A diverse, pop-up security conference challenges the industry status quo
When one of the most prominent information security conferences in the world, the RSA conference, announced its keynote speakers in February, professionals across the industry went to Twitter complain. With the exception of Monica Lewinsky — who was to give a talk titled “The Price of Shame” — every single keynote speaker was a man.
Within five days of a tweet by Alex Stamos, currently chief information security officer at Facebook, suggesting that it was time to start an “alt-conference,” a group of organizers scattered across the country announced Our Security Advocates, or OurSA 2018, a one-day alternative conference happening today in San Francisco. (A live stream will also be available.)
Maybe it’s time to rent out the Metreon again for an alt-conference, this time all women speakers (with me handing out popcorn). Anybody game?
— Alex Stamos (@alexstamos) February 27, 2018
One of OurSA’s organizers is Parisa Tabriz, a top security engineer at Google whose official (self-chosen) title is “Security Princess.” “We’re tired of the same old pieces,” she told me over the phone.
More diverse voices, said Tabriz, are vital to the security industry, in particular, since different backgrounds present radically different perspectives on privacy and security. “As a woman coming from an immigrant background, with a Polish Catholic mother and Iranian Muslim father, I can appreciate how people from different cultures and ethnicities face different security risks,” she said. “It’s important that we’re building products that can keep everyone safe.”
When the RSA conference lineup was first announced, the social media furor grew so loud that even Monica Lewinsky weighed in, giving a statement to USA Today, saying that she was “disappointed by this oversight” and that she had addressed the issue with the conference organizers.
Lewinsky said she believed they would rectify the issue by the time the conference rolled around in April.
Indeed, in the weeks since, the RSA conference has added a number of women to its agenda, including Secretary for the Department of Homeland Security Kirstjen Nielsen. In an email to The Verge, RSA conference vice president Sandra Toms said that this was not due to any social media outcry. Rather, the earlier list of keynotes was “not final,” and they had still been waiting to hear back from some speakers. “Previous discussions about our keynote lineup were premature,” she wrote.
But the industry didn’t want to wait until April to see a new and improved RSA lineup.
That was when Stamos tweeted, “Maybe it’s time to rent out the Metreon again for an alt-conference, this time all women speakers.”
Four years prior, Stamos helped organize TrustyCon 2014, the alt-conference that had sprung up in response to a Reuters report based on Snowden documents suggesting that RSA — the security company that runs the RSA conference — had backdoored a product for the National Security Agency. Speakers withdrew from RSA in protest and spoke at TrustyCon instead.
Alex Stamos’s offhanded tweet spawned a flurry of discussion behind the scenes. The lack of diversity in the RSA keynotes had already spawned several lists of prominent women in the security world, many of whom were ready and willing to speak at an alternative conference.
Five days later, the organizers announced OurSA, and the event sold out in less than 12 hours.
OurSA doesn’t feature only women speakers, but the agenda is overwhelmingly full of women. Every speaker, says Tabriz, is from an underrepresented minority in the industry.
Tabriz expressed surprise at how quickly the event had come together. Her fellow organizers — Amie Stepanovich (Access Now), Adrienne Porter Felt (Google), Mark Risher (Google), Alex Stamos (Facebook), Aanchal Gupta (Facebook), Kelly Lum (Spotify), and Melanie Ensign (Uber) — were well-connected in the industry but far from professional event organizers.
But the demand for the event was palpable.
Everyone seemed to want to work with them — not just potential speakers, but sponsors as well, who in some cases committed their support before the organizers had even come up with the official sponsorship packages.
“It was pretty frenetic, but it was also not hard to find a day full of speakers,” said Tabriz. Between the eight of them, the organizers knew some of the best and brightest potential speakers to invite to their event. But they also put up a form for submissions, and within a couple of days, they had over a hundred submissions to look through.
Tabriz expressed excitement about some of the new voices that she herself hadn’t been aware of until she helped organize OurSA. The alt-conference, it seems, is just as much about diversifying her own perspective as it was making a larger point about the lack of diversity in tech conferences overall.
In addition to engineers, OurSA’s lineup includes policy makers, lawyers, activists, and journalists. (Kara Swisher, executive editor of Recode, which is a Vox Media property, is a panel moderator). Some of the talks — like “Gender, Bias, and Violence in Security Research and Design” — address gender specifically.
But, just as many are technical engineering talks on everything from “Modern trends in DDoS” to “Memory safety,” by engineers who just happen to be from underrepresented backgrounds.
“My hope with OurSA is that we can help other conference organizers recognize that finding speakers with diverse voices is not an insurmountable task,” said Tabriz.
In some circles, OurSA is already eclipsing the conference it’s breaking away from. “OurSA seems like the place to be,” tweeted one RSA speaker when two of his friends confirmed on Twitter that they’d be missing his talk to attend OurSA.