To hear Stephen Northcutt tell it, a controversial women-only conference announced by SANS started innocently enough. Last week, Northcutt looked around a conference room in Boston and noticed that there were only three women and more than 100 men. Nothing new there. But this time, he got an idea about attracting more women to the field (not to mention almost doubling the number of people who might join SANS): Why not have a conference just for women?
On Monday, July 15, the SANS (Systems Administration, Networking and Security) Institute announced just that—a September conference in the New Orleans French Quarter at which all the teachers, staff, vendor representatives and attendants will be female. And on Tuesday? “I got my hard hat on,” says Northcutt, director of training for the research and education organisation, who received 220 heated e-mails about Monday’s announcement by 11 a.m. Pacific time the next day.
“I’ve got a tremendous amount of response, more than we’ve ever gotten for anything else we’ve ever done, which is pretty scary to me,” he says. “People have very strong opinions. A lot of males have written and almost consistently called it sexual discrimination. And the females seem to be divided into two specific camps”: those glad to be offered a break from male-dominated security events, and those who don’t want any special treatment.
“What’s next?” asked one female security practitioner. “Are you going to do a session for African Americans only? Native Americans only? I’m sorry, but this is insulting and unnecessary.”
“In no way are we saying women are inferior or they need help,” answers SANS instructor Judy Novak. “We’re saying please, come participate, it’s a wonderful field.” Novak says the lack of women in the field is unnerving and not getting any better. “You’d think there’d be some momentum, but it just hasn’t been that way. The whole thing is to make women feel like they belong.”
CIO has long tracked the shortage of women in IT, most recently with a pair of articles titled “Why Women Hate IT” (Sept. 1, 2000) and “Why IT Hates Women (and the Women Who Stay Anyway)” (Sept. 15, 2001). That same loathing could just as easily be addressed in information security, and that’s too bad.
The question is how to change the lopsided numbers. A woman-only conference might attract a few more women to the field. More likely, though, it will just make other SANS conferences even more male-dominated and upset a lot of people in the meantime.
Northcutt, for his part, says he’s shocked by the response. But a former board member of SANS rival International Information Systems Security Certification Consortium suggests that the outpouring might be just what SANS wanted.
“Segregating training for women seems to be a marketing ploy,” says Micki Krause, director of information security at PacifiCare Health Systems in Santa Ana, California. “My first thought was, what are they going to do, hand out pink diplomas? I’m a professional first with professional accreditations. The fact that I’m a woman is secondary to my doing a good job.”