Sometimes shaming works.
Nearly two years ago, I called out the RSA Conference for the lack of keynote speaker diversity at the largest and arguably the most influential Information Security conference in the world, specifically citing their lack of women speakers. In 2018, women made up only 11% of the cybersecurity workforce, but since then that’s improved. According to the (ISC)2’s latest study, pay disparity remains, but women now make up roughly 24% of the cybersecurity workforce.
I wasn’t the only one shaming RSA.
Mashable noted that while Cisco Chief Security and Trust Officer John Stewart was on the RSA 2018 keynote stage saying that diversity in tech is "not about this politically correct thing” 19 of the 20 keynote speakers were men.
After a fair a lot of press and social media response, RSA announced a Diversity Initiative that included expanding its advisory board, greater outreach during the call for speakers, and the elimination of all-male panels in the keynotes stages.
“Two years ago @mashable dinged the @RSAConference for lack of keynote speaker diversity. And they changed. Why shaming sometimes works.”
Tweet This
Since then RSA has vastly improved its keynote ratio. By current count, 17 of their 42 keynote speakers for the 2020 conference are women. Still less than half, but an improvement.
Let’s unpack what had to happen to make that change because it’s not just RSA who holds full responsibility for the level of diversity at their conference.
Diversity Action Shouldn’t Take Forever
Back in 2015, RSA banned “booth babes,” publishing a dress code that required booth attendees to wear “business or business casual attire.” While making a gesture in the right direction, the same year, they were still presenting talks dominated by white males. It took a lot of shaming for things to change. Meanwhile, the research continued to roll in.
Countless studies have proven the benefits of diverse teams and leadership, including this recent one from BCG which found that companies with above-average diverse leadership also brought in a 19% increase in innovation revenue. Real diversity results in diverse thinking, which benefits the bottom line.
What It Takes to Drive Change
The visibility of these studies may be part of what drove sponsors like Microsoft to send a woman to RSA this year. Or it may be that more women have risen to powerful roles. Or that the shame of negative press just wasn’t worth it.
But since RSA changed its rules and specifically said that they support diversity, the change is there. That means sponsors were required to meet those standards.
“@CloudCISO_Joan on why speaking opportunities are an easy area to do good. And why @ @RSAConference improved their keynote speaker diversity ratio.”
Tweet This
Ideally, the male chief architect or senior VP took action as an ally, turning down the opportunity for the exposure they don’t truly need and took the opportunity to say “Hey, no. There is this woman in my team who would be perfect.”
Companies have a monetary motivator to make changes in-house. But there’s also pragmatic and moral responsibility (which circles back to why shaming works): We need a diverse set of people and perspectives (skills) and since tech is one of the Gold Rushes of our time. We should endeavor to make sure that opportunity is distributed fairly. This is one of those moments where we can do a lot of good easily.
About the author
Joan Pepin
Chief Security Officer (CSO)
Previously, Joan served as Business Information Security Officer (BISO) at Nike, Inc, CISO, and VP of Security at Sumo Logic, and held different positions at Guardent/Verisign/Secureworks organization. Joan holds a patent for developing the methodology to assess whether a communication contains an attack.
She is also is a well-recognized thought leader and has spoken at major events, such as RSA, WhiteHat Security Summit, and Forrester Security Summit, and is frequently called upon for her expertise and commentary in Cloud Security and Compliance in large-scale and DevOps/CI environments.View profile