Jul 012014

I suppose this could be subtitled “why I won’t be going to Def Con again.”

Last August I wrote a letter to Jeff Moss (who is the founder of Def Con) about the disturbing sexism – including a conference sponsored strip show – I personally witnessed on a short jaunt I took to Def Con along with some anecdotes from the Internet from some women who were harassed.  He wrote back to me and said he wanted to have a better experience for all, irrespective of their genders, and willing to talk about it. That discourse never materialized; instead he sent his emcee of the event to talk to me (reader’s digest of that conversation – the emcee is nice guy, but he just started and didn’t want to make waves and change things too quickly; perhaps someday it will, who knows.)

Not to be dissuaded I asked Jeff to talk again, and once more he blew me off.  That’s certainly his prerogative; while we’ve known each other over 20 years (since the very first Def Con) we’ve gone different, almost opposing directions; me running for the gutter and showing up occasionally in dusty history tomes, he running and roosting at the big Cons, working for Homeland Security and ICANN, and in general positioning himself as a Hacker and security expert. His good timing/luck/prescience at starting Def Con and Black Hat when he did certainly paid off financially and in a variety of other ways.


So why should any of this matter to me? And of course this isn’t an original topic, a variety of others have spoken out on the issue.  I’m certainly not trying to position myself as the Lorax for mute security females – I simply want to add my voice to the chorus.

Def Con is no longer some halcyon hacker hideout where lone wolves hang out to reconnect once a year.  It’s got something well in excess of 10,000 attendees, all paying cash (auditors have to love that!) that feed into a multimillion dollar business; it’s a professional conference, one that folks go to for networking opportunities and to learn about the profession. And as such it’s an extension of the workplace and the security profession, and the behavior and goings on reflect not only the attitudes of the presenters, attendees, and us security folks, but of course Jeff Moss and Def Con itself.  And women and young girls who attend are treated like 2nd class citizens – window dressing to look at (if young and pretty), but not be heard. I can’t simply mutely watch this injustice go by.

But why should anyone else care? Or even if you do, what can you do to fight such a systemic social problem, with mighty forces and sheer numbers against you? While I’m used to tilting at windmills at a quixotic clip, I understand that most exercise a bit more caution and perhaps common sense.

But changing Def Con isn’t changing the entire world – while it might reflect the larger culture and society, it’s also different in that it has a dictator: a leader who could simply wave his scepter and proclaim a variety of changes that would make it a better place.

How so? Well, more women could be invited to participate and speak; bridges could be built with existing positive social organizations[i] to construct a healthier conference environment, positive policies and guidelines created to foment a better atmosphere for all[ii], scholarships and internships for women and young girls[iii], a mentorship program… oh, I don’t know, how about just giving a shit about the situation, there are good counter-examples all over.

Mind you, these aren’t far-fetched or radical notions – virtually every other organization and conference I personally attend, including ones by the IEEE, CACM, USENIX, the American Academy of Arts & Sciences and others all have exactly the sorts of things I suggest above.

As a business you’d think you’d want to expand the growth by tapping into a market that is a near green-field opportunity, but instead Jeff has chosen to promote a frat environment and get volunteer strippers to help boost the troop’s morale. It’s really unfortunate, and especially damaging because most people attending Def Con are our future leaders: when the young and especially impressionable see their heroes or peers engaged in negative behavior it paves the way for more misbehavior.

I’m not sure why people – primarily men, of course, but not restricted to us – condone the overt and appalling sexism present in Def Con; the security field is so bereft of women and minorities already, its difficult to even imagine why you’d either put together or go to such a hostile environment that only further discourages participation.  Perhaps it’s fear of losing jobs and opportunities or perhaps just outright chauvinism and sexism. I do wonder if all the companies who sign the expense checks to their conference goers know what they’re backing.

Everyone has at times complex reasons to do any number of things, but unless you’re one of the oppressed, you’re implicitly (or for some, explicitly) aligning yourself with the sexist and negative culture that thrives at Def Con. When I hear how males talk about the capabilities of girls and women in our field it often makes me feel ill – let me tell you, boys, you don’t have any lock or god-given gift that provides you with the keys to being a great hacker. The reason that there aren’t more women and girls in our field is staring at you in the mirror, not because of any weaknesses in the fairer (sic) sex.

So Jeff – grow up. Join the 20th century, if not the 21st. Make Def Con something that everyone may enjoy and take pride in. It’s something of your legacy, how do you want it to be when you’re gone?  I urge you to reconsider your own participation and start effecting positive change in your young boys club. As for everyone else – thoughts and philosophy matter, but actions at times far more. Be a better human being, and rise above – walk the walk as well as talk the talk. Don’t go to Def Con or fight for change until something actually happens to change the situation.

Perhaps this is just another lost cause. But sometimes those are the only ones really worth fighting for.



[i]the ACM & IEEE have chapters devoted to helping women advance…. It’s not simple, but it’s also not rocket science to improve things; there are many organizations who could help – it’s not simply letting women join in on the fun, there’s so to be gained by having more talent and diversity in the field.

[ii] Codes of conduct, anti-harassment policies that are actually enforced, education, etc. http:// adainitiative.org has a nice set of resources and guidelines about these and other pro-women issues.

[iii] If you think this is far-fetched, Black Hat opened up a scholarship program this year – of course, looking in my crystal ball I will bet on the gender of the recipients.

  4 Responses to “Def Con, Jeff Moss, and Sexism”

  1. “The reason that there aren’t more women and girls in our field is staring at you in the mirror, not because of any weaknesses in the fairer (sic) sex.”

    There are quantifiable scientific performance differentials in related fields and aptitude tests, as well as well-studied personality differences between men and women. In complete absence of sexism, I doubt all fields go to 50/50.

    • I often see this comment, or variants on it, as the standard reply whenever there’s a discussion of sexism. I encourage you to stop and think how bizarre and out of place it is. Let me illustrate one way this line of reasoning can play out:

      Blog author: There are problems X, Y, and Z that depress female participation in FOO
      Commentor: Even if X, Y, and Z were not happening, female participation in FOO would be less than 50% because of BAR (*)
      BA: But don’t you agree that X, Y, and Z are problems?
      C: BAR. It’s scientific truth! How can you deny BAR?
      BA: I’m not arguing with you about BAR specifically because I haven’t researched it, but every time I’ve looked at things like BAR they’ve been either BS or grossly exaggerated. But anyway, X, Y, and Z are real issues.
      C: Feminists can’t handle logic! It’s biological facts that you’re trying to deny!
      BA: Okay, that was uncalled for. You’re now banned. Does anyone else want to actually talk about X, Y, and Z and how to address it?
      C: (later, on /r/MRA or similar) Man, I tried to be reasonable but those crazy feminists just can’t handle the truth. They’ll ban you in a heartbeat; shows how much they really care about freedom.

      This is the path to the dark side. You have already taken the first step along it; I would invite you to consider how you got there, and turn back.

      Realize that this article said nothing at all similar to the phrase “without active sexist douchebaggery, DefCon would be 50% female”, and yet it appears that that’s the sentiment you responded to. I’m sorry if you hear arguments like that elsewhere and they offend your sensibilities; however, the appropriate response is to comment like this in response to some article that’s actually making such arguments, or to get your own blog.

      At the very least, have the presence of mind to realize that this point (to the extent that it’s more than sexism and a thesaurus) is totally tangential to what the article was about, and then have the decency to note that with an opening phrase like “This is a side issue, but…” or “I know this isn’t the point, but…”.

      (*) We imagine here that BAR is some actual evidence citation and not mere assertion; however, whether or not BAR is well sourced has no relevance on how bizarre and out of place this line of argument is.

  2. informative blog post. are there any worthwhile alternatives to dc?

  3. Why exactly does Def Con have to change and adapt to the specifications of people whom it was never designed to serve. Even if I were to share your perspective on what Def Con is and or should be (and as a minority, I certainly do not), why is it so critical that Def Con be the thing that change? Why not simply let the mass exodus of people who want a different experience evolve into a culture of it’s own? I fail to see how creating something that grows into something totally different than it began as has a responsibility to only cadre to it’s most recently acquired target audience?

    If you don’t like Def Con, then stay home, or better yet, start your own event, and invite the same industry professionals and create this “con that everybody can enjoy” that you claim “everybody indeed wants” and leave our space alone.

Sorry, the comment form is closed at this time.