This was my third year attending RSA Conference and I’ve gotta say: each year just gets better. I’m new to this industry (having been bamboozled into it by my friends and now colleagues Marco Ciappelli and Sean Martin, co-founders of ITSPmagazine), so the first year (2017) was pure overwhelm and deer-in-the-headlights eyes as I tried to navigate my way around the conference and understand what people were saying.
The second year (2018) was madcap shenanigans as the ITSP team ran around, delivering five live panels in partnership with BrighTALK, launched our Chats on the Road series and our Itineraries on the Road series, and filmed and produced our first episode of our Unusual Gatherings Talk Show (at the amazing Bugcrowd space!).
At last year’s conference, I met Karen Worstell, founder of W Risk Group, who had been following ITSPmagazine and really liked what we were doing, particularly on the subject of diversity and inclusion, so she reached out to me. She and I sat down for a “20-minute” coffee, and over an hour later we both had to dash off to our other appointments. I wound up interviewing her several weeks later for our An InfoSec Life podcast column after she told me her story, which included the stresses, frustrations and victories along her journey as she got into, dropped out of, and then returned to a cybersecurity career.
During the year we stayed in touch, and just before this year’s RSA Conference (2019), she told us that she was putting on a Solving Our Cybersecurity Talent Shortage seminar, a 4-hour session that was broken down into four panels/talks with some amazing speakers from a variety of companies for whom diversity and the talent shortage in cybersecurity were very important.
By the way, Lisa Rothstein, brand storyteller and New Yorker cartoonist, was on-site to capture the entire seminar in ink!
For the last talk—Cybersecurity’s Dirty Little Secret and Talent Grenade: Burnout—Karen asked me to join her, and despite the fact that the little voice in my head was yelling “Noooo!! I can’t, I’m not good enough, I don’t know anything!!” I opened my mouth and said, “Yes!”
This was my second time speaking in public (the first was to an audience of about 10, three of whom were my friends), and this time it was to a full room of about 230 people. After the first five minutes as my heart pounded and my palms sweated and the microphone battery pack clipped to my waistband kept pulling down my pants, I relaxed and actually enjoyed the whole thing. The biggest comfort was that I was not up there alone, and Karen has spoken in public more times than she can count, so her calm and confidence touched me by osmosis.
We talked about burnout, depression and the health issues that come with the territory; we shared personal stories to bring the shame attached to this topic out of the darkness and kick it to the curb; we reminded the room that to survive as individuals, as teams, as companies and as an industry, it was critical that we support each other, much like soldiers out on the war field. When one soldier goes down, the troop doesn’t turn their backs on the fallen—they carry, drag or otherwise bring the injured person to safety and take care of them. We must all #BeAnAlly.
And this was the general theme that was so prevalent at this year’s conference. It started with RSAC who published their new Diversity and Inclusion Initiative just prior to the event, which included such points as:
The elimination of all-male panels (or as I like to call them, “manels”) on the keynote stages
The half-day talent diversity seminar (see above), developed in conjunction with W Risk Group and LadyCoders
A half-day forum developed with Women’s Society of Cyberjutsu, Executive Women’s Forum on Information Security, Risk Management & Privacy (EWF), Women in Security and Privacy (WISP), Women in CyberSecurity (WiCyS), and The Diana Initiative
A Safe Walk program, hotel room blocks for female attendees, onsite child care, a prayer room, a mother’s room, and gender-neutral bathrooms
The ITSPmagazine team filmed daily updates from Moscone Center and included a couple of guests (i.e. friends) on each one who shared their updates for that day, including Chloé Messdaghi who happily remarked on the vast difference re: diversity and inclusion from last year to this year, saying that after last year’s sea of white, male faces, she almost left the industry.
There were several other sessions on mental health in cybersecurity, too, which was very inspiring:
Psybersecurity with Ryan Louie
Stress, Burnout and You: Fireside Chat with Dr. Christina Maslach and Josh Corman
Why the Role of CISO Sucks and What We Should Do to Fix It! with Gary Hayslip and Rick McElroy
There were tons of female keynotes, including Kyla Guru, 16-year-old CEO of her own company, Bits N’ Bytes Cybersecurity, Sylvia Acevedo, CEO of Girl Scouts of the USA and former rocket scientist at NASA, Paula Januszkiewicz, CEO of CQURE, and Tina Fey, writer, actress and producer.
Sean and I interviewed Heather Ricciuto, Academic Outreach Leader at IBM Security, for ITSPmagazine’s The Academy column about all things educational when it comes to attracting and retaining cybersecurity talent, including youth outreach and opening up to a more diverse talent pool (or creating your own!).
And even outside of these sessions, people were talking about taking care of ourselves, each other and our teams, being more inclusive with everyone, and basically just not being an asshole. One man approached me after my and Karen’s talk to tell me how much he appreciated our discussing this topic so honestly and compassionately because, as he shared with me with tears in his eyes, his son was suffering depression and burnout, and he hadn’t been sure how to help him.
Despite this, there were still plenty of times that I was treated as though I were invisible. At ITSPmagazine’s kiosk, for example, many men came over to ask us about our publication, and when faced with me, a woman, and one of the young men that CyberSN (a cybersecurity staffing company) provided for us, they turned their body toward the man and spoke only to him. When I was the one who actually had the answers, I saw the look of surprise (and, for some, shame) on their faces.
Still, the overall feeling of this year’s RSA Conference, and my experience of it, was one of camaraderie, openness, healthiness, and mutual support.
Check out Sean Martin’s recap for a different perspective of #RSAC2019!