Ask Chloé: Hackers' Rights and Women in Infosec - Security Boulevard

Ask Chloé: Hackers’ Rights and Women in Infosec

Welcome to the Ask Chloé column on Security Boulevard! Each week, Chloé provides advice to readers’ questions to help guide them as they navigate the technology industry. This week, Chloé explores hackers’ rights and the challenges women face in the male-dominated world of cybersecurity.

Dear Chloé,

I came across your talk on hacker rights. Since watching it, I want to be more supportive to the hacker community. What is the first thing that I can do to support them?

-CEO at a FinTech Company

Dear CEO at a FinTech Company,

First, thank you for catching the hackers rights’ talk. It’s an issue I hold near and dear to my heart. Since you are a CEO, I suggest looking into having vulnerability disclosure policies that allow for good faith hackers to report vulnerabilities that they find. If overwhelmed with creating your own policies, I highly recommend checking out Disclose.io to start the process – it’s a cross-industry, vendor agnostic standardization project that sets out safe harbor best practices to enable good faith security research. Having vulnerability disclosure policies allow hackers to know how to report vulnerabilities, to whom and what’s in-scope. It’s a direct communication that lets people know what is okay and not okay, but also acknowledges that hackers are there to protect and serve. It protects both parties while working together to perpetuate cybersecurity resiliency.

 

Dear Chloé,

I’m currently feeling like cybersecurity isn’t good for me. The harassment and discrimination for being a woman in this industry is overwhelming. Have you ever thought about leaving Infosec? If so, what kept you in this space? I’d love to hear your experiences and get advice on how to survive in an industry that is still so much a man’s world. 

-A woman stuck in a security man’s world

Dear A woman stuck in a security man’s world,

I have left Infosec briefly twice now. The first time was within my first year. I was overwhelmed by the feeling that I’d gone back in time to the 1940s. I didn’t know about Infosec Twitter or any organizations that supported women in the space. And then, I attended a conference called ‘Day of Shecurity.’ It was that event that brought me back to Infosec because I didn’t feel so alone anymore. I was introduced to incredible leaders in the space and organizations such as WISP, WiCyS and WSC. I no longer felt isolated and trapped in the 1940s! I started to network and connect to other people who also wanted to change the industry. So, I came back and attended LV Summer Camp week.

All I can say is that I can understand wanting to leave if you feel isolated and trapped in an industry that keeps closing doors. It’s hard. Not just hard; sometimes it seems impossible to open those doors, at times. When we look at boards and leadership teams and representation is missing, it does reinforce that perhaps one doesn’t actually belong. When we have representation at the top, that’s when we see we are getting closer to DEI. When there’s privilege, sometimes people just don’t care to change circumstances if they are benefiting from it or they don’t want to look at themselves to see if they are part of the problem.

All I can say is that creating a network and joining organizations that support you and want to see you thrive helps. Knowing you are not alone in this situation helps. There’s a reason why there’s a revolving door in Infosec – because there are people in this industry who don’t want to change how things are because they benefit from it.

There will always be people who are afraid of change and/or people who want to see others fail. There will be plenty of lip service from executives when it comes to women and people of color in Infosec. But pay attention to their actions.

Surround yourself with people who have your back. If you do not know where to go, I recommend checking out WoSEC, WeAreHackerz, WiCyS, WSC, Black Girls Hack, LHS, Gatebreachers, Diana Initiative, WiCSME, InfosecGirls and WISP. Perhaps looking for a different employer, one that has representation at the top and throughout the entire organization, could also help.

Learn more about the award-winning tech changemaker, Chloé Messdaghi, at https://www.standoutintech.com

Have a question? Want advice? Submit your anonymous question to Chloé: [email protected]

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard