[Owasp-leaders] don't allow explicit discrimination 🙏🏿 (women only)
liam.smit at gmail.com
Fri Mar 15 14:37:00 UTC 2019
It seemed that Timur was pointing out the double standard or hypocrisy
involved in claiming to be inclusive yet being exclusive to one gender and
thus discriminating. This would see to be confirmed by his questions around
other exclusive training examples of race, religion, not having children
and sexual orientation. In effect he appears to be asking if it is only OK
to discriminate to increase diversity.
If the end goal to ensure equal representation of every gender, race, age,
sexual orientation, gender identity, religion, etc. in every field,
conference and other walk of life then it is going to involve a gargantuan
amount of social engineering to achieve that which would entail
individuals giving up their right to privacy of those attributes as well as
some sort of bureaucracy to assign more resources to certain groups defined
by the chosen defining characteristic as well as encourage people to pursue
a certain direction at the expense of their other options.
By mentioning "gender, e.g. PoC, trans, and more" you have already touched
on the problem of how does one define let alone measure diversity. What
about diversity of age, current or past financial status, interests, or
ideas? Ironically with enough effort and enough groups we could end up with
a list of permutations that result in one individual per permutation at
which point we could probably dispense with dividing people up into
Personally I do not feel offended if there is an event aimed at women, one
aimed at the youth to explain the dangers of social media, training aimed
at the elderly on how to spot con artist scams, etc. Of course at the same
time it would be silly to prevent, e.g., parents or teachers from attending
a course aimed at children because they would most likely be able to pass
knowledge on to children and younger people who have parents who they
consider at risk to such scams.
I would suggest equal access to opportunity is the simplest way of allowing
people to learn and partake in what they find interesting. Online computer
based training offers a scalable (physical space is limited), affordable
(financial considerations are real) and effective way to learn the basic
(and even the more advanced) concepts without having to fear being
ridiculed (a specific issue raised by Pravant). You could also have a
classroom rule of do not ridicule basic questions, provide the basic
information before the training to get everyone up to a similar level or
encourage a friendly atmosphere in the class so that the worst anyone gets
is a gentle ribbing and I mention that last one as someone who purposefully
asks the stupid question in a group environment.
I am not sure why you saw fit to make a comment about Jim Crow laws or
joking about white supremacy. Perhaps I am missing some context but if it
solely based on Timur's email then it would appear that you are attempting
to label him as a bad person to dismiss his argument instead of addressing
the substance of his argument. If that is indeed the case then that is at
best poor debating skills. Regardless, it is far better to identify the
specific issues hindering access to education or training and address each
of those in turn to improve the situation.
My sincere thanks to everyone (including Timur and Avi) in the thread who
highlighted what they considered specific problems, offered feedback and
suggestions on how to improve access to information security training and
of course to those like Vandana who volunteer their time and effort to
provide free training! Being able to rationally discuss problems in a civil
manner in order to come up with potential solutions is a fundamental
requirement to helping OWASP achieve its purpose of safe and secure
On Fri, Mar 15, 2019 at 11:05 AM Avi D (OWASP Israel) <avi.douglen at owasp.org>
> Hi Timur,
> As you know, I am the conference chair for this event. It’s a shame you
> didn’t feel comfortable reaching out to me directly before complaining at
> everybody. J
> As Josh explained to you, I added this training outside the CFT submission
> process. As such there was never any conflict between this and any other
> submitted training proposal that may have been on a similar topic. This
> FREE training is being organized by the WIA committee, and Vandana in
> particular, and offered free (at her own personal expense) to _increase_
> inclusion in OWASP events, and the industry in general.
> Whether or not you have encountered a problem with the current level of
> diversity in OWASP, AppSec events, and the industry in general – I assure
> you, this problem exists, it is significant, and it’s in a pretty terrible
> state right now. This free training is a blessed effort to get more women
> (and those identifying as women, as well as other underrepresented groups)
> into the industry, help them get started in a field that has traditionally
> been (and still is) biased against these groups, and hopefully rebalance
> our overwhelmingly male community. This is absolutely one of the core
> causes of OWASP, and part of our core mission: to make security visible and
> accessible to ALL developers etc.
> That said, if you feel strongly about it you can just as well sign up for
> the course – we will not be checking anyone’s genitals before we let them
> through the door. (Though I believe you are teaching a course yourself at
> the same time? So I’m not sure what you’re cranky about here.)
> FYI, I will point out that we do have a strict Code of Conduct at our
> event, in addition to OWASP’s generic one. TBF it is a bit basic IMO, but
> it DOES have teeth: any abuse, harassment, or making someone feel like they
> do not belong is not acceptable, and can even lead to expelling an abuser,
> no matter who they are. Anyone and everyone should feel comfortable and
> safe attending and participating in the conference.
> Suggesting a comparison between WIA and other inclusivity efforts to Jim
> Crow laws, or trivializing these efforts as “political reasons”, or joking
> about white supremacy – this is not really a bannable offense, but I would
> strongly suggest reconsidering this approach. It’s not a wholesome path to
> be on… J
> Looking forward to seeing you here again, and discussing further over a
> beer (or non-alcoholic drink if you prefer)!
> Avi D
> P.S. I am aware that are lack of diversity is not solely based on gender,
> e.g. PoC, trans, and more. As there are many groups that are not quite
> comfortable in many of these events, we do try to express universal
> inclusivity, and explicitly mention that anyone from underrepresented
> groups are included, not just women. If anyone feels they are still left
> out from this, please let me know and we will do whatever we can.
> *From:* owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org
> [mailto:owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org] *On
> Behalf Of *Timur 'x' Khrotko [owasp]
> *Sent:* Friday, March 15, 2019 3:31
> *To:* Josh Grossman <josh.grossman at owasp.org>; OWASP Foundation Board
> List <owasp-board at lists.owasp.org>; owasp-leaders at lists.owasp.org
> *Subject:* [Owasp-leaders] don't allow explicit discrimination 🙏🏿
> (women only)
> Dear Board, dear Josh,
> please modify the conditions of the Burp/ZAP training announced at Appsec
> Global in Tel Aviv. The "women only" condition is gender discriminatory,
> that is just plainly discriminatory and as such contradicts the faith and
> probably the policies of OWASP. Also it contradicted the training review
> policy which promised to make choices solely on professional grounds.
> Dear all,
> I understand the idea behind it and I support the WIA initiative but there
> must be common sense limits. You shouldn't encourage black only tailor
> shops in your holy fight with racially discriminatory tailor shops.
> There're options to keep the idea, maybe make the training free for WIA
> members -- that would be against my taste still but maybe something
> tolerable. Or let WIA invent a clever and tasteful solution for the
> conditions of a free training to engage female devs in secdev.
> As far as I know this isn't an issue with the Tel Aviv organisers as this
> training was nested from above. And also this women only thing already
> happened at one of the previous conferences, in the US probably.
> Consider that when one inserts trainings for political reasons then
> similar trainings which could compete on professional grounds get
> automatically excluded. So by promoting causes which are not exactly the
> core causes OWASP exists for one harms the professional impartiality/etc.
> Satirical sidenote: I'm not afraid of being tagged as trumpist since I'm
> already a Russian troll 😀 And during the Samantha-gate I already
> accepted highbrow American comments that we don't know modern social/moral
> norms at this side of the world.
> Or would it be a good move next time to announce a 'Muslims only', 'Jews
> only', 'childfree only' or a 'gay only' training next time? (I subscribe to
> support all these causes and peoples sometimes discriminated -- even in my
> OWASP hat but not in a discriminatory way.)
> Your thoughts?
> Current reference: https://telaviv.appsecglobal.org/registration/
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders