Security con harassment cuts both ways, part 2

Does harassment at big security cons really cut both ways? One reader says no, and here's why.

Yesterday I wrote a post about sexual harassment at security conferences like Defcon, suggesting that such harassment cuts both ways. That didn't sit well with one reader, a security practitioner who has frequented these events herself.

In the comments section of that post, she said:

"You say, 'Men get harassed at these events too. It's not necessarily sexual, but it's there.' YOU DON'T GET IT. Sexual harassment is not the same as "drunken disagreement" harassment from another guy. The fact that you can even say something like that simply shows that you're speaking from a position of privilege."

She directed me toward a blog post called "Of Dogs and Lizards: A Parable of Privilege," where the concept of men as a privileged class is explored. One section is as follows:

"Most examples of social privilege aren’t that straightforward. Let’s take, for example, a basic bit of male privilege: A man has the privilege of walking past a group of strange women without worrying about being catcalled, or leered at, or having sexual suggestions tossed at him. A pretty common male response to this point is “that’s a privilege? I would love if a group of women did that to me.” And that response, right there, is a perfect shining example of male privilege."

It's a fair point, and a detail that went missing from yesterday's post. But my post was about more than just sexual harassment.

--There's the harassment you get when one security practitioner passionately disagrees with the point another practitioner has made, and it escalates into the first guy shouting at the second guy, doing a lot of name-calling in the process.

--If I had a thin skin, I would feel harassed every time someone disagreed with something I wrote at these conferences. Fortunately, I have a very thick skin and take none of it personally, even though some people get mean in their critique, especially on Twitter.

It's those types of things I was talking about, as well as women getting sexually harassed.

Some would say this isn't a topic for information security. I disagree, because part of our job is to constantly examine the way we talk to each other. Where harassment exists, progress grinds to a halt.

And yes, there IS a lot of sexism at security conferences.

Look at the "booth babes" vendors insist on employing at their exhibit booths. In my opinion, if a woman wants to do that kind of work, more power to her. But vendors do this because sex sells -- and drives traffic to their exhibits. I've said it before and I'll say it again: If you need skin to generate traffic, something compelling is missing from your company's message. You should be able to drive traffic on the strength of your products.

Related: "The sad thing about booth babes"

At Black Hat, the booth babes were on full display, the most glaring and tasteless example being RSA's booth.

You can tell me this sort of thing doesn't fuel the fire for the kind of sexual harassment that happens at drunken after-parties, but it does. What happens during the day sets up the atmosphere for what follows at night.

As I said yesterday, it's always a small minority of jerks who cause the trouble. Most attendees act like grown-ups. But we all need to stay alert to what that minority is up to.

Feel free to disagree. I will not take it as harassment.

Copyright © 2012 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline