Meanwhile, there are occasionally signs that the effort is paying off. Security hasn’t been too bad but it’s had its #MeToo moments and the conferences used to have “booth babes” and a lot of “locker room talk.”
Back in 2013 I came back from RSA conference in San Francisco, and complained about the bad marketing: booth babes and some ultra-nationalism. I think my complaints hit the right spot because I framed them as “this is bad marketing” and avoided the moral argument. I wrote: [ranum]
the only customers that will be impressed by anyone’s ability to hire pretty models to work their booth aren’t going to be the ones signing the big purchase orders. And, it’s possible that they’re thinking your sales team are going to be a bunch of testosterone-laden assholes who’d be better off selling used tires. If some company wants to appeal to the consumer that’s going to jump at the T&A maybe they should relocate up the street to O’Farrell where they can include a happy ending with their product demo.
Generally, people agreed with me, and several chief security officers of companies told me that they had forwarded links to my article to the sales managers of some of the more egregiously bad marketers. We got a little band-wagon rolling and since 2013 (I have not attended RSA since 2013) the number of booth babes has dropped to near zero.
Gary and Marcus talking to booth worker (in spandex) about firewalls. We asked what the sports car told us about the company’s products. She said “I don’t know, they just hired me to stand here and wear this outfit.”
There were also some disappointing displays of ultra-nationalism: one company had a “how will you keep Chinese hackers out?” ad that managed to stereotype both Chinese people and hackers, and imply that cyberattacks are Chinese national policy (it is also American national policy). I know several people who wrote letters to the CEO of that company, and I believe that marketing message hasn’t been tried since.
Then, in 2014, there was an incident of sexual assault at a computer security conference. Stop me if you’ve heard this before: there was some drinking and “let’s go back to the room and hang out” and someone got grabby, then got rough, then got a ceramic mug broken on his face. Accusations were exchanged, nothing was done, and the woman was demonized for over-reacting. I started insisting that any conference that invited me as a speaker needed to have a posted anti-harassment policy, or I would not accept the invitation. [ranum]
Yesterday at ISSA, I was very happy when the conference organizer started the event off with these slides:
I particularly liked the message: “do not sell your soul.”
1 step forward, 1.012 steps back. At least there are some little parts of civilization that are moving in the right direction.
Sunday I am spending most of the day on airplanes and driving, so I probably will not post anything.
Any progress is a good thing, so that’s great.
How did that happen? Was it a couple of male friends chatting in some remote corner/their own room? Or was it actually happening openly where everybody could hear it? Were there really no women present at all? I mean, I know that there aren’t that many women in the computer security industry, but were there really none at all?
Back when I read Georgia Weidman’s blog entry about the attempted rape, I perceived it as frightening. What made me so uncomfortable wasn’t the fact that a drunk guy tried to rape somebody. It was this quote from some victim blamers: “It wouldn’t happen to any other girl in infosec because no one else would be stupid enough to let a guy in her room.” People claimed that Georgia Weidman was partially to blame for letting him in her room. The thing is, I have let countless men in the rooms where I have stayed. I have never thought twice about staying alone in some room with some guy, including men I barely know. I even have spent countless nights sharing a room with guys, including strangers. I don’t know about how Americans and older people perceive this, but among European students this is perfectly normal. When students travel somewhere (for example, to participate in a university debate tournament), they generally are broke and on a tight budget. Nobody even thinks about having a whole hotel room exclusively for one person, that’s too expensive.
So here I was, used to perceive staying alone with men as perfectly safe. After all, I have done that often, and so far I have been fine. I have come to expect that decent behavior in these kinds of situations is the norm (all the men I have stayed alone with have behaved perfectly fine). And then I read an online blog post informing me that if you invite some guy in your room, you are basically consenting to any sex acts he may wish. If a fight starts, the fact that you let the guy in will be a significant proof that you had agreed to sleep with him. Police will side with the rapist. Holy crap! That’s scary.
Just think about the implications. Over 50% of my friends are male. If I decided that from now on I will never stay alone in a room with any man I don’t intend to have sex with, then that would be the end of my social life. How else could I make friends? Sure, I can meet people in the party/dinner where everybody is hanging out together. But when I meet some interesting person and decide that I want to befriend him, I have no other option, but to (gasp!) stay alone with him. That’s how people make friends.
In this case victim blamers went a hell lot further than suggesting that the victim should have worn longer skirt. They basically told that any women who attempts to have a normal social life and make friends is a fair game for rapists. Being stuck with a female body and living in a world where people think like this is fucking scary.
I wanted to write something similar about the Control international trade fair, where I too have seen a significant reduction of booth babes over last years. Although some manufacturers still insist on employing young women for the sole purpose of giving visitors meaningless questionnaires and pushing leaflets into their hands whilst smiling winsomely, most have at their booths mostly experts (unfortunately mostly male, but not exclusively) with whom the relevant issues could be discussed.
Ieva Skrebele@#1:
re: “locker room talk”
How did that happen? Was it a couple of male friends chatting in some remote corner/their own room? Or was it actually happening openly where everybody could hear it?
Back when I was an industry insider or “influencer” I had sales reps offer to take me out to strip clubs for a lot of drinks (nudge nudge wink wink) I would rather use a knife and fork to remove and eat one of my own eyeballs than spend an evening drinking at a strip club with a sales rep, so I always declined. But there was a time in the early 00s, when there was a lot of money pouring into infosec, where it was not uncommon to hear about big clients getting taken out where there were compliant women (presumably hired) and compromised. When I was CEO at NFR I made sure my sales team knew that if they couldn’t sell the product on its own merits, they had best not resort to bribes.
There was one consultant/beltway bandit in the late 90s who had a reputation for outright bribing/compromising government employees who controlled contracts. He had a nice boat in Annapolis and once you’ve got some pictures of a married guy cavorting with some bikini babes, you pretty much own them.
Stupid, easily corrupted guys are not hard to find, it turns out. Probably the grand daddy iceberg of them all is the “Fat Leonard” scandal: [vox] basically, a corrupt contractor managed to eliminate an entire command of US Navy brass. Impressive. The FSB should hire that guy, except Trump is probably planning to hire him as his next lawyer.
Back when I read Georgia Weidman’s blog entry about the attempted rape, I perceived it as frightening. What made me so uncomfortable wasn’t the fact that a drunk guy tried to rape somebody. It was this quote from some victim blamers: “It wouldn’t happen to any other girl in infosec because no one else would be stupid enough to let a guy in her room.” People claimed that Georgia Weidman was partially to blame for letting him in her room.
I burned several long-term friendships over the Georgia Weidman attack – mostly, I was disgusted when I contacted some other senior security types I knew and suggested we all do a joint statement about anti-harassment policies, and instead I got push-back and ‘we must move slowly’ and ‘what if she is lying?’ Because, you know, women are always eager to come forward and be drummed out of their field of employment for trying to not be raped. There was a conference in Germany a few months later, which I attended, and it happened that there was a bitter (and loud) alcohol-fueled debate about it at the conference reception. I like to think that it was worthwhile, but mostly it left me feeling more disaffected about my field.
If a fight starts, the fact that you let the guy in will be a significant proof that you had agreed to sleep with him.
During the aforementioned heated debate, there was a notable Romanian hacker who offered the view that Georgia had perhaps lured him to her room because she was planning to smash him with a mug. You know, like how all those women went to Bill Cosby because their dealers had cut off their Rohypnol supply and they’d heard Cos was holding.
Charly@#2:
[…] most have at their booths mostly experts (unfortunately mostly male, but not exclusively) with whom the relevant issues could be discussed.
I think that the biggest influencer on changing behaviors at RSA was Palo Alto, inc. Palo is a firewall vendor, and their founder/CEO, Nir Zuk, was a former programmer and the product’s lead designer. While all the other vendors had jugglers, and sumo wrestlers and booth babes, Palo Alto had Nir doing 4 highly technical walk-throughs about the inner architecture of their product, and how it worked inside – really interesting stuff. There was always a huge crowd around their booth and the company was very successful; they sold like hot-cakes. A few of us, including Bruce Schneier, pointed out in various interviews that Palo’s approach had made them the most effective booth at the show, and people started to “get it.” One of the journalists I used to talk to a lot did a set of live mic debriefs with female executives who had walked by the booth babe displays. They were all very sensible, “this is just bad marketing, I ignore companies that do stuff like that.” That is not what you want to hear from a VP-level executive from a major healthcare provider. So there was a simultaneous push from several directions, and the marketing people really turned their act around after that.
That was the year that I suggested my (then-)company explore scheduling a talk by Neil DeGrasse Tyson and Lawrence Krauss (yeah, bullet dodged!) – something interesting and compelling and non-fluffy. It was probably not a good idea. I am not a marketing genius, I know. But the next year, the booth babes started to dry up.
Marcus wrote:
… as if the two are mutually exclusive?
It’s not just your field. It’s humanity as a whole. It’s the same everywhere. There’s no reason why programmers should have worse attitudes than the general population.
Sometimes it can take years to realize that a person you know has some nasty attitudes. For example, I had known a misogynistic guy from my first debate club for more than a year before I finally found out that he’s actually a jerk. I just assumed that he must be reasonable, but then one day a random conversation ended up with him telling some sexist crap that made me realize his true colors. And it’s not like people are even trying to hide their nasty opinions. In everyday conversations these topics just don’t come up. It takes some trigger events for people to start talking about these questions. This is why, the moment you start attending conferences, you are bound to notice that there are way too many people with bad opinions out there. Sexual assault is bound to happen everywhere, and when it happens during a conference, it simply forces everybody who is participating in that conference (meaning: a large number of people) to get involved by publicly expressing their opinions. Thus it might feel like there are lots of people with bad attitudes among the conference goers, but, in reality, their concentration in conferences or in some field (be it atheism or computer security or whatever) probably isn’t any larger than in the society in general.
[…] there was a notable Romanian hacker who offered the view that Georgia had perhaps lured him to her room because she was planning to smash him with a mug.
I am not surprised. Sadly, Eastern Europe, even the bits that are now in the European Union, is an oasis of concentrated toxic masculinity and casual and systematic misogyny (also xenophobia, racism, homophobia, and rabid transphobia, while we’re at it). The further East, the worse it is, and it’s so pervasive and so thoroughly internalized that most people are completely oblivious to it — they aren’t even aware it’s bad and things could be different. (To be fair, most of these attitudes have been changing for the better, and the media refrains from the worst of it, but the pace is glacial.)
cvoinescu @#8
That’s a broad and not entirely accurate statement. For example, Estonia is in Eastern Europe, but, in many ways, it’s a lot more progressive and better than a bunch of Southern European countries or Ireland. I mean, you can’t even get an abortion in Ireland. Not to mention all the religiosity and problems it causes.
Germany, especially the western part of it, is supposed to be good, right? Except when it isn’t. When I participated in a debate tournament in Münster, people who were organizing that tournament exiled me to spend the night in a Catholic female students’ dormitory. I have a huge problem with gender segregation; I hate being forcibly sent to women’s rooms. That one really pissed me off. That’s plain gender discrimination, as well as an outright refusal to acknowledge my gender identity (I don’t perceive myself as a woman). I have participated in many debate tournaments in various countries in Eastern Europe. There nobody ever dared to enforce a rule that male students and female students ought to sleep in separate buildings (or even separate rooms). In the supposedly backwards Eastern Europe nobody cared if I slept in the same room with a bunch of male students. Yet in Germany I was forbidden from doing so.
I agree my statement is over-broad and not very precise. The axis of backwardness points broadly south-east, not east, but there isn’t a smooth gradient, there are exceptions, and other places suck too. Still, I believe it is largely correct. And I haven’t even touched on puritanism (not much of a problem in Eastern Europe, as you rightly point out) and religiosity (more prevalent and more overt, but not nearly as toxic as in other places).
cvoinescu @#10
The problem with your statement isn’t just the fact that you are lumping together all the countries located in some geographical region. You are also lumping together various problems (misogyny, homophobia, racism, religiosity, xenophobia, nationalism). Not everything is equally bad in each country.
Gender equality is actually pretty good in Eastern Europe. Here https://i.redd.it/c6qdzz8m06k01.jpg is a map with year when women got the right to vote in each country. Eastern Europe looks very good on this map. Especially when compared with France, Spain or Switzerland. Back when women in Switzerland were still fighting about getting a right to vote, my mother was already studying engineering in a Soviet university. Her choice of study program wasn’t perceived as anything unusual. In fact, my mother wasn’t even particularly interested in science or engineering. She simply wanted to get a good job, which is why she decided to study engineering and physics. We can also look at various other women’s rights issues. Abortions are accessible in most of Eastern Europe. Many Eastern European countries have had female presidents (something that cannot be said about, for example, USA).
Secularity is another area where many Eastern European countries do amazingly well. Just do a Google search for religiosity by country and look at the maps. For example, Estonia is one of the most atheistic countries on the whole planet with very few religious citizens. Growing up in Eastern Europe, I took secularity for granted. My city was an atheist paradise with very few believers. For me most of Western Europe feels more religious than the place where I grew up.
Homophobia and transphobia. Yes, this is where I finally agree with you. In Soviet Union homosexual people were perceived as sick, and, unfortunately, the consequences of this perception are still lingering. For example, my mother is simultaneously an atheist and also a homophobe. Her reason for disliking homosexual people isn’t religion; she just thinks that LGBTQ people are sick.
Racism, nationalism, and xenophobia are trickier, because it’s hard to measure those. This is why I’m not very sure about these. In general, I probably agree with you here, but it really depends on the country.