R.E.S.P.E.C.T.

“R E S P E C T! Find out what it means to me” – Aretha Franklin

The recently deceased Queen of Soul sang about Respect. Respect, something that should be given across the board, to everyone until they prove otherwise. Respect, which is one quality that makes people Rockstars in our industry. Respect, something that winds up lacking all too often.

There has been a <expletive> storm going on from Defcon and the hotels about security policies that have been put in place since the mass shooting last October. This has had to do with room checks and issues with them, especially for women. Now, I am not going ot get into it all, you can look up at Katie Moussouris’ Twiter timeline to get a full idea of the storm itself. The fact that this female in our industry, who is not just a “Rockstar” but a huge leader wound up having to argue with others in our industry about the fears and the way the room checks were handled shows a lot about us. It shows why there are movements to protect women, it shows why women do not want to go into our industry. If someone who should be respected and listened to has to put up so many explanations because people keep belittling her statements and not listening to her, imagine how the women who keep a low profile feel? The funny thing is that Katie (and the others) did not object to the room searches themselves, but the way they were handled, and the blind faith they were supposed to put into believing a stranger at their door (if they were not walked in on which has been documented also for both male and female attendees).

Let us frame this in another way. Think of the field we are in, and the red team tests that happen. Think of the social engineering. For that matter, look up the show on Nation Geographic which featured Jayson Street performing social engineering in Lebanon. He walks into banks, no ID needed just saying that he is from X and needs to check X on their computers. Physical pen test complete. We can sit back and listen to his stories from other engagements he has been on and shake our heads at why people are so trusting without ID, and yet we turned around when women in our field that know this and were trying to verify that strangers were who they said they were (possibly hotel security), and felt threatened and uncomfortable, and tell them they were wrong to feel threatened? Look at this information from the National Sexual Violence Resource Center:

 

• One in five women and one in 71 men will be raped at some point in their lives
• In the U.S., one in three women and one in six men experienced some form of contact sexual violence in their lifetime
• 51.1% of female victims of rape reported being raped by an intimate partner and 40.8% by an acquaintance
• 52.4% of male victims report being raped by an acquaintance and 15.1% by a stranger
• Almost half (49.5%) of multiracial women and over 45% of American Indian/Alaska Native women were subjected to some form of contact sexual violence in their lifetime
• 91% of victims of rape and sexual assault are female, and nine percent are male

We are supposed to be security experts. Yes our main area is that of 1s and 0s but that does not matter. Security is security. Katie had mentioned ways that the situation could have been avoided. Defcon’s organizers are investigating the situations with the hotels. Hopefully something good will come of this in the end, but the lack of trust in fellow information security practitioners is not going to be easily fixed. Those that lashed out at the people complaining about the way these checks were handled might not care about the trust they lost, but I do, because that reflects on our “community” as a whole. It shows that we are not as welcoming as we think. We have a long way to go. We need to learn from this, and fast.