[Owasp-leaders] don't allow explicit discrimination 🙏🏿 (women only)

Lucas Ferreira lucas.ferreira at owasp.org
Mon Mar 18 14:38:43 UTC 2019


I also would like to praise the efforts from the conference organizers, WIA
and Vandana in working to tackle gender equality and women empowerment
issues.

Cheers and congrats!

Lucas

On Mon, 18 Mar 2019 at 13:49, psiinon <psiinon at gmail.com> wrote:

> Hi Vandana,
>
> For the record I would like to thank you for running this workshop and
> completely support it.
> If you can let me know how many women can participate and a suitable
> postal address then I'll send you enough ZAP stickers for all of them :)
>
> Many thanks,
>
> Simon
>
> On Fri, Mar 15, 2019 at 1:53 PM Vandana Verma <vandana.verma at owasp.org>
> wrote:
>
>> Hi All,
>>
>> Thank You so much for responding and sharing your valuable inputs.
>>
>> To share my perspective. I have been helping the WIA (Women In Appsec)
>> initiative and its activities for over 2 years now and I have been asked
>> this question too many times i.e., why women only?. I do not mind answering
>> this, again and again, so will try to put some of my thoughts here. These
>> are just my opinion on this subject and it could very well be wrong from
>> someone's perspective.
>>
>> I live in Bangalore (India) and have worked in the industry for over 12
>> years now. I also co-lead OWASP Bangalore chapter. I cannot emphasise more
>> on the overall positive impact the awesome security community had on my
>> overall career and I am really grateful for it. However, during my last few
>> years, I realised the fact that even though the security community is
>> awesome, most of the time women find themselves comfortable to speak, share
>> knowledge or ideas openly only after they have spent some time in the
>> business.
>>
>> There is no doubt about the fact that the issue of fewer women
>> participation or minorities exists (if you want to discuss and debate about
>> this, we can find some time somewhere to talk about it). So, I felt the
>> need to help encourage more women to join the industry and community and
>> get to experience themselves how awesome the community is. Just an example
>> - If you exclude WIA training, there is no other female trainer in all
>> other 13 training.
>>
>> *Like others mentioned, there are many reasons to keep it, women-only
>> (however, we have not said NO to anyone. If a male comes and says they
>> can't afford other trainings and want to attend this one, we are always
>> happy to take them). The idea is to provide a women-only environment where
>> they can be comfortable in asking questions, making mistakes and not feel
>> intimidated (I know a lot of people might not agree to this, but being a
>> female, I understand this and hence felt the need to address it). *
>>
>> There is a reason we host a basic training on "Web Application Hacking
>> with Burp Suite and ZAP" and not some advanced topics like "Secure Coding
>> in C++", and what not. The idea of the basic training is to provide a soft
>> push to more women to feel encouraged enough to join the industry and
>> community. Once they are here with the basic knowledge, they can themselves
>> explore all other learning opportunities, participate and experience the
>> awesome community. So even if it might look like its discriminatory to you,
>> my idea of giving so much hours to it to bridge the gap (I cannot comment
>> on discrimination because I've never felt in this community but I can see a
>> clear gap in women participation because of all sorts of natural and
>> societal reasons)
>>
>> I have a full time employment. Tel Aviv is close to my home but it takes
>> ~24 hours to travel to places in the US from India for conducting any such
>> trainings. I also have an easy option to submit paid trainings through CFTs
>> and get paid for my efforts. I don't think it's fair to call the reasons
>> political or discriminatory.
>>
>> Thank You,
>> Vandana Verma
>> OWASP Bangalore - Chapter Leader
>> OWASP WIA - Asia Volunteer Co-ordinator & SecretarY
>> Heading InfoSecGirls (Infosecgirls.in)
>> https://www.linkedin.com/in/vandana-verma/
>>
>> On Fri, Mar 15, 2019 at 3:02 PM Avi D (OWASP Israel) <
>> avi.douglen at owasp.org> wrote:
>>
>>> Thank you folks for the support and constructive suggestions.
>>>
>>>
>>>
>>> I agree with you Bjoern, though we would not bar males from joining the
>>> training there is definitely much to be said for the atmosphere in women
>>> groups as Prashant said.
>>>
>>>
>>>
>>> As far as financial discrimination… Not sure how much support there
>>> would have been for more free trainings J
>>>
>>> However trainers can grant one seat in their own course to anyone they
>>> want – I personally would be happy to encourage them to “donate” it to
>>> those underrepresented groups, but that is really their own personal choice
>>> (and affects their income, so ¯\_(ツ)_/¯  )
>>>
>>> Also while these may not be exactly student-affordable prices, it is
>>> very cheap compared to other events. We have some excellent courses that
>>> are being sold at 2 or 3 times the price, at eg Blackhat. It is really a
>>> great opportunity to get great training relatively cheap…
>>>
>>>
>>>
>>> Regarding Kevin’s suggestions: we did reach out to several (many) women
>>> and PoC to submit talks and trainings. Having an inclusive and supportive
>>> environment is absolutely essential for that to even work though…
>>>
>>> Additionally, we are trying to get sponsorships (here:
>>> https://telaviv.appsecglobal.org/docs/Global_AppSec_Tel_Aviv_2019_Sponsorship_Opportunities.pdf
>>> , wink wink!) for diversity scholarships as well! Would be greatly
>>> appreciative if you (and everyone) would share this with anyone that can
>>> help support this…
>>>
>>>
>>>
>>> Cheers,
>>>
>>> Avi D
>>>
>>>
>>>
>>>
>>>
>>> *From:* owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org
>>> [mailto:owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org] *On
>>> Behalf Of *Bjoern Kimminich
>>> *Sent:* Friday, March 15, 2019 9:39
>>> *To:* owasp-leaders at lists.owasp.org; Martín Villalba <
>>> martin.villalba at owasp.org>; Prashant Kv <kvprashant at owasp.org>; Vandana
>>> Verma <vandana.verma at owasp.org>
>>> *Cc:* OWASP Foundation Board List <owasp-board at lists.owasp.org>; Josh
>>> Grossman <josh.grossman at owasp.org>; owasp-leaders at lists.owasp.org
>>> *Subject:* Re: [Owasp-leaders] don't allow explicit discrimination 🙏🏿
>>> (women only)
>>>
>>>
>>>
>>> Just for inspiration here are two very successful educational programs
>>> from Germany to encourage more girls to go into tech, IT or nat. science:
>>>
>>> *
>>> https://www.girls-day.de/Daten-Fakten/Das-ist-der-Girls-Day/Ein-Zukunftstag-fuer-Maedchen/english
>>> * https://www.mintpink.de (no EN version available)
>>>
>>> If those would be "non-discriminatingly" open for boys as well, the same
>>> would happen like Prashant described and it's back to square zero.
>>>
>>> Back to the conference trainings: The only thing I could understand
>>> frustration about is the fact that the "women only"-training is the only
>>> free training (sincere kudos to Vandana and WIA for that!), but I guess
>>> that all other trainers are allowed to host their trainings for free as
>>> well, no? Then the costs would be down to room and catering at the venue,
>>> lowering the financial entrance barrier thus allowing a more diverse mix of
>>> participants again.
>>>
>>> So, with a sprinkle of sarcasm all the offered trainings are
>>> discriminating some groups either by gender or financial situation. But
>>> that makes it fair again, as everyone can feel equally discriminated. Or
>>> nobody does, which might be the preferable choice?
>>>
>>> Cheers,
>>> Björn
>>>
>>> Am 15. März 2019 07:12:46 MEZ schrieb "Martín Villalba" <
>>> martin.villalba at owasp.org>:
>>>
>>> Being a supporter of minority groups, I sometimes struggle myself to
>>> draw the line between supporting minority groups vs. not discriminating
>>> majority groups.  I think this one may be one of those cases for you
>>> Timur.  It should be clear to all of us that the intent of this women-only
>>> training is not discrimination of other genders, but only supporting and
>>> encouraging women in AppSec by giving them a space where they can feel more
>>> comfortable than they usually do in a male-dominated environment (same
>>> idea Prashant mentioned).
>>>
>>>
>>>
>>> A while ago Vandana sent an email explaining this very clearly but
>>> unfortunately I couldn't find it just now.  She could share her thoughts
>>> again in this thread, if she feels like doing so (maybe just a copy paste
>>> from that older email).
>>>
>>>
>>>
>>> Perhaps this women-only training would warrant a very brief explanation
>>> (somewhere in the conference page) as of why OWASP makes the choice to have
>>> a women-only event.  This could even bring awareness to more people and
>>> hopefully help build towards gender equality.
>>>
>>>
>>>
>>> Cheers,
>>>
>>> Martín.
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Mar 14, 2019 at 10:58 PM Prashant Kv <kvprashant at owasp.org>
>>> wrote:
>>>
>>> Let’s not politicize everything.
>>>
>>>
>>>
>>>  Feedback I have received from many girls is, InfoSec trainings tend to
>>> be male dominated and they feel unwelcomed to ask basic questions. They
>>> feel They are often rediculed for asking basic questions. The motive of
>>> women only training is not to exclude men but to give a closer and more
>>> emphatic learning environment for women. We did similar trainings in India
>>> and ladies have found it extremely useful. Ladies could get their doubts
>>> clarified without been afraid of rediculed or labeled.
>>>
>>>
>>>
>>> Regards
>>>
>>> Prashant
>>>
>>>
>>>
>>>
>>>
>>> On Thursday, March 14, 2019, Timur 'x' Khrotko [owasp] <timur at owasp.org>
>>> wrote:
>>>
>>> Dear Board, dear Josh,
>>>
>>>
>>>
>>> please modify the conditions of the Burp/ZAP training announced at
>>> Appsec Global in Tel Aviv. The "women only" condition is gender
>>> discriminatory, that is just plainly discriminatory and as such contradicts
>>> the faith and probably the policies of OWASP. Also it contradicted the
>>> training review policy which promised to make choices solely on
>>> professional grounds.
>>>
>>>
>>>
>>> Dear all,
>>>
>>>
>>>
>>> I understand the idea behind it and I support the WIA initiative but
>>> there must be common sense limits. You shouldn't encourage black only
>>> tailor shops in your holy fight with racially discriminatory tailor shops.
>>>
>>>
>>>
>>> There're options to keep the idea, maybe make the training free for WIA
>>> members -- that would be against my taste still but maybe something
>>> tolerable. Or let WIA invent a clever and tasteful solution for the
>>> conditions of a free training to engage female devs in secdev.
>>>
>>>
>>>
>>> As far as I know this isn't an issue with the Tel Aviv organisers as
>>> this training was nested from above. And also this women only thing already
>>> happened at one of the previous conferences, in the US probably.
>>>
>>>
>>>
>>> Consider that when one inserts trainings for political reasons then
>>> similar trainings which could compete on professional grounds get
>>> automatically excluded. So by promoting causes which are not exactly the
>>> core causes OWASP exists for one harms the professional impartiality/etc.
>>>
>>>
>>>
>>> Satirical sidenote: I'm not afraid of being tagged as trumpist since I'm
>>> already a Russian troll 😀 And during the Samantha-gate I already
>>> accepted highbrow American comments that we don't know modern social/moral
>>> norms at this side of the world.
>>>
>>>
>>>
>>> Or would it be a good move next time to announce a 'Muslims only', 'Jews
>>> only', 'childfree only' or a 'gay only' training next time? (I subscribe to
>>> support all these causes and peoples sometimes discriminated -- even in my
>>> OWASP hat but not in a discriminatory way.)
>>>
>>>
>>>
>>> Your thoughts?
>>>
>>>
>>>
>>> Current reference: https://telaviv.appsecglobal.org/registration/
>>>
>>>
>>>
>>> Timur
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> --
>>
>>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>


-- 
Homo sapiens non urinat in ventum.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20190318/be427284/attachment-0001.html>


More information about the OWASP-Leaders mailing list