BSides DC 2014 - Diversity in IT: #epicfail or #makingprogress?

if that's all right I'm going to take this off okay good morning every everybody thank you so much for coming I was kind of wondering like how many people would actually be here at 9:00 panel and I'm pleasantly surprised to see how many there are so um I'm a teacher so I'm used to like walking around and talking it's kind of hard for me to sit but I'll just do this for a second then I'll sit down so my name is Marcel Lee and uh uh the first thing I want to do is to thank Mark and bides for having us here um I'm with the women's Society of cyber Jitsu and we uh basically are sort of a female

Centric uh training nonprofit group for uh women and girls so we do all things cyber security we're very techy and it's focused on getting more women involved in the industry so um I have an amazing panel I'm going to just say their names and then let them introduce themselves but I have Matt Duren from tenal uh Lisa foran from women's Society of cyber Jitsu our esteemed founder Mark Covington who is with AO Security Group and Amal federal government and various other things and then Mark of course who is I'm just going to say besides and you could say whatever else you'd like to say uh so it's a panel we're going to talk about some different things but

basically um can talk a little bit about just sort of the purpose of this why we're here what we're trying to do right and uh what some of the problems are with diversity and Tech and what we see are some possible solutions as well so it's epic fail and making progress because we feel like there's a lot of good things going on and we just want to uh talk about that a little bit more so without further Ado let me have the panelists say a little bit about themselves and why they're here and you can I don't know if you want to hold it sure morning everybody uh again my name is Matt dur I work at tenable network

security I am am um the recruiter there I handle a lot of the R&D stuff uh developers uh some various security positions but uh I have about 13 years of recruiting experience mostly in the technology a little bit of college recruiting um I am hopefully going to bring a different perspective to the group here this is a Workforce issue uh I've seen a lot of things with regard to laws and uh different tactics and compliance issues that hopefully we'll we'll shed a different light on this and and hopefully bring up some Solutions yeah thanks Lisa morning everybody my name is Lisa uh founder excuse me founder and CEO of the women Society C Jitsu um as Marcel said uh we

do um we provide um resources to women to cyber um we nonprofit uh pending status right now um it was just timely that you know I started the organization what I did um because there was no other group out that I wanted to join so um in the few years that uh we've been doing this um I've seen a lot of things that I think can bring you know perspective to our discussion today so I'm I'm glad to be part of this panel thank you good morning my name is U Mark hington and I'm with the Cy Security Group um happy to be here today I um I work in the S security industry and I'm

also a teacher to software allocations at a school called Institute something involves more um hopefully I can bring my perspective to what's going on today um you know certainly a lot of minorities hopefully I

can um hello my name is cran um I currently work for the federal government I can't necessarily say where but um um done the full staff of security Stu so I'm here kind of as an information security professional but also um one of the roles I've recently stepped into as president of our agency's LGBT organization and from that I've been involved with developing Workforce policy and um you know looking at that across the federal government and how it's impacted hiring and benefits um and just being a tech person I kind of bring in my concerns um over hiring well qualified LGBT QA dot dot dot um type of people into the federal government and how we can actually lead

um in the public sector as well as where the private sector going and my name is Mark Robinson I'm the um co-founder of security bees DC um as you all already know um the last name H anation now is because I was legally went to my interracially block husband um in Vermont last week recommend pulling off a wedding and Aid at the same time um and so while I've never personally really experienced any issues as a minority in this community um I have you know obviously perspective on equality issues in general um especially what it took for us um from my marriage point of view um the fact that heing a com of Virginia that was not actually

legal until the court decision just two weeks ago so I think there's a lot of fun stuff we need to talk about all right super so thank you everybody for uh the intros um um normally I do a lot of talks about women in Tech and I have a lot of sorry here you go is that better here you go um normally I have a big PowerPoint with a lot of statistics and whatnot but we're not doing that today because it's just a panel it's a little more informal but statistics so do I need to say statistics or can we just look around the room and kind of make our own observation about statistics yeah so I

mean basically there's a lot of different Stu and it depends on who you look at but the stats are really low like women in Tech maybe around 20% um I don't know the stats for every other group that we have here but it's low and the whole point is how do we get more diversity diversity is critical right um if you have a team if you don't have diversity then it really hampers your ability to be creative and nimble and responsive to the market uh so what I'd like to ask my panelists and you can all just chime in if you want to is how do you see the team environment with diversity without diversity does it make a difference I

think it does obviously but uh okay go ahead Mark so I think for me the the thing is that you know I guess the first Oneal question is yeah do we need diversity is it is this Tech Comm okay the way it is or not and I say no and the reason why I say no is because it comes to the larger issue I think of what we all always call the echo chamber we're all always at these conferences B sides and the black hat and Decon and everything and it's the same people talking about the same things and yet we never seem to really make a whole lot of progress and actually improving information

security we still always have the buffer overflows the other stupid stuff that happens time and time again even though some of us have been doing this for over 20 years and I see the same the same things that happen today with like heart lead and everything else and and even like shell shock they're all things that are things that were doing the same thing 20 years ago if we don't fundamentally change the diversity of this group to get different viewpoints and different perspectives I don't think we're going to fix some of the larger issues that need to be solved if it's the same people with the same Viewpoint over and over and over again it's much more

difficult to make progress and that's my view thank you bar does anybody else want to comment Lisa so I think the awareness is good um awareness obviously makes people aware right that there is an issue if you didn't think there was one um so something like this is great you know what I mean um and I think every group not just our industry every different type of group has you know an issue but specifically with tech obviously um women you know um only represent um well cyber 12% women so um and ironically we found that there's a lot of diversity among women but just not the general population of folks in cyber so I think

everyone's doing their part it's going to take time but if everyone's doing their part just like any major social issue it will change in in the masses for the for the better yeah so I think we're doing good it's just it's a it's a big issue that not everyone so for this yeah there's I talk about this a lot with my recruiting Community there's a lot of talk about it I just don't think there's a lot of accountability added into it and this is across the board all departments all Industries people want to to be more inclusive of folks but until numbers are assigned to it and you never want to do that because then you start going quotas

and quotas are hor horrible when it comes to to hiring people it it it makes for more active discrimination than anything else but until there's some sort of level of accountability at the senior level it's just not going to happen thanks Matt so um whenever we talk about this it makes me think of continuous monitoring right so continuous monitoring is a checkbox that people have to do in their organizations is anybody actually like looking at that data or whatever maybe maybe not so I feel like it's a kind of a good analogy for the diversity in Tech thing so like Matt was saying you know you can have a quota or whatever check a box but are

you really making like a relevant difference so one of the things that I I wanted to ask the panel was um so why is it like this like I go to a lot of different conferences and and this certainly is a Hot Topic these days but why are why is there such a lack of diversity in this industry um I have some ideas about that but uh I'd like to also hear what the panel has to thinky yeah um so you know if you're a federal employee there's a federal Viewpoint survey that get S out and they ask a lot of demographic information granted it's all voluntary but just recently they've um requested um information on gender identity and

sexual orientation um so the federal government right now is getting you know how many years the federal government's been in a position to try to examine diversity and they're just now doing it um the numbers have been enlightened but it's one of these things of self self-identification so you know they're not necessarily breaking down in job roles but you know one anecdotally I was I was in a rotation at the White House this summer and um yeah I was hearing stories about folks not being able to get in the door um in certain cases where their documentation didn't match their presentation so you're missing out on getting good people in front of the folks who can actually make good

decisions um so they're worried about the Secret Service not letting them in to give a presentation to the president or his Tech Council because of you know the institutional biases against that so you know we need to kind of think about removing some of those Road Blocks or the stigma along with that as well and you know just looking at who we're hiring and and you know how how they're being utilized within in our Workforce only one step thanks any else M um I'd like to say that um having um one of my degrees is I received an NBA from University and also worked in the banking industry I work for some as a business manager for 20 years and uh in

coming into the cyber security business one of the things that I see is that um you you look at the way corporations informed informed at the ground level you know um a lot of the inventors a lot of the uh the people who put the companies together the ground level tend not to be minorities and when they bring on their staff when they put together their presidents and last presidents and different people organization a lot of times minorities are not included in that and as the company begins to grow begins to expand minorities tend to come in but in triple triples and grows and so you know it's almost like um it's I want to say a natural flow of things you

bring your friends and the people who help you in in your startup phase and bring them in on the bottom floor um and another thing that happens is that um as your business begins to grow and as you begin to want to attract corporate Capital um they tell you in Investment Banking you need to go out and this as a term they use that need to go out and hire the gray hair grayhead Guys these are guys who look business life and very conservative you hire them to come on board to do your presentations for you and they give your company a certain kind of certain kind of field so a lot of times that well but um I believe things are

changing um especially in cyber security because like people kind of keep kind of weird you know they go in do presentations and you know they have wrong color socks and you know mismatch everything and business people don't know what to think of them but um in other Industries they kind of push the um you know a more conservative way thanks I'm sorry goad so in asking the question why are we here in terms of why we lack the diversity that we see in the larger populace I think part of that comes down to even though and I find this fascinating actually in a way that we do have this perception of a lot of people

in technology tend to actually be you know we at least hear things that there's a tendency towards the misogynistic who's actually spending most of their time when they're not quoting looking for porn um and there there's a maturity level to the the geek or the the tech as a stereotype of course it's a construct but I think that it's just also within that Community even though it's a community where people should have a greater understanding of being tolerant to the differences of others because a lot of people you know that are in Tech that are the Geeks are perceived as as the you know the geeky nerd and who gets put down in high school by a high school

job right um that even though you think that that would make them more open it doesn't necessarily case that you end up forming a click of the likeminded people that is an even stronger barrier than it should be um I think in terms of trying to put a different kind of analogy what I'm trying to say is in the lgbtq community the lesbian gay bisexual transgender Community even gays have issues with lesbians and they don't want lesbians in the group and gays and lesbians don't want transgendered people in the group and a lot of gays lesbians and transgender people think there's no such thing as a bisexual person so we tend to form these these boxes and

these barriers and these compartments that we like to be in partly because it's safe it's something that I you know I've got like people around me and I think that's true in a larger perspective not just in it and I think that's one of our biggest challenges now in terms of as we look to overcome that is how did those other groups do it and I think it's a part because they kept having discussions um and people have finally put their foot down and said you know what no enough is enough we need to change this and now it's our time yes thank you any other comments I have something a few comments of course

so both marks actually touched on that whole like um you know we we tend to go with people that we like and are familiar to us and usually it's you know it's not going to be a diverse thing you kind of you associate with people that are similar to you um and the whole thing about um you know labels like this is like labeling people is something that we do in America um not so much in other countries it's kind of interesting here but it's really hard to be um like just a person right you're you're always like identified as a male a female black white gay not gay you know it's there's always a label involved so

how do we how do we make it not be such um I don't know such a a black and white kind of thing and I don't mean black and white like you know racially but yeah so how do we make it different how do we not use labels and that's not just in this industry it's everywhere of course any thoughts on that I'll add uh just kind of one thing to this whole like hang with like thing does anybody know what the the number one source of hire is for most companies out there exactly so if we're all hanging out with the same people and all the groups are the same people we're just referring the same kinds of people and

creating that internal you know the the whole everybody looks the same everybody acts the same and and that's what slows down progress sometimes so not that it's but everybody's trying push forward for more referrals we everybody knows good people everybody knows good people we all know kind of the same people and and that doesn't really help with this whole diversity issue unless people start to uh actively bring others that are different to organizations and groups just like this we're only going to know the same people that we've always known and I don't think that would be the solution for the situation I was going to say that you know it's build on what you're saying is

if if you're you're in a role where you can actually make a difference is to take a chance um you know when I was in a role where I was hiring people instead of picking somebody who is fitting the HR description you know position description I was like no I want somebody with these skills is general like knows how to work around the data center will teach the rest um but the same thing goes for diversity too is is that you're going to get you know if you're working through a large HR System sometimes especially in the federal government you know it's how well they've Rewritten their resume to you know kind of the federal system is and

you're not going to find that diamond in rough unless you're out actively kind of you know taking a chance on somebody so you come to security conference here but you could be going somewhere else you you know run into some conversation at a bar and you find this person you know has some skills or something like that that they you know they give me some s story that those are the types of referrals not just the ones that you're going to see in this you know this this smaller Community here and I know you know just within the LGBT community I'll specifically out myself in in the trans Community is that you know there's a lot

of institutional bias against folks who have a different gender identity so I'm hearing stories from folks there that you know they can't find a job um because of their their gender identity and it's a matter of getting those people talking in the right books as well so it's it's helping each other within the community but also taking a chance to say Hey you get these two people you know talk to one another and hopefully find you know find a connection else that so um oh yeah so I don't know how this was work but I I think uh labels like everybody labels themselves and labels are part of the diversity thing I don't have a problem with

labeling myself black and I I think that diversity is having a lot of people with labels I I don't you can't have it both ways you know what I'm saying you can't say hey we want to be diverse and there's no labels I think you have to have kind of labels are okay I don't I don't have it yeah that's cool um and I think we will have some time for questions and comments at the end I mean certainly we'd like to have that but um so yeah so labels are they good are they bad I don't know it's just but it is certainly a thing in our world it doesn't have to be a negative thing I mean I'm I'm black

I identify myself as black people see me I'm black but I got skills though that's what that's what matters yeah so that's how people make decisions that'd be great but it's not I think so I think well can you do the job that you apply for that's question I'm kind of agreeing with him to some extent labels label whatever that though we yes we tend to go with similar people right regardless maybe it's a race thing as a gender whatever now have consciously cross over so now we're at the people part of it am I going to take a chance oh talking to this person because they are this race or they that sexual orientation whatever you know what I

mean labels I think are you know label I don't know how you can get it with labeling or maybe I don't know we saying Laing I don't think a bad thing but categorizing yourself in some fashion it's I think the human thing to do is what you do but what do you do with that is and and so coming back around to the point I was originally trying to make um is it's not about the labels themselves but what happens when we use them and think back to the keynote yesterday too and the point Jericho was trying to make when he was talking about women in it and his point that I mean in an Ideal World we would

actually get to that point where we are just all human beings and we have a job to do and we're not doing it well enough we need to be better at it and we need good people to do that and that's the only thing that should matter do we have the good people that know what the hell they're doing I don't care as far as labels go if you're a cisp or a cisa and so on and so forth and you have this and that certification I could care less in my experience that's total garbage those bad labels bad labels so um I mean I have certifications too but I I I know many people who don't who have Mad Skills who

are awesome and I know many people who do who I wouldn't trust to you know even turn a computer on much less do anything with it so labels have a role but I think the the challenge is when we have a Community where the perception at least of The Stereotype is again like a lot of women who are in it get out of it and do other things because we see stuff at conferences that take place in the way that people end up objectifying other people and reducing them to stereotypes of one form or another and then using that as a you're a them not an us you don't belong here and that's where it becomes a dangerous

thing it's a tool like any other it can be very useful but labels can also be very detrimental like any other tool thanks Mark well I think they're they're easily applied and quickly applied and you know not necessarily correctly um so just to to touch on what you mentioned about the conferences um it's jumping ahead a little bit but that's part of it and Amal said this too it's like if you are coming into this industry and you're not the regular demographic it's kind of hard right you have to sort of be a bit of a Trailblazer you have to be brave um it's not easy to be the only female in a room full of guys at a con or in a

competition or whatever um not everybody is is able to do that um and it's I think that um one of the things we need to look at is is how do we change that how do we make the environment more friendly to diversity um I did a talk the other day and and I put a picture of uh hacker Jeopardy Defcon in my presentation and you know it's a bunch of guys on the panel answering the questions and like a stripper girl doing her thing and like to me that's that's the epic fail that's like a horrible thing to do at a conference I think um because it's it it just makes it very unwelcoming and unfriendly to anybody

who is basically not you know just a regular guy um what are some thoughts that you all have on sort of those environmental things and and how they affect diversity and and how we can change those I was just going to say you know there's that old meme out there nobody knows your dog on the internet and that's the case is if if you're demonstrating your talents you know no one knows that it's a a man or a woman at the other end of the pentest um the idea you know what Mark said it's about Talent it's about jobs you know how you do your job and unfortunately you know it's you know having those internal

biases when somebody walks in a room and within a couple seconds you're automatically judging them based on how they present themselves if they're in shorts and a t-shirt if they have long hair they bearded Ed male female whatever um and I think that's one of the more difficult things to get over is is just human nature um how we make that better is it's a societal change and you look at generationally talking about the the gr hairs you know they're they're working their way out that's you know those are the things that need to roll through Society so you you have Millennials coming up here that don't see an issue with you know sexual orientation gender identity race where

you're from whatever and some of it going to take some time but I'm not quite sure you know we have you know we can actually wait that long to to to progress so I vote for public shaming what I mean by that you know the thing I find it interesting that um it it irritates me personally and it offends me when I see those pictures of the booth babes at blackhead or Devcon and we all say my God you know that those don't work they don't actually sell anything and yet you see lots of people bling around those booths each time and it offends me I mean also on a part because you know I'm a game man and

that's immediately exclusive to me that you're using you know the perception of a stereotype of what a guy is going to like to sell a product because you think that they're all the straight geeku all about boovies and that's offensive it's offensive to me it's offensive to the women I know in the community it's offensive to um the idea that any kind of product that yeah sex sells I think that's I call on that I think that we all need to tell those vendors you suck you suck for doing that don't do it again don't show up your next year with those people tell us why your stuff is good and how it's going to be a tool is

going to help me solve an it challenge that's what I want to know and we all need to put our foot down on that and say enough's enough and when we all do that and enough people do it those vendors will maybe finally get backed by the Clue by Flor and understand what the hell they're doing

wrong I think public shaming is is a is a very thin line though because the the you risk the backlash of alienating your group that you're advocating for and I I see it all the time where I totally agree that it should be called out like conference

organiz yeah we question but it's a it's a a dangerous dangerous thing to public sh thing and I think it it undermines a lot of organizations that are trying to do good work I see it all the time especially with uh the the women are having a big problem now with that they're calling Stu out they should call it out but then there's a huge backlash it's it's it's ugly and when the hate steps in like I that's that's the problem people just hating on each other and that's never going to be productive so I have this idea that we would go to death specifically and have a um a booth with um chicken nails but I decided not to go

that rout because for that very reason we have a point to make but I think that's not the way we want to do it right um specifically with when going back to conferences in general I mean word for word is what I was going to say what H said it's a social societal things going to take time um getting there um the awareness part of it but um like I would never go to a comment about myself so let me just clarify so when I say that my public shaming was just a a a I didn't mean it to be a statement that we need to be um militant and hateful ourselves but what we all need to do is

each and every one of you here in this room need to pass it on to your people in this community to say that every time you're at a conference find the person the marketing person who is responsible for that booth and tell them hey that's not cool that's the issue that I want people to to to think of when I say public shaming is just having a stand and saying something about it and saying you know it's enough stop that crap it's stupid I think if you come at it from a different angle it might be more successful if they're at a booth and they can't answer technical questions why did you put to this conference if

they can't answer my technical questions about sure product I probably am not going to buy it now because I don't think that you're confident enough to bring technical people to this to to what you represent public shaming get your point across everybody's out the thing is too I'm sorry um but besides the public shaming is the actual rewarding of those who do stick their neck out that do that do the right thing you know they may not be 100% the the most optimal tool or solution or or they may not be perfect but if you're rewarding that they're making steps in the right direction in some form or another or at least you know mentioning

like hey you know if you're in a position to say yeah they're doing a good job at this you know the word gets out so and you know within the industry it's all about money so you know poster following that then everyone else like sheep are going to follow it yeah and if even their salespeople understand their product then I'm going to anticipate better support out of them after I buy it exactly sock another approach rather than doing a company by company is let the conference know what's acceptable and what's not and for example info security positions 3 years ago B inappropriate attire they said this is a business conference show up to do business and

it's still a valuable as a vendor it's still very valuable but there's conference but there's less distraction and if we could get that message through the udm with black hat and the RSA degree with those uh you know make sure that when you say the catom outfit's inappropriate and I don't want to buy from you because of it you also the conference organiz because we're the ones that are spending money so maybe we just head it off like said in security did and I have been a huge fan of theirs before that of course it could be that that's a largely femil Corporation no but that's an excellent point and uh you know the way I think

about it so you all probably have like a daughter or a sister or a mother or some female person in your life right so would you take them with you and if you wouldn't why is it because it would be sort of embarrassing or uncomfortable so just that's what it's like for you know for like me to go to a conference or whatever although I will say on I have to throw this out there the good thing about security conferences is that I never ever have to wait in line for the bathroom Ever every other conference were full up yesterday though it's a good sign for bides yeah know it is and uh you know I I came to

bides actually it was my first time last year and I really didn't know anybody I came with a buddy of mine and uh I don't remember there being that many women here and I did meet a few people because of um the ladies lunch con Meetup which is a great idea um but I feel like this year it's a lot more diverse than it was last year and and I I'm going to think that that's something to do with the organizers and I'm also going to hopefully think that it's something to do with just how the industry is changing a little bit and everybody that I talk to you know oneon-one is so open to this discussion so you know it's it's

not like a pointing a finger at anybody but it does take a a collective effort to make a difference and like we're saying you know tell the conference organizers that what's acceptable and what's not um so just on the the whole topic of uh filling jobs so everybody knows I think that there's a scarcity of um technical people right there's companies that have tons of jobs open they can't fill them um if you don't open your pool like and you were saying this Matt a little bit open it to like everybody then how are you going to fill all those positions so how can we think differently about filling jobs because I know a lot of people who are looking for

jobs in this industry and there seems to be a bit of a disconnect how do how do we get people in in seats and hands- on Keys doing things um regardless of their gender orientation or color or anything else any ideas or thoughts on that so Cisco um came to us wanting to uh have us come out to one of their retreats to um speak to their senior staff on how they could um bring diversity into their it didn't happen but they're aware of this issue um and what I was going to tell them as what I tell you every opportunity and talk that I do is that um let's look at the people side of

things um and I'm sure Matt's going to have something to say because there are some um you know Bas lines and foundational things that you need to have to do a job yes but does this person have the aptitude to learn um do they show the passion um versus resume requirements check They Se check you know I mean we have a pool of women that cannot find jobs I don't get it there such a demand and shortage of Cy SEC what is going on here let's get these women hired take a chance I always said there's a gamble there yes like anybody hire what the problem so that is my fight right now um with

with um again with the awarness you know think differently about how we hire um this is a traditional way you know you bring the resume you the application check check check just think differently I was going to add too is um you know from the federal side I mean you obviously hopefully you've all been tuned into the news and Mark made light of it earlier is that you know things like marriage equality have kind of changed how things are um you know so one of the things is is benefits um you know companies can do to attract um certain Applicances to offer the kind of stuff that you want if working there if you're um you know a

working mother you're worried about you know health care that will cover your children um if you're LGBT you want inclusive Healthcare right now you know the the Human Rights Council tracks in the corporate equality index um several categories of you know if an organization has an inclusive employee policy if they have health care that covers transition cost for transgender individuals um as well as samesex spouse coverage um you know if you have policies and you know benefits that are addressing a community's need to that because then you're going to get you're going to get matched up with the right people I mean I know I personally s selected myself out of a couple jobs because I couldn't get benefits for my

partner um let alone any other benefits and um you know I'm sure those companies are missing out on not only possibly me but other people who are looking at the same perspective so if you're an employer kind of think of that way is is trying that that will connect with some people too so one of the the big things that that we' talked about is is changing the application process right I mean it it it sucks to apply for jobs but you have to um mainly because of of federal requirements you have ofccp if you haven't heard of that uh this this area is huge with that just because it's Federal contractors you have to check a bunch of

boxes the the employer has to say we have a representative population representative pool of candidates based on the population that we're in the the employer has to track all that stuff save it for three years we're talking about compliance issues here on the employer side and it makes the application process terrible for for for the the candidates for people that want the jobs they didn't only they can't even fill out the application because it takes 45 minutes to to check all these boxes to say things so half the people are gone by the time they even get to an interview part and and we haven't even talked about the talent yet how they're selected in the talent it's usually a

face-to-face interview changing the application process to do more skill-based uh functions so coding test uh you know do a a pen test on something show the skill set before you even show who that person is is probably one of the best ways to do it but not a lot of folks are doing that a lot of Technologies out there right now that people can actually companies can actually use to to do that on the front end I think Facebook does a lot of stuff uh with challenges um there's a lot of big companies that do that but it's going to start getting better for smaller organizations but there's one one industry that that I um a friend of mine

named Kathleen Smith she's huge in this area for for you know veteran hiring and things like that she gave me a great analogy of an industry has actually improved their selection process in diversity issues and that's that's the music industry if you go if if anybody's everever been played an instrument selection for an orchestra or Symphony they go into a room they have their instrument there's a curtain between them and the judges all you do is hear what they're doing you don't see them you barely talk to them it's about pure talent and I think we get in the way of that with compliance checking boxes making sure we're doing everything right you have to

do everything right but then there's there's no way to actually assess the talent of everybody that actually could be qualified for that job because there's there's built-in barriers to just getting to that point I think that um it's an interesting thing that we also and I think it's also one of the bfalls for information technology in general and especially for a lot of the folks here that have been in federal FR like the time the the disaster that I personally view is pH where we also have these check boxes and you have them in the hiring process too and a lot of organizations have that like you have a bachelor's in computer science Jack yes or no if you don't boom

you're done you're out you're gone do you have a cisp or a cisa no boom done you're gone and so we have the wrong check boxes too I think it's part of the challenge just as we have like check boxes like when the first PCI DSS standard came out credit card stuff do you have a fireball yes check it's sitting over in the corner of the Box we haven't even put it in the rack yet but yes we have a firewall sure great you met a compliance requirement is absolutely worthless if I were to actually try and get hired today in technology unless the employer is willing to take experience of my 20 plus years of doing this I would not have a

job because my degree is in German it's not in it I never had a degree in anything related to computer science it's all German I can tell you stuff in Middle High German but and it has nothing to do with what I do today it's my skills and so long as we have the wrong check boxes for those requirements too we're still going to have issues we need to somehow get to that as Emily was saying point where it's about taking that chance on that person who doesn't have all those track boxes and letting them get far enough in the process cuz personally I think have any tried to use to.net or any hiring process that's tried to use

that site it's a freaking disaster could some of you go work for them and fix that stuff because personally I think if you make it all the way through to the end of one of those and successfully submit a resume you should have the job immediately because their sites are freaking disaster and as long as we have that kind of stuff that's going to be one of our problems so real quick I want to um go back to what Matt was saying sure a story but yes um like practical interviews I think um definitely you're showcasing what you know obviously you know it or you don't so I had an intense interview this is a while ago years ago

but intense interview gig and I used it right um and a buddy of mine worked there referred me in so I didn't have to go through that process and all that um it's very it was known they do practicals so I was like yeah go do my land and get this job so um I get there and no practical so it's like um okay what's going on aren't I supposed to do artical interview didn't happen but I still got the job but I end up doing pet did I they hired me for something else and it was a resume so that's the other one you know great um you're doing practicals but let's stick with that you

know what I mean across the board so I just wanted to share up yes so I think and and I think this is a gender thing like if I I don't really go to job fairs anymore but I used to go to a lot of job fairs and everybody that I talk to every recruiter not not Matt yeah job fairs are kind of lame but um but everybody was like oh you should do pre-sales like they didn't care care what my background was or anything else they just looked at me I think as a female who might be able to like talk to people or whatever and they're like pige hold me instantly like sales and I am like the last person to

be a sales person that's like not my my thing at all but um I I was really frustrated by that because I was like why are why are people always pushing me towards that job when it's not at all who I am or what I want to do um so yeah I I don't know I mean I think that the hiring process is really broken I refuse to apply to a federal job because USA Jobs is like the worst website and we all have like that we all have that like that I don't know what everybody else level is but I have like a TW second tolerance for like a bad website right USA jobs it's just

uh no well but so yeah so I I brought up ofccp not too long ago and and I'm not an expert in that I I don't always have to deal with it you want an expert there's a guy named Derek Zeller in recruiting dur diver on Twitter he's the expert and will scare the hell out of you if you're on the hiring Side by all the things you're probably doing wrong um but USA Jobs is a good example anything that that's Federal in this area you have no idea what I as a recruiter would have to do to make sure that I'm compliant with that because otherwise I get an audit just just like you guys audit your companies and if you

found out of compliance you got fines and all sorts of stuff it impacts the business for for for career fair so how many people here have tried to give their resume to a recruit at a career fair only to say hear them say I can't take that H happens all the time you know why because at that point if they take the resume you're considered an applicant therefore you have to be tracked and monitored and all these assumptions made by you which may or may not be accurate you don't know so they have to put you into that application they have to make you go apply online so you can self- select your information so

you can be tracked so you can be in that checkbox of we're compliant now uh as a recruiter if I'm doing sourcing I have to track the search string that I use if I'm looking at monster or dice or or Google searches anything like that I have to take that string that I put in put it into a spreadsheet probably say okay that result gave me 100 applicants out of that 100 applicants how many did I call out of those people that I called who did I talk to out of those that I talk to who was diverse just based on a guess sometimes that name sounds diverse I'll just click that box it and then I have to track that for

and save it for three years now those are all these ofccp standards that just from talking to you I would have to track all that stuff versus send you to an ATS where it'll do do it for me what size company does all that no it applies to anybody that would do anything with the federal government so your your mom and pop you know government contractor that that works out of their basement or something if they're hiring people and they're selecting people to work on federal contracts they have to track that stuff all the way up through your big time you know 100,000 people

companies question the audience you mentioned some of the bad websites what are some of the good on oh for a job stuff yeah yeah I mean I'm research on this on this here on this topic that you guys just brought up here I'm looking at looking at the impact on S professionals and some of the things you brought up I'm just curious what ones that you believe actually are doing right because that's probably more beneficial for everybody in the room to avoid the bad so I mean for me it's just anecdotal I'm not an expert on like ing or anything like that I personally like indeed.com because it does like an amazing spider crawl through everything

and you can really pair down and and actually I had a slide in another presentation I did a quick search in indeed for cyber security right there were like 15,000 jobs and you know they categorize by salary as well they're all like 70,000 a year up right so and again that's like the the crazy disconnect so there's all these jobs we all know there's like all these jobs but yet we all know people who aren't able to get their foot in the door with these jobs so but indeed still dumps you into the application yeah they do they do I mean basically I'll find a job on oned it and then go to that company's website to

look at it rather than go through whatever thing but yeah um all right so quick answer there are none yeah I'm sorry to say they're they're just Dar yeah there isn't there isn't a good answer I mean I think and it's I didn't really even expect the the conversation to go this way but the hiring process really is very broken and we need to fix that I I I get the sense I mean you're all here right so people are interested in making a difference but it's just like technically it's it's kind of hard to do it right now um I know there was a couple other other hands uh yeah so hi this is an excellent

discussion I am actually a professor of information system and cyber security at Howard University so I see many of these um areas of discussion that they is talking about and the impact and things that are wrong and um there is actually a lot being done and I do research on stem and cyber security um and I guess my question would be is we spoken a lot about things that could be improved and I think if we focus on what if we could talk a little bit about what are some things that have worked we can have sense of attributes of things at work then we can say this is what we need to this is how we can make things better so

to go for because we can't obviously all these issues that we you've discussed rightly so they're they're longterm strategy things we can't change the Federal Government website that it's not it's not it's not it's not in our realm of influence right now so if we could just talk a little bit about things that you you have seen and this is what we talk a lot about in the classroom and what I write on research on this side what works and what timeline are we talking about for yeah so that's that's a perfect comment and and I feel like we didn't really get to the making progress part but we are making progress um what we do

at women Society of cyber Jitsu makes a big difference um we're we're getting women and girls involved in in cyber security from a very technical standpoint and it's by the way we are like a nonprofit pending we're always looking for sponsors people to conduct workshops so I'll just put that little Shameless plug out there um but yeah so I think what we're kind of lacking are the role models and the mentors and people who are in the field who you can look at and say you know this person is a successful you know whatever in cyber security um my question is more on what does work and what impact has it made so you could

say we tried this conference and we were able to convert we were able to have five young women choose this as a field we've had like I in my classroom I convert let's say three people that become is cyber security Majors every semester so I guess my focus is more on the question is what has been done that you've seen that's actually said this has changed the career path of five minorities or two women or okay so like actual metrics yeah well that work so there there's couple things right I mean so the solution has a long tale right you're talking about young women maybe I have a 5-year-old right I'm I'm having her do blocks and Legos

and you know I'm trying to get her so that's a long she's not going to be in the workforce for another another 15 years right so there there's a longtail solution to that the the the shorter tale solution I've seen at least in in some things that I've I've observed is uh internal groups and associations so just informal groups uh women in in technology don't but just don't keep it to women in technology keep you know include everybody so that way that message is shared so small groups inside of the organization which then begs the point of there there's no role model there's maybe no leader so you have to find that one person that could actually

step up and say yeah Champion it exactly and and be that person and help create a leader if one doesn't naturally exist but informal groups inside a larger organ organizations have have worked smaller organizations it's tougher um and that's where some of the more exciting jobs and things like that can happen is in smaller companies there's a lot more opportunities but it's it's a longtail solution that that's going to take years to to fix there's not enough people in the short term to say that it's there there's something you can really put as a conrete solution to it but just the awareness talking about it getting an informal group together to to really be that voice within the company for that

type of conversation I was going to say too is the um mentorship aspect lead by doing um you know for the visibility for LGBT folks is a big thing that that kind of within that Community is is you know knowing that the new federal CTO is a very out lesbian um the fact that I was probably one of the very first trans people to work at the White House as a civilian employee um you know have people in the community are actually now reaching out and looking up to me at this point and you know it's it's one of those cases is that sometimes you yourself have to take that chance uh to be that visible thing and then be

willing to turn back and look at the community and help people who are are needing that and that's what I've seen is is just being trying to be an inspiration or you know if you're the first and as you know um barnab Jack said yesterday during his history thing that there was a lot of people at gchq that did and stuff but they couldn't tell you know couldn't tell about it until you know somebody in the the private sector worked it out for themselves but you know it's you know looking for and connecting folks who are you know out and about and and and can be seen as role models and making sure people are

connecting there the jacket sorry all um first thanks for doing what you're doing for advocating on behalf of the groups that you advocate for the places you can I think that's great we all need to do that um my daughter is 13 months old I'm advocating on her behalf at home she's already like about to 80 words per minute it's pretty badass um but I have to ask a question over the past hour or so there's been a couple comments that I think ignore something um you know look around the room instead of talk about statistics everybody in this room needs to you know talk to the vendors at the booths I looked around the room a couple times

and I think there's more conference attendees the Starbucks line up stairs in the AR room certainly more than there were at a 9:00 session yesterday or any other session yesterday maybe it's the size of the r that's stealing that but I'd like to know what the panelists think about that particular observation so I think as the organizer of this bides um I think a couple of things one I think by having this panel and also I was I took a fair amount of care when I wrot our principles statement that we have on our website it it drew from a bunch of things that were talked about at other bides and such that helped I think change the vibe of this

bides in particular I think where this does seem to be in general a more open and inclusive community as far as infoset cons go compared to the whole of everything I've ever been to whether it's RSA Deon uh and so on at the same time I was kind of wondering like this whole time leading up to this when we first decided to do this panel how many people are going to show up on Sunday morning and what kind of group are we really going to get and I think for the size of the number of attendees we have here which so far last I checked was around 640 for this B size um I think it's partly the size of the

room I am a little disappointed I was hoping for a little bit more um I do know that a lot of people were having fun uh drinking last night and so Sunday mornings are always bit more of a challenge night Ouray morning panel last year was also a much smaller populace than the one than the keynote and such on Saturday um so I wasn't expecting the full house but at the same time I certainly would have liked that there been more people here so I'm kind of mixed personally I thought last year we had less people honestly for memory so I think we're doing a little better yeah I I'm I'm very happy with the turn up I'm

glad you all actually came to you to talk about this and hear about this this is where the public shaming comes in that we talked about we also offer few brast I was going to bring BL these but the bar was close upstairs so a couple more questions cuz we got a we got have to wrap up soon the the Maria can reset for the next session I apologize excuse mebody um so I apologize for the length of the question I really wanted to set I'm trying to say anyway uh different scenarios have different opportunities for being effective I feel that sexualizing and subjectifying people benefits businesses or or it gives a perception of benefit to

businesses and reaches certain demographics it and it's a t t that people have used and they believe it works I think because uh it's difficult to prove a negative um it may be uh nothing but it may may be something um giving the appearance um like you said U shaming people or like um well shaming people because they're drawing a crowd for the wrong reasons and it's technical industry like U anything U like I wouldn't say anything but like U mechanics it um Architects or what have you um maybe on the other end of the special um like modeling with men you know they're very different they have their uh what they're looking for um what are your

thoughts on letting how certain businesses practices aren't appropriate and a followup question is what do you think is a good strategy on making it businesses squash these practices that H people that's more question I mean good question I guess what I'm trying to say is like how do you break up good old boys club like at a con you might say to a sales rep I don't think this is working the right way it's inappropriate makes me feel uncomfortable um but how many people here in the audience will go that extra mile and actually contact those vendors whereas opposed at work you can talk to people you feel as making uncomfortable or the person who's

making them uncomfortable or go to a supervisor there's tactics that I think people ignore because they don't want to be the back yeah so we we kind of touched on that a little bit it it's hard to be the Trailblazer or the one who says this is not cool or this is not acceptable but everybody has to otherwise there won't be any change um one of my favorite quotes is be the change that you wish to see in the world Gandhi and it's true it's like if you want things to be different then you need to do something you can't just sit back and wait for somebody else to do it so everybody here just the fact that you're actually here

in this room and I'm actually pleasantly surprised by the number of people I thought I was going to have like 10 people so um you all here because obviously you're interested you care about this I'm assuming so think about what you can do when you go back to your workplace to make a difference and I don't know the answers but there's lots of possibilities right and you know we do have lots of ideas if you want to talk to us after I think everyone's thinking your is going to do it yeah that's why everything's getting done so step up and that's what I me in my position is like yeah I could have just cowed and said you I'm not going to be

invisible and I said screw it you know I've got nothing to lose I'm at the top of where I'm at right now hang it out and I think that's you know a pretty good motto to say if you're here do something you know be be the change so I just like to say too um and I know it's one more question I just want to PL I I really have to take my hat off Marcel and Lisa for the work that we're doing in the community because right now in the foundational stages you know the cber security industry is still buding and still exploding and the the remark that they're making for women and for

other minority University I really take my hat off you guys you guys do a great job thanks Mark you really did Society you know they I started I started going to their workshops but I'm a guy so they made an associate membership where men could join so I even go to like some their stuff but I'm just telling they do they really do a great job yes so um thank you Mark for saying that it's actually really funny I know I've know Mark for a while but um we do some really cool technical workshops and whatnot and uh Mark was always like what where are you going what you're doing what kind of Workshop how come I can't

go so yeah it's it's pretty cool but uh but we do try to be inclusive so men can join as well anyway so I think I think we're going to need to this one last question but I also encourage everybody to continue to the discussion out in lobon um by all means um we'll just do this one last question we're going to have and we have a table upstairs too if anybody wants to come in talk to us the junior Ballroom level um we do have the women Society of cyber has a table so feel free to take the discussion there as well your last question yeah uh good morning my name is Sebastian um you know

my experience has been you know I know this markets kind of insulated in some of these terms but I mean I've seen in other locations other markets where hiring managers will throw your resume into the garbage because of your name um where people will come they'll make it to the inperson interview and they'll offer to work for free and they'll be turned I mean for 6 months as an intern and they have the skill set and they'll be turned down because of their race um so to me is it time to stop begging these large corporate entities or think or other ones to accommodate us when it's 2014 and this is still happening I mean

I'm shocked you know I lived overseas for 12 years working over in other countes I'm shocked when people's resumes get trashed with their name and this is not an isolated thing I mean this has been operated by you know har business school they've done research that shows that if your name is a certain name it's going to take you maybe 8 12 weeks to get a job ex I mean if that's the scenario how can we reasonably expect by just complaining and complaining that they're going to get they're going to accommodate more women and minorities into this field is it time for us as infos professionals to take this on and just drive it until we

can you know accomplish our objectives getting more women minorities in this industry yes answer is yes so I I there's there's a lot of stories like that right there there's a a recent article I read where a guy his name was Jose he was applying for all sorts of jobs he wasn't technical but that doesn't really matter in this situation he changed his name dropped one letter out of his name and got a job within a couple of weeks he took the S out and he was just Joe and you know whether that really had anything to do with it or not probably probably did to be honest with you um but hopefully there are enough people on

the front end of that that can kind of be that champion I mean I don't care about that stuff when I when I look at at resumés it doesn't matter to me I've had people that were actually deaf we haven't talked about people with disabilities right somebody was deaf I did a phone screen with him and and he was he was using an interpreter and the hiring manager never knew that that was the case we didn't get to that point he did a coding assessment didn't pass the coding assessment I gave that person proper feedback made sure he didn't but the manager never knew that that person had a disability and that we would had to

have made an accommodation for that person um if if that was the right person so hopefully there are enough people on the front end of that to to protect that the you know pureness of an application and candidate and skills uh but you're right it still happens it's going to happen I don't know how to stop it um until people are are forced out of those positions accountability is is is made uh it's it's a tough thing to change it really is and if you have a chance to make that impact and you talk about be the change do it but um it's it's hard to do because you put yourself out there um actually we do have one

solution um during my time at omu over the summer um part of this initiative called smarter it was to focus on uh Workforce and hiring and uh as I don't know if anybody's heard us digital service they're kind of like the crack Squad of NDS and Geeks to kind of come in and fix certain F IT projects but as part of their hiring um they actually do a blind resume review so there's there's a panel and they remove the names and they they hire on basically the skills or at least they get through the first thing based on you know the skills they'd like to interview uh it's been relatively successful um I have my own

personal views on you know how the teams made up but you know that that process has definitely kind of been been streamlined and it's Le being piloted so you know looking at at at a line Choice thing works uh anecdotally um we pile a little sidebar here um an interesting thing for say trans people is the loss of privilege I used to get about the 90% hit rate from resume submissions to getting a job interview now it's the other way around I get about 10% so there's still internal biases I think on gender but let alone you know you've got the aspect of okay now I've got that 10% job interview now I get a chance to go

and see somebody and then the walk you know as I mentioned earlier that as you walk in the room there's the visual biases that take take hold as well so it's not you know there's one solution is you know a way forward but there's also still some other things the more conditional that we have to over okay so I know we've totally gone over probably um I just wanted to thank the panel you guys been awesome awesome uh guys gals and thank you very much to the audience for coming totally appreciate you being here 9:00 without a bloody mary that's where I'm going next I think uh anyway

thanks