The following commentary was contributed by GhostShell of Team GhostShell, in honor of International Women’s Day.
Something has been bugging me for quite some time and I was planning on speaking about it publicly eventually but I suppose now is a good opportunity for it, too.
While active all these years on the scene together with the other hacktivists, we would always joke around about how there weren’t any girls involved in hacking activities. Even if this is true to some extent that doesn’t mean there weren’t any apart of the active operations.
Helping the cause in their own way, both out in public and behind the scene. And even if the masses aren’t aware of it, they too were subjected to raids and/or interventions, where the authorities showed up at their place for questioning.
Just because no one reported it like they did with every 14 year old boy that defaced a random website doesn’t mean they don’t exist. I just wanted to say that.
Also, I believe that people from cybersecurity and even those revolving around it should encourage and help whenever they can to make the industry more diverse by accepting girls/women too whenever they take an interest. Far too many times I’ve seen the argument in the mainstream media about how women make up a considerable portion of employees from this sector and yet whenever I did research on it, the majority of them were working only on other positions, usually in marketing, sales and recruiting.
I challenge everybody from this industry or those that are curious enough to go around the biggest and most hyped infosec companies from the west and look at their employees list. You’ll find every random guy possible working as an architect, pentester, engineer and so on while the women are reduced to being secretaries. Are first world countries that inferior? Throughout the years I’ve looked into hundreds of them and I can honestly say the number of women I saw working as a whitehat hacker were less than a dozen at both large corporations and small start-ups.
Isn’t it about time we started talking about it? The same goes for rogue hackers in general. The media makes it seems that all these companies can’t get enough out of skilled hackers but has anyone ever tried to apply at one of them? Because I have. At multiple and guess what, it’s not exactly as you’d imagine. I’d go into details but instead of embarrassing them I’d like to stimulate someone’s curiosity and try to find a job in cybersecurity without a specific degree or 2000 euro certificate. (How many hacktivists or hackers in general have that kind of money lying around?)
I’m not saying that we should go around kidnapping girls from one sector and force or trick them in this one but somehow articles about how every teenage boy hacker is a cyber stalker / cyber terrorist / possible pedophile and how every one that gets caught will go to jail for hundreds of years isn’t exactly helping with the whole situation either.
It might be time we had an open conversation about security testing and even have open networks where anyone curious can come and talk about hacking without fear of being prosecuted, without being silenced by ban triggered admins and mods or attacked and bullied out of this topic.
I’ve been in infosec for more than 20 years and I can’t tell you the amount of shit I had to take from guys. It starts with “harmless” flirting with guys who say things like, “I’m just letting you know I find you attractive.” I’ve found that men in tech are still intimidated by very smart women. It’s the non-stop hazing that keeps women from trying to work in high tech. It’s tough to be able to prove yourself to a company full of men who wanted your job. The upside is, once you gain the respect of men, most will consider you in awe. The others will always wonder who you slept with to get to the top. I don’t see an end to these attitudes, but it helps to admit that they’re real concerns.