yan 🐇 is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
yan 🐇 @bcrypt

when i see people tweeting, "don't go into infosec if you are a woman because it will suck," should i chime in? on one hand, i don't want to sound like i'm questioning the legitimacy of others' negative experiences. on the other hand, i've had a glowingly positive and respectful experience working in infosec, all things considered, and don't want others to give up because they've only heard negative stories.

· Web · 4 · 17

2/ the answer probably depends on what percentage of women have had positive vs negative experiences in infosec. for instance, if i'm an extreme outlier, sharing my experiences would likely do more harm than good by giving others high expectations which would likely never be fulfilled.

@bcrypt I neither am a woman nor work in Info Sec directly, so take whatever I say with a grain of salt. But I'd posit that if we discourage women from entering InfoSec until the industry changes it will have no incentive to change. As hard as it may be for some as they blaze that trail, it still seems that the best way for the industry to change is to have more awesome female engineers who show people inside the industry, and outside it as well, what's possible.

@bcrypt any ideas why your experience turned out so positive? It might be the companies you've worked for vs the ones the women with bad experiences worked for. Maybe if you share the positive experiences with a little detail about where it was at you would prevent the harm you're worried about.

@bcrypt I would be really excited to be another woman in infosec but I'm not sure how to make that happen. Do you have resources for getting started in non-code-heavy positions? It's just not my forte, and feel like I could bring other experience/perspectives.

@bouncinglime i'd start by looking at open source projects you care about and finding small ways to contribute, even if it's just documentation

@bcrypt I think you should speak out. Especially if you could share why things are okay. We don't have statistically viable data anyway to determine the dominant trend:(

@bcrypt you could disclaim that you might be an extreme outlier, and what factors might contribute to that, and that might help people have a similarly great experience as you have?

@bcrypt I think it's important that you should speak up. I work with some of the best women in infosec at my Co. And we go out of our way to mentor and have female interns. But I don't work in "tech" so maybe that has something to do with it.

@bcrypt I think it's useful to hear that experiences vary. Also, telling women about possible negative experiences working at tech companies hasn't scared off most that I've talked to — often they've thanked me for giving them a more informed choice, and more ideas about how to build a supportive network. So I think it makes sense to talk about what you like about the field, and what your career has been like, as long as as you acknowledge other experiences are valid too.

@bcrypt if you don't stand up the experience of others will be treated as consensus. If you do, you risk being attacked for it. I'd stand up, but word carefully (but then again I'm a white dude)

@bcrypt I think one of the biggest problems here (and maybe across all of tech) is the disparity between price and public spaces. I've had nothing but good experiences with my own employment. But there are tons of public spaces, both online and offline, (conventions, birdsite, the orange website) where I and people I know have really really bad times. DEFCON and Blackhat specifically get really bad reps.

@bcrypt Ultimately, the private spaces are more important to my day to day life. But—unfairly, probably—my brain considers the public spaces "more representative" of the rest of the industry, even though I know that's a flawed notion.

@bcrypt and certainly, it seems very likely that it only takes is a few bad actors to tragedy-of-the-commons a collective trust in an industry. Do I feel more wary with ANY company or tech guy after this google thing? Yeah, I do. even though I know statistically, the odds of me encountering someone like that is really low, the fact that these people do exist, the way google handled the situation, and seeing these supportive takes from VCs and founders have all made me lose trust

@bcrypt IMO, "do/don't go into [field]" is unhelpful advice. It's better to refocus the discussion and say, "well, if you *do* go into [field], here are some tips." That includes identifying healthier places to work, what to look for in coworkers & mentors, etc.

You know "good"-- if you share that, new people can learn to recognize it, or see where it's missing. Others know "bad". Both are needed for solid guidance, regardless of rarity.

(hope it's ok to jump in like this-- similar issues in my work/life)