Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
March 26-29, 2019
Singapore
Black Hat USA
August 3-8, 2019
Las Vegas, NV, USA
Black Hat Europe
December 3-6, 2019
London UK
5/31/2019
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat Q&A: Building Infosec Communities for Women

Three security experts offer a sneak peek into their upcoming Black Hat USA talk on organizing female infosec communities in Korea, Japan and Taiwan.

We recently spoke (via email) with Asuka Nakajima, Suhee Kang, and Hazel Yen who will be sharing their success stories about building a thriving network of cybersecurity communities for women during to Black Hat USA in Las Vegas this August,

Hey there! Please tell us a bit about yourselves.

Suhee Kang: I work at POC Security in South Korea as a researcher. I am also the organizer of POC, Zer0Con and MOSEC international hacking conferences. In addition, I founded a hacking contest called Power of XX CTF to cultivate female hackers. All these things start from POC and my university’s cybersecurity club, SISS (Sookmyung Information Security Study).

Asuka Nakajima: I am a founder and leader of CTF for GIRLS, which is the first female infosec community for women in Japan. Currently, I work for NTT Secure Platform Laboratories as a security researcher. My research interests include reverse engineering, vulnerability discovery, and IoT security. I also serve as a Regional Review Board member of Black Hat Asia.

Hazel Yen:I am a co-founder and coordinator of HITCON GIRLS which is the first security GIRLS. During this time, I used to be the leader of the malware analysis group. Now I work for DEVCORE, focusing on web application security. Last year, I was the coordinator of the Hack in Taiwan Conference (HITCON CMT 2018).

What are you going to be speaking about at Black Hat?

We will share three things as follows: The history and current status/activities of three representative Asian female communities, Power of XX, CTF for GIRLS, and HITCON GIRLS, which are established in Korea, Japan, and Taiwan (respectively). Also, how we build and maintain our communities and how we tackle the various challenges, such as having a sustainable community.

We revealed the crucial factors in starting and continuing a female community by contrasting the three communities. One of the examples is that every community had been started by a few tech-savvy women with the support of an existing local community.

For Power of XX, we’ll talk about the beginnings of the group, what we do to cultivate female hackers in Korea, what difficulties occur, and our efforts to overcome those difficulties.

For CTF for GIRLS, we’ll explain how the group works, how we visualized and established the CT for GIRLS community, and what we do to build it in a sustainable way.

Finally, we’ll discuss the purpose, origins, and current status of HITCON GIRLS. We believe the field of cybersecurity should be as accessible to girls as it is to boys, and we will show you what events, programs, and techniques we use to make that possible.

Why is this important right now?

Since the importance of getting more women into the infosec field is increasing, and the number of female communities has gradually increased these past few years (e.g., WiCyS, Black Hoodies, etc.), we think that this is the right time to discuss this topic publicly.

Some of our communities have been active since 2011. Over these eight years, we have faced and solved many challenges and obstacles to building the community. Moreover, a comparison of these three communities reveals some of the crucial factors (necessary) to start and continue a female community. We believe that this talk could help start a new female community and encourages other existing female communities.

Power of XX (Korea), CTF for GIRLS (Japan), and HITCON GIRLS (Taiwan) are all well-known communities in the Asian region. However, since there is a huge language barrier between Asian and Western countries, the information is still not widespread to the Western communities. Thus, we believe that this talk could help to understand the history and current status of the Asian female communities

Suhee: Throughout the talk, we hope attendees understand the true nature of our communities from the top to bottom. Also hope they can understand that our power is not trivial and the scale of ‘women in security’ is getting vast. Besides that, there are parts (where)  we want to support. We want to (create) an opportunity to cooperate with Western countries’ women InfoSec community so that we can increase the size of the society. We believe this will be a great start for both Asian & Western communities.

Hazel: For myself, I wish our speech can help more women have a connection with each other. And spread propaganda: we may be a minority in InfoSec field, but not weak.

Where do you see the most need for such communities, and why?

Suhee: When I was in university infosec club SISS six years ago, it was a total disaster and few women were learning to hack. At the time, it was really hard for women to survive for several reasons (a small number of people, lack of community, difficulty in learning, etc) so a lot of female students either giving up on their degree or changed courses in the middle.

That’s why we made our community: to cultivate women researchers and hackers.

Asuka; Based on my personal experience and the opinions of my female friends, women who are interested in infosec field sometimes feel as following:

“To me, it is difficult to fit into a workshop (community) because most of the participants are men...”

“Because most of the security engineers are men, maybe infosec is not for women..”

“I really want to start learning infosec but I don't know where to start, and I don’t have friends to ask about that kind of thing...”

Thus I thought, the first step to break the barriers is to make a female community and hold workshops for women.

Hazel: When it comes to talk about the most need for communities, my opinion is that we need to be telling girls that we are here at the early stage. According to our experience, we know there aren’t many women in the infosec field. For the above reasons, if there is a female community they can join, we believe that might change, because women with these interests would not feel left out anymore.

Whenever I start a community, I always tell my members that we are not behind the rest of the infosec field; everyone is good at something. I think what we need to remember most is, "self-trust is the first secret of success".

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9561
PUBLISHED: 2019-06-19
In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7...
CVE-2018-9563
PUBLISHED: 2019-06-19
In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 ...
CVE-2018-9564
PUBLISHED: 2019-06-19
In llcp_util_parse_link_params of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Andro...
CVE-2019-2003
PUBLISHED: 2019-06-19
In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-...
CVE-2019-2017
PUBLISHED: 2019-06-19
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 ...