Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
May 4-7, 2021
Virtual Event
Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
Black Hat Europe
November 8-11, 2021
Virtual Event
5/31/2019
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat Q&A: Building Infosec Communities for Women

Three security experts offer a sneak peek into their upcoming Black Hat USA talk on organizing female infosec communities in Korea, Japan and Taiwan.

We recently spoke (via email) with Asuka Nakajima, Suhee Kang, and Hazel Yen who will be sharing their success stories about building a thriving network of cybersecurity communities for women during to Black Hat USA in Las Vegas this August,

Hey there! Please tell us a bit about yourselves.

Suhee Kang: I work at POC Security in South Korea as a researcher. I am also the organizer of POC, Zer0Con and MOSEC international hacking conferences. In addition, I founded a hacking contest called Power of XX CTF to cultivate female hackers. All these things start from POC and my university’s cybersecurity club, SISS (Sookmyung Information Security Study).

Asuka Nakajima: I am a founder and leader of CTF for GIRLS, which is the first female infosec community for women in Japan. Currently, I work for NTT Secure Platform Laboratories as a security researcher. My research interests include reverse engineering, vulnerability discovery, and IoT security. I also serve as a Regional Review Board member of Black Hat Asia.

Hazel Yen:I am a co-founder and coordinator of HITCON GIRLS which is the first security GIRLS. During this time, I used to be the leader of the malware analysis group. Now I work for DEVCORE, focusing on web application security. Last year, I was the coordinator of the Hack in Taiwan Conference (HITCON CMT 2018).

What are you going to be speaking about at Black Hat?

We will share three things as follows: The history and current status/activities of three representative Asian female communities, Power of XX, CTF for GIRLS, and HITCON GIRLS, which are established in Korea, Japan, and Taiwan (respectively). Also, how we build and maintain our communities and how we tackle the various challenges, such as having a sustainable community.

We revealed the crucial factors in starting and continuing a female community by contrasting the three communities. One of the examples is that every community had been started by a few tech-savvy women with the support of an existing local community.

For Power of XX, we’ll talk about the beginnings of the group, what we do to cultivate female hackers in Korea, what difficulties occur, and our efforts to overcome those difficulties.

For CTF for GIRLS, we’ll explain how the group works, how we visualized and established the CT for GIRLS community, and what we do to build it in a sustainable way.

Finally, we’ll discuss the purpose, origins, and current status of HITCON GIRLS. We believe the field of cybersecurity should be as accessible to girls as it is to boys, and we will show you what events, programs, and techniques we use to make that possible.

Why is this important right now?

Since the importance of getting more women into the infosec field is increasing, and the number of female communities has gradually increased these past few years (e.g., WiCyS, Black Hoodies, etc.), we think that this is the right time to discuss this topic publicly.

Some of our communities have been active since 2011. Over these eight years, we have faced and solved many challenges and obstacles to building the community. Moreover, a comparison of these three communities reveals some of the crucial factors (necessary) to start and continue a female community. We believe that this talk could help start a new female community and encourages other existing female communities.

Power of XX (Korea), CTF for GIRLS (Japan), and HITCON GIRLS (Taiwan) are all well-known communities in the Asian region. However, since there is a huge language barrier between Asian and Western countries, the information is still not widespread to the Western communities. Thus, we believe that this talk could help to understand the history and current status of the Asian female communities

Suhee: Throughout the talk, we hope attendees understand the true nature of our communities from the top to bottom. Also hope they can understand that our power is not trivial and the scale of ‘women in security’ is getting vast. Besides that, there are parts (where)  we want to support. We want to (create) an opportunity to cooperate with Western countries’ women InfoSec community so that we can increase the size of the society. We believe this will be a great start for both Asian & Western communities.

Hazel: For myself, I wish our speech can help more women have a connection with each other. And spread propaganda: we may be a minority in InfoSec field, but not weak.

Where do you see the most need for such communities, and why?

Suhee: When I was in university infosec club SISS six years ago, it was a total disaster and few women were learning to hack. At the time, it was really hard for women to survive for several reasons (a small number of people, lack of community, difficulty in learning, etc) so a lot of female students either giving up on their degree or changed courses in the middle.

That’s why we made our community: to cultivate women researchers and hackers.

Asuka; Based on my personal experience and the opinions of my female friends, women who are interested in infosec field sometimes feel as following:

“To me, it is difficult to fit into a workshop (community) because most of the participants are men...”

“Because most of the security engineers are men, maybe infosec is not for women..”

“I really want to start learning infosec but I don't know where to start, and I don’t have friends to ask about that kind of thing...”

Thus I thought, the first step to break the barriers is to make a female community and hold workshops for women.

Hazel: When it comes to talk about the most need for communities, my opinion is that we need to be telling girls that we are here at the early stage. According to our experience, we know there aren’t many women in the infosec field. For the above reasons, if there is a female community they can join, we believe that might change, because women with these interests would not feel left out anymore.

Whenever I start a community, I always tell my members that we are not behind the rest of the infosec field; everyone is good at something. I think what we need to remember most is, "self-trust is the first secret of success".

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26077
PUBLISHED: 2021-05-10
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring...
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.