[Owasp-board] [Owasp-leaders] don't allow explicit discrimination 🙏🏿 (women only)

psiinon psiinon at gmail.com
Mon Mar 18 11:54:18 UTC 2019


Hi Vandana,

For the record I would like to thank you for running this workshop and
completely support it.
If you can let me know how many women can participate and a suitable postal
address then I'll send you enough ZAP stickers for all of them :)

Many thanks,

Simon

On Fri, Mar 15, 2019 at 1:53 PM Vandana Verma <vandana.verma at owasp.org>
wrote:

> Hi All,
>
> Thank You so much for responding and sharing your valuable inputs.
>
> To share my perspective. I have been helping the WIA (Women In Appsec)
> initiative and its activities for over 2 years now and I have been asked
> this question too many times i.e., why women only?. I do not mind answering
> this, again and again, so will try to put some of my thoughts here. These
> are just my opinion on this subject and it could very well be wrong from
> someone's perspective.
>
> I live in Bangalore (India) and have worked in the industry for over 12
> years now. I also co-lead OWASP Bangalore chapter. I cannot emphasise more
> on the overall positive impact the awesome security community had on my
> overall career and I am really grateful for it. However, during my last few
> years, I realised the fact that even though the security community is
> awesome, most of the time women find themselves comfortable to speak, share
> knowledge or ideas openly only after they have spent some time in the
> business.
>
> There is no doubt about the fact that the issue of fewer women
> participation or minorities exists (if you want to discuss and debate about
> this, we can find some time somewhere to talk about it). So, I felt the
> need to help encourage more women to join the industry and community and
> get to experience themselves how awesome the community is. Just an example
> - If you exclude WIA training, there is no other female trainer in all
> other 13 training.
>
> *Like others mentioned, there are many reasons to keep it, women-only
> (however, we have not said NO to anyone. If a male comes and says they
> can't afford other trainings and want to attend this one, we are always
> happy to take them). The idea is to provide a women-only environment where
> they can be comfortable in asking questions, making mistakes and not feel
> intimidated (I know a lot of people might not agree to this, but being a
> female, I understand this and hence felt the need to address it). *
>
> There is a reason we host a basic training on "Web Application Hacking
> with Burp Suite and ZAP" and not some advanced topics like "Secure Coding
> in C++", and what not. The idea of the basic training is to provide a soft
> push to more women to feel encouraged enough to join the industry and
> community. Once they are here with the basic knowledge, they can themselves
> explore all other learning opportunities, participate and experience the
> awesome community. So even if it might look like its discriminatory to you,
> my idea of giving so much hours to it to bridge the gap (I cannot comment
> on discrimination because I've never felt in this community but I can see a
> clear gap in women participation because of all sorts of natural and
> societal reasons)
>
> I have a full time employment. Tel Aviv is close to my home but it takes
> ~24 hours to travel to places in the US from India for conducting any such
> trainings. I also have an easy option to submit paid trainings through CFTs
> and get paid for my efforts. I don't think it's fair to call the reasons
> political or discriminatory.
>
> Thank You,
> Vandana Verma
> OWASP Bangalore - Chapter Leader
> OWASP WIA - Asia Volunteer Co-ordinator & SecretarY
> Heading InfoSecGirls (Infosecgirls.in)
> https://www.linkedin.com/in/vandana-verma/
>
> On Fri, Mar 15, 2019 at 3:02 PM Avi D (OWASP Israel) <
> avi.douglen at owasp.org> wrote:
>
>> Thank you folks for the support and constructive suggestions.
>>
>>
>>
>> I agree with you Bjoern, though we would not bar males from joining the
>> training there is definitely much to be said for the atmosphere in women
>> groups as Prashant said.
>>
>>
>>
>> As far as financial discrimination… Not sure how much support there would
>> have been for more free trainings J
>>
>> However trainers can grant one seat in their own course to anyone they
>> want – I personally would be happy to encourage them to “donate” it to
>> those underrepresented groups, but that is really their own personal choice
>> (and affects their income, so ¯\_(ツ)_/¯  )
>>
>> Also while these may not be exactly student-affordable prices, it is very
>> cheap compared to other events. We have some excellent courses that are
>> being sold at 2 or 3 times the price, at eg Blackhat. It is really a great
>> opportunity to get great training relatively cheap…
>>
>>
>>
>> Regarding Kevin’s suggestions: we did reach out to several (many) women
>> and PoC to submit talks and trainings. Having an inclusive and supportive
>> environment is absolutely essential for that to even work though…
>>
>> Additionally, we are trying to get sponsorships (here:
>> https://telaviv.appsecglobal.org/docs/Global_AppSec_Tel_Aviv_2019_Sponsorship_Opportunities.pdf
>> , wink wink!) for diversity scholarships as well! Would be greatly
>> appreciative if you (and everyone) would share this with anyone that can
>> help support this…
>>
>>
>>
>> Cheers,
>>
>> Avi D
>>
>>
>>
>>
>>
>> *From:* owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org
>> [mailto:owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org] *On
>> Behalf Of *Bjoern Kimminich
>> *Sent:* Friday, March 15, 2019 9:39
>> *To:* owasp-leaders at lists.owasp.org; Martín Villalba <
>> martin.villalba at owasp.org>; Prashant Kv <kvprashant at owasp.org>; Vandana
>> Verma <vandana.verma at owasp.org>
>> *Cc:* OWASP Foundation Board List <owasp-board at lists.owasp.org>; Josh
>> Grossman <josh.grossman at owasp.org>; owasp-leaders at lists.owasp.org
>> *Subject:* Re: [Owasp-leaders] don't allow explicit discrimination 🙏🏿
>> (women only)
>>
>>
>>
>> Just for inspiration here are two very successful educational programs
>> from Germany to encourage more girls to go into tech, IT or nat. science:
>>
>> *
>> https://www.girls-day.de/Daten-Fakten/Das-ist-der-Girls-Day/Ein-Zukunftstag-fuer-Maedchen/english
>> * https://www.mintpink.de (no EN version available)
>>
>> If those would be "non-discriminatingly" open for boys as well, the same
>> would happen like Prashant described and it's back to square zero.
>>
>> Back to the conference trainings: The only thing I could understand
>> frustration about is the fact that the "women only"-training is the only
>> free training (sincere kudos to Vandana and WIA for that!), but I guess
>> that all other trainers are allowed to host their trainings for free as
>> well, no? Then the costs would be down to room and catering at the venue,
>> lowering the financial entrance barrier thus allowing a more diverse mix of
>> participants again.
>>
>> So, with a sprinkle of sarcasm all the offered trainings are
>> discriminating some groups either by gender or financial situation. But
>> that makes it fair again, as everyone can feel equally discriminated. Or
>> nobody does, which might be the preferable choice?
>>
>> Cheers,
>> Björn
>>
>> Am 15. März 2019 07:12:46 MEZ schrieb "Martín Villalba" <
>> martin.villalba at owasp.org>:
>>
>> Being a supporter of minority groups, I sometimes struggle myself to draw
>> the line between supporting minority groups vs. not discriminating majority
>> groups.  I think this one may be one of those cases for you Timur.  It
>> should be clear to all of us that the intent of this women-only training is
>> not discrimination of other genders, but only supporting and encouraging
>> women in AppSec by giving them a space where they can feel more comfortable
>> than they usually do in a male-dominated environment (same idea Prashant
>> mentioned).
>>
>>
>>
>> A while ago Vandana sent an email explaining this very clearly but
>> unfortunately I couldn't find it just now.  She could share her thoughts
>> again in this thread, if she feels like doing so (maybe just a copy paste
>> from that older email).
>>
>>
>>
>> Perhaps this women-only training would warrant a very brief explanation
>> (somewhere in the conference page) as of why OWASP makes the choice to have
>> a women-only event.  This could even bring awareness to more people and
>> hopefully help build towards gender equality.
>>
>>
>>
>> Cheers,
>>
>> Martín.
>>
>>
>>
>>
>>
>> On Thu, Mar 14, 2019 at 10:58 PM Prashant Kv <kvprashant at owasp.org>
>> wrote:
>>
>> Let’s not politicize everything.
>>
>>
>>
>>  Feedback I have received from many girls is, InfoSec trainings tend to
>> be male dominated and they feel unwelcomed to ask basic questions. They
>> feel They are often rediculed for asking basic questions. The motive of
>> women only training is not to exclude men but to give a closer and more
>> emphatic learning environment for women. We did similar trainings in India
>> and ladies have found it extremely useful. Ladies could get their doubts
>> clarified without been afraid of rediculed or labeled.
>>
>>
>>
>> Regards
>>
>> Prashant
>>
>>
>>
>>
>>
>> On Thursday, March 14, 2019, Timur 'x' Khrotko [owasp] <timur at owasp.org>
>> wrote:
>>
>> Dear Board, dear Josh,
>>
>>
>>
>> please modify the conditions of the Burp/ZAP training announced at Appsec
>> Global in Tel Aviv. The "women only" condition is gender discriminatory,
>> that is just plainly discriminatory and as such contradicts the faith and
>> probably the policies of OWASP. Also it contradicted the training review
>> policy which promised to make choices solely on professional grounds.
>>
>>
>>
>> Dear all,
>>
>>
>>
>> I understand the idea behind it and I support the WIA initiative but
>> there must be common sense limits. You shouldn't encourage black only
>> tailor shops in your holy fight with racially discriminatory tailor shops.
>>
>>
>>
>> There're options to keep the idea, maybe make the training free for WIA
>> members -- that would be against my taste still but maybe something
>> tolerable. Or let WIA invent a clever and tasteful solution for the
>> conditions of a free training to engage female devs in secdev.
>>
>>
>>
>> As far as I know this isn't an issue with the Tel Aviv organisers as this
>> training was nested from above. And also this women only thing already
>> happened at one of the previous conferences, in the US probably.
>>
>>
>>
>> Consider that when one inserts trainings for political reasons then
>> similar trainings which could compete on professional grounds get
>> automatically excluded. So by promoting causes which are not exactly the
>> core causes OWASP exists for one harms the professional impartiality/etc.
>>
>>
>>
>> Satirical sidenote: I'm not afraid of being tagged as trumpist since I'm
>> already a Russian troll 😀 And during the Samantha-gate I already
>> accepted highbrow American comments that we don't know modern social/moral
>> norms at this side of the world.
>>
>>
>>
>> Or would it be a good move next time to announce a 'Muslims only', 'Jews
>> only', 'childfree only' or a 'gay only' training next time? (I subscribe to
>> support all these causes and peoples sometimes discriminated -- even in my
>> OWASP hat but not in a discriminatory way.)
>>
>>
>>
>> Your thoughts?
>>
>>
>>
>> Current reference: https://telaviv.appsecglobal.org/registration/
>>
>>
>>
>> Timur
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> --
>
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20190318/893995b2/attachment-0001.html>


More information about the Owasp-board mailing list