At OurSA, women and minority speakers make cybersecurity human

The event came about in response to a lack of women keynote speakers at the annual RSA cybersecurity conference.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read

Spotify security engineer Kelly Lum speaks at the OurSA conference in San Francisco on Tuesday. Lum was one of 23 speakers at the cybersecurity-focused event.

Laura Hautala/CNET

If Melanie Ensign has her way, the inaugural OurSA conference will also be the last. The event Tuesday sought to highlight cybersecurity experts from diverse backgrounds and came in response to criticism of this year's RSA Conference for an initial lineup of headline speakers that featured only one woman out of 20 total.

If there's a second OurSA conference in 2019, "I'll have failed," said Ensign, who in her day job is a spokeswoman for Uber. 

That's because her goal is to show organizers of events like RSA that there are plenty of cybersecurity experts, who also happen to be women and minorities, available to headline conferences. If she succeeds, more of the speakers from Tuesday's event will be giving talks at the original RSA -- one of the largest annual gatherings of cybersecurity professionals in the world. 

Tuesday's conference took place on the first full day of the weeklong RSA conference, putting it in competition with an event that last year attracted 43,000 attendees. But the lack of women headliners struck a nerve at a time when women make up just 11 percent of the cybersecurity workforce. The conference ended up filling 250 seats at the headquarters of web traffic management company Cloudflare, and 1,500 people tuned in via livestream, according to conference organizers.

Making cybersecurity human

The conference included technical talks that are the hallmark of cybersecurity conferences, including one from Cloudflare head of products Jennifer Taylor on protecting websites from attacks like the one that took down portions of the internet for several hours in 2016, and a talk from Facebook security expert Kate McKinley on securing sensitive information stored in a computer's memory. 

But it also focused on the ways in which cybersecurity touches on social issues like domestic violence and political activism. Several speakers argued for making security easier for regular internet users to understand. Jessy Irwin, head of security at blockchain company Tendermint, said it's important not to use jargon or focus on the most sophisticated hacking tools that could compromise a user's system.

"Literally no one knows what that is and cares about it," Irwin said.

A demand for diverse conference speakers

The OurSA conference got its start when Facebook Chief Security Officer Alex Stamos suggested a lineup of women speakers RSA could have drawn from for its keynotes. When Twitter users retweeted his suggestions more than 400 times, the idea got legs.

In less than five days, a group of organizers had come together to launch OurSA, including Stamos, Engsign and Google's Parisa Tabriz. Tabriz said Tuesday the conference sold out in 12 hours and received almost 100 applications from people hoping to present.

While the focus was initially on the lack of women at RSA, OurSA organizers sought to put together a group of presenters from backgrounds that are "traditionally underrepresented" in cybersecurity, including people of color.

RSA Conference organizers congratulated Stamos and Tabriz for organizing OurSA. "We applaud the efforts of OurSA for putting this event together, and bringing attention to the need for diversity in information security," RSA vice president and curator Sandra Toms said when OurSA was announced.

Since the controversy over RSA's keynote speaker lineup, the conference added five more women headliners, including US Department of Homeland Security Secretary Kirstjen Nielsen and Reshma Saujani, chief executive officer of Girls Who Code, a nonprofit that aims to bring more women and girls into the tech sector.

For his part, Facebook's Stamos said he'd be happy to see another OurSA conference come together. But Tabriz, whose day job includes securing Google's Chrome browser, emphasized she already has a lot on her plate. What's more, she hopes the message from OurSA is clear to the organizers of other cybersecurity conferences: If we can find these speakers, so can you.

"My goal for this is for other events stop making excuses," Tabriz said.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

iHate: CNET looks at how intolerance is taking over the internet.