasy gamers, jumping on blowup dolls. In my experience, it is one of the most welcoming professional communities you could possibly be a part of. I’ve met men, women, trans people, disabled people, really confused people, a wizard! A WIZARD! . . . . A WIZZZZZAAAARD!!!! Now if that’s not diversity, then we need a new word for diversity.

I don’t believe this gender divide is caused by the infosec community by any stretch of the imagination, but rather by a society that is messed up in the way it shows value in females. The lack of women in infosec is as a direct result of this warped world we live in, and information security, along with many other professions, is suffering as a side effect. Raise women with a focus on being pretty, surround them by millions of orange, fake titted ‘role models’ then act surprised when they don’t aspire to be engineers, scientists or so forth. It’s almost like this would have a negative impact on the computing industries. Who’d have thought?

Image for post
Image for post

So what am I going to do about it?

I’m proposing an alternative, let’s separate the women from the girls. I’m co-starting a new initiative; Ladies of London Hacking Society. The details have yet to be smoothed out, however, it has gained support from my manager Lynda and my colleagues. The initial plan is for it to be held monthly at our Canary Wharf office, however, this is subject to change. It’s going to be more technical compared to other such women-focused initiatives. We will cater to all skill levels and everybody is encouraged to ask questions. Our only requirement is that attendees turn up with a computer that has the capacity to run VMs.

Month one will be setting up a virtual lab, setting up a testing ground such as DVWA. Going forward we’ll be going through penetration testing from recon to exploitation, defense tactics, how to break down pcaps, how to eat cake, how to drink wine. . . . ect.

I’m thinking we’ll also be looking for experienced people to speak and help write material for the society. If you turn up and don’t know what something is, but you want to learn, we will teach you. If you know a great deal this could be a way for you to showcase that. Personally, I’m not much of a mixer, I’d rather be at home improving my waning Python skills than be out in front of people. But sometimes the messages out there about women in tech frustrate me beyond belief and I just have to spurt the other side of the story.

Now, as with any initiative aimed at a specific gender, Ladies of London Hacking Society sounds sexist, and I can understand why you’d think that (it’s written in the title). However, I believe that any challenge to the ‘women are weak/entitled’ narrative will make its strongest statements when they come from an initiative that is for women, by women. I believe that the biggest problems facing our current women in tech are born from people who aren’t women in tech speaking for us as if they know what is best. It’s time the actual women in tech were heard.

Come’on! Who’s in?!

Look out for updates on Ladies of London Hacking Society on here and Meetup.

CEO & Co-Founder at th4ts3cur1ty.company & PocketSIEM. Founder and Director of Ladies Hacking Society | Purple teaming enthusiast @Eliza_MayAustin

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store