Cynthia Brumfield / Metacurity  
Things Are Looking Up for Women at DEF CON, But Problems Still Linger

By Cynthia Brumfield,

(Las Vegas, NV) The annual gathering of the world’s top hackers, DEF CON, was a double-sided coin when it came to gender issues at the majority male event. At its best, this year’s DEF CON attracted more women, and more women appeared as contestants at DEF CON or DEF CON-related challenges, than ever before, according to many attendees. Jennifer Steffens, CEO of cybersecurity solutions provider IOActive, said that this year’s DEF CON was “one of the most inclusive events” for women she has attended in her many years of attendance. “Even men are calling it out.”

This year’s R00TZ events, aimed at teaching hacking skills to children between eight and 16 years old, appeared to have a 50/50 ratio when it came to gender, according to a female IT executive at DEF CON. DARPA’s Cyber Grand Challenge Final Event, which capped a groundbreaking initiative to test the idea of automated cyber reasoning systems, featured three teams with female members.  And this year’s DEF CON featured a two-day Tiaracon to advance the careers of women in cybersecurity.

At its worst, however, DEF CON maintained what is a less-than-enlightened attitude toward women, highlighted by the oldest contest of the event, Hacker Jeopardy. During the 2016 Hacker Jeopardy contest, scantily clad females delivered drinks to the contestants (with one female server plopping a sex toy resembling a male sex organ on the speakers’ dais) while questions were posed about male sex organs.

In an ironic bit of justice, a women hacker who goes by the name Banaside, won the contest.

But that didn’t really dampen the concerns among the hacking community.

One DEF CON attendee, Emily Maxima, was so perturbed by the event, she posted a piece on Medium entitled When Will DEFCON Stop Being A Massive Sexist Cringe-Fest? It wasn’t her first run-in with bad behavior at DEF CON and she pointed back to a 2012 piece by Valerie Aurora entitled DEF CON: Why conference harassment matters (written in a year when conference organizers agreed to fund a red/yellow card project involving cards to hand out at DEF CON if someone was saying or doing something inappropriate).

IOActive's Wine, Women and Wisdom networking event.

IOActive’s Wine, Women and Wisdom networking event.

Yet even this year’s Hacker Jeopardy had another bright spot for women, aside from its female winner. Ten years ago, “they had actual strippers that got naked,” Steffens of IOActive said.

Steffens, who leads women’s cybersecurity networking events wherever she goes, makes a distinction between the cybersecurity industry and the hacking community.

“Security is a broader spectrum. Hacking is a very highly technical skill,” she said. The cybersecurity sector embraces a growing and much larger female workforce. But even in the hacker community “the culture is changing,” according to Steffens. She worries that too much focus on the “poor socialization skills” of some hackers could have the unintended consequence of turning girls and women away from the field, perpetuating its male dominance.

Still, “hypersexuality doesn’t belong at conferences,” Debra Farber, Co-Founder of Women in Security and Privacy said. When she saw what was going on during Hacker Jeopardy, Farber said she felt “like we took 20 steps back.”

Part of the gender objectification atmosphere is the location. “It’s hard to take Vegas out of Vegas,” one male attendee said. But a big part of it is the longstanding tolerance of conference organizers, despite DEF CON’s established Code of Conduct, which clearly states the conference wants “a safe and productive environment for everyone” and “insulting or harassing other participants is unacceptable.” It doesn’t help that many of the male attendees see no problem with what happened at Hacker Jeopardy.

One solution to this problem is to create female-oriented tracks at DEF CON, such as Tiaracon, and at other hacking and cybersecurity venues too. But that raises the question of whether “women-oriented” educational sessions perpetuate the notion of gender inequality or worse create networking opportunities where men feel uncomfortable, as was widely rumored to be the case among some of the attendees.

“Cybersecurity should be gender neutral, but there has to be a support system [for women] in place,” Tracy Maleeff of Sherpa Intelligence said. “We invite the women out but don’t keep the men away,” Steffens said regarding her own networking events. Even so given the problems women hackers face, “I don’t think it’s wrong to have a women-only event,” she added.

(Image of DEFCON’S Hacker Jeopardy 2016 via @dhelder)