when i see people tweeting, "don't go into infosec if you are a woman because it will suck," should i chime in? on one hand, i don't want to sound like i'm questioning the legitimacy of others' negative experiences. on the other hand, i've had a glowingly positive and respectful experience working in infosec, all things considered, and don't want others to give up because they've only heard negative stories.
2/ the answer probably depends on what percentage of women have had positive vs negative experiences in infosec. for instance, if i'm an extreme outlier, sharing my experiences would likely do more harm than good by giving others high expectations which would likely never be fulfilled.
@bcrypt I neither am a woman nor work in Info Sec directly, so take whatever I say with a grain of salt. But I'd posit that if we discourage women from entering InfoSec until the industry changes it will have no incentive to change. As hard as it may be for some as they blaze that trail, it still seems that the best way for the industry to change is to have more awesome female engineers who show people inside the industry, and outside it as well, what's possible.
@bcrypt any ideas why your experience turned out so positive? It might be the companies you've worked for vs the ones the women with bad experiences worked for. Maybe if you share the positive experiences with a little detail about where it was at you would prevent the harm you're worried about.
@bcrypt I think it's useful to hear that experiences vary. Also, telling women about possible negative experiences working at tech companies hasn't scared off most that I've talked to — often they've thanked me for giving them a more informed choice, and more ideas about how to build a supportive network. So I think it makes sense to talk about what you like about the field, and what your career has been like, as long as as you acknowledge other experiences are valid too.
@bcrypt I think one of the biggest problems here (and maybe across all of tech) is the disparity between price and public spaces. I've had nothing but good experiences with my own employment. But there are tons of public spaces, both online and offline, (conventions, birdsite, the orange website) where I and people I know have really really bad times. DEFCON and Blackhat specifically get really bad reps.
@bcrypt and certainly, it seems very likely that it only takes is a few bad actors to tragedy-of-the-commons a collective trust in an industry. Do I feel more wary with ANY company or tech guy after this google thing? Yeah, I do. even though I know statistically, the odds of me encountering someone like that is really low, the fact that these people do exist, the way google handled the situation, and seeing these supportive takes from VCs and founders have all made me lose trust
@bcrypt IMO, "do/don't go into [field]" is unhelpful advice. It's better to refocus the discussion and say, "well, if you *do* go into [field], here are some tips." That includes identifying healthier places to work, what to look for in coworkers & mentors, etc.
You know "good"-- if you share that, new people can learn to recognize it, or see where it's missing. Others know "bad". Both are needed for solid guidance, regardless of rarity.
(hope it's ok to jump in like this-- similar issues in my work/life)