[Owasp-leaders] don't allow explicit discrimination 🙏🏿 (women only)

Vandana Verma vandana.verma at owasp.org
Fri Mar 15 13:52:33 UTC 2019


Hi All,

Thank You so much for responding and sharing your valuable inputs.

To share my perspective. I have been helping the WIA (Women In Appsec)
initiative and its activities for over 2 years now and I have been asked
this question too many times i.e., why women only?. I do not mind answering
this, again and again, so will try to put some of my thoughts here. These
are just my opinion on this subject and it could very well be wrong from
someone's perspective.

I live in Bangalore (India) and have worked in the industry for over 12
years now. I also co-lead OWASP Bangalore chapter. I cannot emphasise more
on the overall positive impact the awesome security community had on my
overall career and I am really grateful for it. However, during my last few
years, I realised the fact that even though the security community is
awesome, most of the time women find themselves comfortable to speak, share
knowledge or ideas openly only after they have spent some time in the
business.

There is no doubt about the fact that the issue of fewer women
participation or minorities exists (if you want to discuss and debate about
this, we can find some time somewhere to talk about it). So, I felt the
need to help encourage more women to join the industry and community and
get to experience themselves how awesome the community is. Just an example
- If you exclude WIA training, there is no other female trainer in all
other 13 training.

*Like others mentioned, there are many reasons to keep it, women-only
(however, we have not said NO to anyone. If a male comes and says they
can't afford other trainings and want to attend this one, we are always
happy to take them). The idea is to provide a women-only environment where
they can be comfortable in asking questions, making mistakes and not feel
intimidated (I know a lot of people might not agree to this, but being a
female, I understand this and hence felt the need to address it). *

There is a reason we host a basic training on "Web Application Hacking with
Burp Suite and ZAP" and not some advanced topics like "Secure Coding in
C++", and what not. The idea of the basic training is to provide a soft
push to more women to feel encouraged enough to join the industry and
community. Once they are here with the basic knowledge, they can themselves
explore all other learning opportunities, participate and experience the
awesome community. So even if it might look like its discriminatory to you,
my idea of giving so much hours to it to bridge the gap (I cannot comment
on discrimination because I've never felt in this community but I can see a
clear gap in women participation because of all sorts of natural and
societal reasons)

I have a full time employment. Tel Aviv is close to my home but it takes
~24 hours to travel to places in the US from India for conducting any such
trainings. I also have an easy option to submit paid trainings through CFTs
and get paid for my efforts. I don't think it's fair to call the reasons
political or discriminatory.

Thank You,
Vandana Verma
OWASP Bangalore - Chapter Leader
OWASP WIA - Asia Volunteer Co-ordinator & SecretarY
Heading InfoSecGirls (Infosecgirls.in)
https://www.linkedin.com/in/vandana-verma/

On Fri, Mar 15, 2019 at 3:02 PM Avi D (OWASP Israel) <avi.douglen at owasp.org>
wrote:

> Thank you folks for the support and constructive suggestions.
>
>
>
> I agree with you Bjoern, though we would not bar males from joining the
> training there is definitely much to be said for the atmosphere in women
> groups as Prashant said.
>
>
>
> As far as financial discrimination… Not sure how much support there would
> have been for more free trainings J
>
> However trainers can grant one seat in their own course to anyone they
> want – I personally would be happy to encourage them to “donate” it to
> those underrepresented groups, but that is really their own personal choice
> (and affects their income, so ¯\_(ツ)_/¯  )
>
> Also while these may not be exactly student-affordable prices, it is very
> cheap compared to other events. We have some excellent courses that are
> being sold at 2 or 3 times the price, at eg Blackhat. It is really a great
> opportunity to get great training relatively cheap…
>
>
>
> Regarding Kevin’s suggestions: we did reach out to several (many) women
> and PoC to submit talks and trainings. Having an inclusive and supportive
> environment is absolutely essential for that to even work though…
>
> Additionally, we are trying to get sponsorships (here:
> https://telaviv.appsecglobal.org/docs/Global_AppSec_Tel_Aviv_2019_Sponsorship_Opportunities.pdf
> , wink wink!) for diversity scholarships as well! Would be greatly
> appreciative if you (and everyone) would share this with anyone that can
> help support this…
>
>
>
> Cheers,
>
> Avi D
>
>
>
>
>
> *From:* owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org
> [mailto:owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org] *On
> Behalf Of *Bjoern Kimminich
> *Sent:* Friday, March 15, 2019 9:39
> *To:* owasp-leaders at lists.owasp.org; Martín Villalba <
> martin.villalba at owasp.org>; Prashant Kv <kvprashant at owasp.org>; Vandana
> Verma <vandana.verma at owasp.org>
> *Cc:* OWASP Foundation Board List <owasp-board at lists.owasp.org>; Josh
> Grossman <josh.grossman at owasp.org>; owasp-leaders at lists.owasp.org
> *Subject:* Re: [Owasp-leaders] don't allow explicit discrimination 🙏🏿
> (women only)
>
>
>
> Just for inspiration here are two very successful educational programs
> from Germany to encourage more girls to go into tech, IT or nat. science:
>
> *
> https://www.girls-day.de/Daten-Fakten/Das-ist-der-Girls-Day/Ein-Zukunftstag-fuer-Maedchen/english
> * https://www.mintpink.de (no EN version available)
>
> If those would be "non-discriminatingly" open for boys as well, the same
> would happen like Prashant described and it's back to square zero.
>
> Back to the conference trainings: The only thing I could understand
> frustration about is the fact that the "women only"-training is the only
> free training (sincere kudos to Vandana and WIA for that!), but I guess
> that all other trainers are allowed to host their trainings for free as
> well, no? Then the costs would be down to room and catering at the venue,
> lowering the financial entrance barrier thus allowing a more diverse mix of
> participants again.
>
> So, with a sprinkle of sarcasm all the offered trainings are
> discriminating some groups either by gender or financial situation. But
> that makes it fair again, as everyone can feel equally discriminated. Or
> nobody does, which might be the preferable choice?
>
> Cheers,
> Björn
>
> Am 15. März 2019 07:12:46 MEZ schrieb "Martín Villalba" <
> martin.villalba at owasp.org>:
>
> Being a supporter of minority groups, I sometimes struggle myself to draw
> the line between supporting minority groups vs. not discriminating majority
> groups.  I think this one may be one of those cases for you Timur.  It
> should be clear to all of us that the intent of this women-only training is
> not discrimination of other genders, but only supporting and encouraging
> women in AppSec by giving them a space where they can feel more comfortable
> than they usually do in a male-dominated environment (same idea Prashant
> mentioned).
>
>
>
> A while ago Vandana sent an email explaining this very clearly but
> unfortunately I couldn't find it just now.  She could share her thoughts
> again in this thread, if she feels like doing so (maybe just a copy paste
> from that older email).
>
>
>
> Perhaps this women-only training would warrant a very brief explanation
> (somewhere in the conference page) as of why OWASP makes the choice to have
> a women-only event.  This could even bring awareness to more people and
> hopefully help build towards gender equality.
>
>
>
> Cheers,
>
> Martín.
>
>
>
>
>
> On Thu, Mar 14, 2019 at 10:58 PM Prashant Kv <kvprashant at owasp.org> wrote:
>
> Let’s not politicize everything.
>
>
>
>  Feedback I have received from many girls is, InfoSec trainings tend to be
> male dominated and they feel unwelcomed to ask basic questions. They feel
> They are often rediculed for asking basic questions. The motive of women
> only training is not to exclude men but to give a closer and more emphatic
> learning environment for women. We did similar trainings in India and
> ladies have found it extremely useful. Ladies could get their doubts
> clarified without been afraid of rediculed or labeled.
>
>
>
> Regards
>
> Prashant
>
>
>
>
>
> On Thursday, March 14, 2019, Timur 'x' Khrotko [owasp] <timur at owasp.org>
> wrote:
>
> Dear Board, dear Josh,
>
>
>
> please modify the conditions of the Burp/ZAP training announced at Appsec
> Global in Tel Aviv. The "women only" condition is gender discriminatory,
> that is just plainly discriminatory and as such contradicts the faith and
> probably the policies of OWASP. Also it contradicted the training review
> policy which promised to make choices solely on professional grounds.
>
>
>
> Dear all,
>
>
>
> I understand the idea behind it and I support the WIA initiative but there
> must be common sense limits. You shouldn't encourage black only tailor
> shops in your holy fight with racially discriminatory tailor shops.
>
>
>
> There're options to keep the idea, maybe make the training free for WIA
> members -- that would be against my taste still but maybe something
> tolerable. Or let WIA invent a clever and tasteful solution for the
> conditions of a free training to engage female devs in secdev.
>
>
>
> As far as I know this isn't an issue with the Tel Aviv organisers as this
> training was nested from above. And also this women only thing already
> happened at one of the previous conferences, in the US probably.
>
>
>
> Consider that when one inserts trainings for political reasons then
> similar trainings which could compete on professional grounds get
> automatically excluded. So by promoting causes which are not exactly the
> core causes OWASP exists for one harms the professional impartiality/etc.
>
>
>
> Satirical sidenote: I'm not afraid of being tagged as trumpist since I'm
> already a Russian troll 😀 And during the Samantha-gate I already
> accepted highbrow American comments that we don't know modern social/moral
> norms at this side of the world.
>
>
>
> Or would it be a good move next time to announce a 'Muslims only', 'Jews
> only', 'childfree only' or a 'gay only' training next time? (I subscribe to
> support all these causes and peoples sometimes discriminated -- even in my
> OWASP hat but not in a discriminatory way.)
>
>
>
> Your thoughts?
>
>
>
> Current reference: https://telaviv.appsecglobal.org/registration/
>
>
>
> Timur
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20190315/697c9457/attachment-0001.html>


More information about the OWASP-Leaders mailing list