[Owasp-leaders] don't allow explicit discrimination 🙏🏿 (women only)

Connor Carr connor.carr at owasp.org
Sun Mar 17 10:28:46 UTC 2019


Not opposed to training advertised towards women at all, it's unfortunate
that this sort of thing has to happen but it's absolutely necessary.

We need to offer women-focused events because quite frankly every other
event is man-focused and men do not make an effort to make women
comfortable. You can all interject with "I try to make women feel
comfortable" and I'd congratulate that, but you are by far an exception.

Complaining about women focused training (even if it was women only, which
you have stated it isn't) is the equivalent to complaining about
international women's day and asking why there's no international men's day
(there is, but I would argue it is the other 364 days).

I'm happy to hear any alternatives that will encourage more of a 50/50
split but until men stop being elitist, gatekeeping, creepy sexists that's
simply not going to happen.

On Sun, 17 Mar 2019, 08:46 Avi D (OWASP Israel), <avi.douglen at owasp.org>
wrote:

> Absolutely agree.
>
>
>
> One thing that Liam did say was about “equal access to opportunity”. I
> agree with that 100% - this is absolutely about equalizing access to
> opportunity.
>
> However, the situation today is that there is NOT equal access – the
> overwhelming bias in almost all markets means that most of the
> opportunities are going to men (and in many countries, specifically
> “straight white men”) – whether it is companies that prefer to send one
> group of employees to conference opportunities, default to promoting (and
> hiring) from a specific group, pay for training for one group of employees…
> Or if someone wanted to pay for this themselves, one group has on average
> 20-30% (or more) higher salary than the others, which means more available
> cash to afford this themselves.
>
>
>
> The point of this WIA training is to compensate for that existing bias,
> even if just a little, and provide extra opportunities for those that
> otherwise would miss out on opportunities and not be able to join. As I
> said we would not ban anyone from joining for being a man, however as a
> group men do not need that that extra opportunity.
>
>
>
> The point is that **as a group** there are people that are de facto
> excluded from events like this, even if it is “open to everybody”. It is
> like offering “unisex” tshirts that only fit men…
>
>
>
> The point of this training is to equalize access to opportunity.
>
>
>
> Is anyone truly opposed to that?
>
>
>
> Avi D
>
>
>
>
>
> *From:* owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org
> [mailto:owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org] *On
> Behalf Of *Prashant Kv
> *Sent:* Sunday, March 17, 2019 7:36
> *To:* Timur 'x' Khrotko [owasp] <timur at owasp.org>
> *Cc:* OWASP Foundation Board List <owasp-board at lists.owasp.org>; Josh
> Grossman <josh.grossman at owasp.org>; OWASP Leaders <
> owasp-leaders at lists.owasp.org>
> *Subject:* Re: [Owasp-leaders] don't allow explicit discrimination 🙏🏿
> (women only)
>
>
>
> https://www.dayofshecurity.com/
>
>
>
> https://girlswhocode.com/
>
>
>
> Above initiatives are started in USA . Don’t tell me problem is there only
> in countries like India. I am part of San Francisco Bay Area Owasp chapter
> and I hardly see women boldly asking questions. Problem is worldwide.
>
> For all the talk, Usa never ever had a women president and Israel had one
> lady prime minister. India and all its neighboring countries has had lady
> head of states in past.
>
>
>
> On Saturday, March 16, 2019, Timur 'x' Khrotko [owasp] <timur at owasp.org>
> wrote:
>
> Dear all, I still maintain my request to correct the condition of the free
> Burp/ZAP training in Tel Aviv to anything tolerable from 'women only'.
>
>
>
> 'Women only' is gender discriminatory by design and as such should not be
> tolerated. In the below conversation I found no reason that could outweigh
> this issue. While Kevin and Liam suggested solutions which could fulfill
> the purpose of helping/sponsoring/engaging chosen groups/causes.
>
>
>
> Dear Vandana, I respect your missionary work. It's only that the solution
> you proposed to replicate from your successful practice in India is not
> proper in Europe/Israel. As well I would not assume that the situation you
> are curing in India is present in Europe in the same manner. Especially in
> Israel where women join the regular service in defense forces equally to
> men. And I assume that female developers travelling to Appsec Global can
> easily learn in coeducational circumstances.
>
>
>
> PS. Also I see a parallel issue in that that there is no regulation of
> having free trainings of any kind at OWASP conferences. Like if there is a
> preselected free training then its topic should be announced in the CfT to
> prevent trainers proposing their for profit trainings with the same topic.
> Etc.
>
>
>
> Thanks for the discussion,
>
> Timur
>
>
>
> On Fri, Mar 15, 2019 at 3:37 PM Liam Smit <liam.smit at gmail.com> wrote:
>
>
>
> Hi Avi
>
>
>
> It seemed that Timur was pointing out the double standard or hypocrisy
> involved in claiming to be inclusive yet being exclusive to one gender and
> thus discriminating. This would see to be confirmed by his questions around
> other exclusive training examples of race, religion, not having children
> and sexual orientation. In effect he appears to be asking if it is only OK
> to discriminate to increase diversity.
>
>
>
> If the end goal to ensure equal representation of every gender, race, age,
> sexual orientation, gender identity, religion, etc. in every field,
> conference and other walk of life then it is going to involve a gargantuan
> amount of social engineering to achieve that  which would entail
> individuals giving up their right to privacy of those attributes as well as
> some sort of bureaucracy to assign more resources to certain groups defined
> by the chosen defining characteristic as well as encourage people to pursue
> a certain direction at the expense of their other options.
>
>
>
> By mentioning "gender, e.g. PoC, trans, and more" you have already touched
> on the problem of how does one define let alone measure diversity. What
> about diversity of age, current or past financial status, interests, or
> ideas? Ironically with enough effort and enough groups we could end up with
> a list of permutations that result in one individual per permutation at
> which point we could probably dispense with dividing people up into
> groups... ;-)
>
>
>
> Personally I do not feel offended if there is an event aimed at women, one
> aimed at the youth to explain the dangers of social media, training aimed
> at the elderly on how to spot con artist scams, etc. Of course at the same
> time it would be silly to prevent, e.g., parents or teachers from attending
> a course aimed at children because they would most likely be able to pass
> knowledge on to children and younger people who have parents who they
> consider at risk to such scams.
>
>
>
> I would suggest equal access to opportunity is the simplest way of
> allowing people to learn and partake in what they find interesting. Online
> computer based training offers a scalable (physical space is limited),
> affordable (financial considerations are real) and effective way to learn
> the basic (and even the more advanced) concepts without having to fear
> being ridiculed (a specific issue raised by Pravant). You could also have a
> classroom rule of do not ridicule basic questions, provide the basic
> information before the training to get everyone up to a similar level or
> encourage a friendly atmosphere in the class so that the worst anyone gets
> is a gentle ribbing and I mention that last one as someone who purposefully
> asks the stupid question in a group environment.
>
>
>
> I am not sure why you saw fit to make a comment about Jim Crow laws or
> joking about white supremacy. Perhaps I am missing some context but if it
> solely based on Timur's email then it would appear that you are attempting
> to label him as a bad person to dismiss his argument instead of addressing
> the substance of his argument. If that is indeed the case then that is at
> best poor debating skills. Regardless, it is far better to identify the
> specific issues hindering access to education or training and address each
> of those in turn to improve the situation.
>
>
>
> My sincere thanks to everyone (including Timur and Avi) in the thread who
> highlighted what they considered specific problems, offered feedback and
> suggestions on how to improve access to information security training and
> of course to those like Vandana who volunteer their time and effort to
> provide free training! Being able to rationally discuss problems in a civil
> manner in order to come up with potential solutions is a fundamental
> requirement to helping OWASP achieve its purpose of safe and secure
> software.
>
>
>
>
>
> Regards,
>
>
>
> Liam
>
>
>
> On Fri, Mar 15, 2019 at 11:05 AM Avi D (OWASP Israel) <
> avi.douglen at owasp.org> wrote:
>
> Hi Timur,
>
>
>
> As you know, I am the conference chair for this event. It’s a shame you
> didn’t feel comfortable reaching out to me directly before complaining at
> everybody. J
>
>
>
> As Josh explained to you, I added this training outside the CFT submission
> process. As such there was never any conflict between this and any other
> submitted training proposal that may have been on a similar topic. This
> FREE training is being organized by the WIA committee, and Vandana in
> particular, and offered free (at her own personal expense) to _increase_
> inclusion in OWASP events, and the industry in general.
>
>
>
> Whether or not you have encountered a problem with the current level of
> diversity in OWASP, AppSec events, and the industry in general – I assure
> you, this problem exists, it is significant, and it’s in a pretty terrible
> state right now. This free training is a blessed effort to get more women
> (and those identifying as women, as well as other underrepresented groups)
> into the industry, help them get started in a field that has traditionally
> been (and still is) biased against these groups, and hopefully rebalance
> our overwhelmingly male community. This is absolutely one of the core
> causes of OWASP, and part of our core mission: to make security visible and
> accessible to ALL developers etc.
>
>
>
> That said, if you feel strongly about it you can just as well sign up for
> the course – we will not be checking anyone’s genitals before we let them
> through the door. (Though I believe you are teaching a course yourself at
> the same time? So I’m not sure what you’re cranky about here.)
>
>
>
> FYI, I will point out that we do have a strict Code of Conduct at our
> event, in addition to OWASP’s generic one. TBF it is a bit basic IMO, but
> it DOES have teeth: any abuse, harassment, or making someone feel like they
> do not belong is not acceptable, and can even lead to expelling an abuser,
> no matter who they are. Anyone and everyone should feel comfortable and
> safe attending and participating in the conference.
>
> Suggesting a comparison between WIA and other inclusivity efforts to Jim
> Crow laws, or trivializing these efforts as “political reasons”, or joking
> about white supremacy – this is not really a bannable offense, but I would
> strongly suggest reconsidering this approach. It’s not a wholesome path to
> be on… J
>
>
>
> Looking forward to seeing you here again, and discussing further over a
> beer (or non-alcoholic drink if you prefer)!
>
>
>
> Regards,
>
> Avi D
>
>
>
> P.S. I am aware that are lack of diversity is not solely based on gender,
> e.g. PoC, trans, and more. As there are many groups that are not quite
> comfortable in many of these events, we do try to express universal
> inclusivity, and explicitly mention that anyone from underrepresented
> groups are included, not just women. If anyone feels they are still left
> out from this, please let me know and we will do whatever we can.
>
>
>
>
>
> *From:* owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org
> [mailto:owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org] *On
> Behalf Of *Timur 'x' Khrotko [owasp]
> *Sent:* Friday, March 15, 2019 3:31
> *To:* Josh Grossman <josh.grossman at owasp.org>; OWASP Foundation Board
> List <owasp-board at lists.owasp.org>; owasp-leaders at lists.owasp.org
> *Subject:* [Owasp-leaders] don't allow explicit discrimination 🙏🏿
> (women only)
>
>
>
> Dear Board, dear Josh,
>
>
>
> please modify the conditions of the Burp/ZAP training announced at Appsec
> Global in Tel Aviv. The "women only" condition is gender discriminatory,
> that is just plainly discriminatory and as such contradicts the faith and
> probably the policies of OWASP. Also it contradicted the training review
> policy which promised to make choices solely on professional grounds.
>
>
>
> Dear all,
>
>
>
> I understand the idea behind it and I support the WIA initiative but there
> must be common sense limits. You shouldn't encourage black only tailor
> shops in your holy fight with racially discriminatory tailor shops.
>
>
>
> There're options to keep the idea, maybe make the training free for WIA
> members -- that would be against my taste still but maybe something
> tolerable. Or let WIA invent a clever and tasteful solution for the
> conditions of a free training to engage female devs in secdev.
>
>
>
> As far as I know this isn't an issue with the Tel Aviv organisers as this
> training was nested from above. And also this women only thing already
> happened at one of the previous conferences, in the US probably.
>
>
>
> Consider that when one inserts trainings for political reasons then
> similar trainings which could compete on professional grounds get
> automatically excluded. So by promoting causes which are not exactly the
> core causes OWASP exists for one harms the professional impartiality/etc.
>
>
>
> Satirical sidenote: I'm not afraid of being tagged as trumpist since I'm
> already a Russian troll 😀 And during the Samantha-gate I already
> accepted highbrow American comments that we don't know modern social/moral
> norms at this side of the world.
>
>
>
> Or would it be a good move next time to announce a 'Muslims only', 'Jews
> only', 'childfree only' or a 'gay only' training next time? (I subscribe to
> support all these causes and peoples sometimes discriminated -- even in my
> OWASP hat but not in a discriminatory way.)
>
>
>
> Your thoughts?
>
>
>
> Current reference: https://telaviv.appsecglobal.org/registration/
>
>
>
> Timur
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> This message may contain confidential information - you should handle it
> accordingly.
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20190317/2e242972/attachment-0001.html>


More information about the OWASP-Leaders mailing list