We have a soft spot in our hearts for SummerCon. This event, the longest-running hacker conference in the US, is a great chance to host hacker friends from around the world in NYC, catch up in person, and learn about delightfully weird security topics. It draws a great crowd, ranging from “hackers to feds to convicted felons to concerned parents.”
The folks running SummerCon have pulled together an excellent line-up of high-quality talks time and again. However, this year there’s a bigtime issue: all the speakers are men.
We recognize the thanklessness of the job of hosting SummerCon and assume the best of intentions. Nonetheless, we were disappointed. This lineup isn’t an exception to security conferences – it’s close to the norm. Exclusion of women and minorities in the security industry is a pandemic that we need to address. The hacker conference that started them all should be at the forefront of the solution.
This year we’ll be working together to change that.
A grant for inclusion in security research
We are partnering with the SummerCon Foundation to create the Trail of Bits SummerCon Fellowship. This grant will provide $100,000 in funding for budding security researchers. At least 50% of the program spots will be reserved for minority and female-identifying candidates. The organization will reach out directly to women- and minority-serving groups at universities to encourage them to apply (shout out to @MaddieStone for that awesome idea!). Participants will receive grant funding, mentorship from Trail of Bits and the SummerCon Foundation, and an invitation to present their findings at SummerCon after their fellowship.
In addition to this program, SummerCon has committed to a greater level of transparency and representation in its future selection of speakers. They’ll publish well-defined criteria for their CFP. They will identify the SummerCon alumni who comprise their speaker-selection committee. Finally, they will expand the selection team to include 50% minorities and women.
Next, SummerCon has committed to making the conference a safe space of inclusion. They’ve announced and will enforce a clear anti-harassment policy with multiple points of contact for reporting disrespectful behavior. Violators will be kicked out.
Finally, in a small effort to bring more awareness to the change, we have a sweet bonus in store: Keep your eyes peeled for the Trail-of-Bits-sponsored ice cream flavor in a Van Leeuwen ice cream truck outside LittleField. For every scoop sold, we’ll be matching the sales with a donation to Girls Who Code.
Does it fix the problem?
No. This is a small step. The issue of inclusion within security is much bigger than one small annual hacker meetup. Fortunately, everyone in the industry can help, including us. Even today, our growing team of 37 people has only four women, only two of whom are engineers. We must do better.
We’ve already taken some steps to improve:
- Co-developed and sponsored NYU’s Cybersecurity Symposium for Women to help mid-career pros join the sector
- Taught a session on exploitation at NYU’s Cybersecurity Summer Program for High School Women (And hired our first high school intern from the program, Loren, who killed it!)
- Our bi-monthly meetup, Empire Hacking, hosted 50% women speakers this year. It has always had an enforced code of conduct.
- Created the CTF Field Guide to help eliminate the knowledge gap for industry newcomers
- Edited our job postings to eliminate/balance gender-signalling language
- ⅓ of our executive management team is female
- Increased our parental leave for both primary and secondary caregivers
Here’s what we’ll do this year:
- Actively work with diversity- and inclusion-recruiting groups to get out of the cycle of predisposing our recruiting toward homogeneity
- Continue to search for opportunities to volunteer and mentor with groups that support inclusion in tech and infosec
- Reimburse employees for any tax expenses incurred for insurance of domestic partners
Want to participate as a SummerCon research fellow? Keep an eye on @trailofbits. We’ll be making a joint announcement with SummerCon soon.
Have other ideas about how to foster a more inclusive security environment? Contact us!