On Tuesday, about 250 people gathered in the event space of Cloudflare's San Francisco headquarters for an unusual security conference—or, perhaps more accurately, one that aimed to modernize the longstanding tradition in security of creating alternative, transgressive gatherings. The one-day Our Security Advocates event offered a counterpoint to the monolithic approach of large, prominent security conferences, by offering a diverse agenda and set of speakers to promote inclusive representation in privacy and security fields.
Even the name served as commentary, playing off of the corporate-focused RSA conference that's also taking place in San Francisco this week. In fact, OURSA emerged less than two months ago in part as a response to the announcement of the RSA 2018 speaker lineup. Of the 20 keynote speeches, only one was slated to be delivered by a woman.
Critics flooded Twitter, including Facebook chief security officer Alex Stamos, who started batting around suggestions for female speakers. Others quickly joined in. After less than five days, that discussion had evolved into OURSA, which garnered nearly 100 talk proposals, and sold out within 12 hours. At the conference on Tuesday, every single speaker was from a background that is typically underrepresented in privacy and security.
"The goal was just to make a statement," Parisa Tabriz, one of the conference organizers and director of engineering at Google, said on Tuesday. "We hope that OURSA will help other conference organizers recognize that finding speakers with diverse voices is not this insurmountable task. And we're tired, frankly, of hearing the same old excuses."
OURSA emphasized that it wasn't simply about calling out RSA, but rather to raise awareness of problems related to underrepresentation that pervade the industry. Attendees watched speakers and panels in the main space, milled around with popcorn and LaCroix, or met for lunch on the roof, as they would have at any conference. But the diversity of the speakers, organizers, and attendees created a noticeably different environment. OURSA's livestream drew about 1,500 total viewers during the event.
"I only want to go to conferences that are inclusive," said attendee Alyssa Pratt, a content manager focused on security at LinkedIn. "Some feel more like a cattle call—it's hard to make connections and have real conversations. OURSA is much more valuable. The best thing about it is how accessible it is."
OURSA also wasn't just a stunt; it was a rigorous conference in its own right. One set of speakers grappled with the privacy and security implications and ethics of emerging technologies, presenting on everything from security and right-to-repair issues in precision farming to the realities of government surveillance and the risk that human assumptions and biases will be hard-coded into every generation of technology. Another group addressed the question of how to create tech tools that support the privacy and security of high-risk users, given that every user circumstance and type of risk is different. And speakers delved into machine learning, DDoS threats, and the complicated challenges of email security.
"Normal conferences are scary," said Carly Schneider, a security researcher who attended OURSA. As a young woman beginning her career in security, she noted how intimidating and exhausting it can be to attend most industry events. And Schneider emphasized the need for multiple types of conferences that prioritize representation, so some can be more deeply technical and others, like OURSA, can focus on robust discussions about privacy and security policies, concepts, and consequences.
The conference served as an assertion that professionals can advocate for change and a more inclusive industry by coming together to discuss the work they do each day. "OURSA is not just a group of people complaining, they’re very substantive topics for security," says Ellison Anne Williams, cofounder of the data security firm Enveil, whose whole career has been in male-dominated fields—from completing a math PhD to working at the NSA. "I think one of the most powerful things women in security can do is stand up for the substance of it and not be a token female in the room. Nobody is looking to be the fill-in-the-blank stereotype on the panel. These are folks of real substance."
Over drinks on the roof at the end of the event, speakers and attendees noted that seeing such extensive and diverse representation in panel after panel was heartening. As Window Snyder, the chief security officer at the cloud infrastructure company Fastly had put it, "The industry changes when we change it."
OURSA's organizers hope that it has left its mark—and shown how doable it is to accurately represent the diversity that exists within the security industry—all while creating a substantive event where speakers share their professional findings. Though much more work remains to achieve fully balanced representation, a homogenous speaker slate belies just how many unique voices already exist within the community. And though OURSA doesn't intend to become an annual event, it was a model for the types of safe spaces in which people can break new ground.
"I can give a cybersecurity talk off the cuff," Jeanette Manfra, the chief cybersecurity official for the Department of Homeland Security said in the final presentation of the day. "But I decided that I wanted to give a speech about being a woman. You'll have to forgive me because I've actually never done that before."
