Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
March 26-29, 2019
Singapore
Black Hat USA
August 3-8, 2019
Las Vegas, NV, USA
Black Hat Europe
December 2-5, 2019
London UK
5/31/2019
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat Q&A: Building Infosec Communities for Women

Three security experts offer a sneak peek into their upcoming Black Hat USA talk on organizing female infosec communities in Korea, Japan and Taiwan.

We recently spoke (via email) with Asuka Nakajima, Suhee Kang, and Hazel Yen who will be sharing their success stories about building a thriving network of cybersecurity communities for women during to Black Hat USA in Las Vegas this August,

Hey there! Please tell us a bit about yourselves.

Suhee Kang: I work at POC Security in South Korea as a researcher. I am also the organizer of POC, Zer0Con and MOSEC international hacking conferences. In addition, I founded a hacking contest called Power of XX CTF to cultivate female hackers. All these things start from POC and my university’s cybersecurity club, SISS (Sookmyung Information Security Study).

Asuka Nakajima: I am a founder and leader of CTF for GIRLS, which is the first female infosec community for women in Japan. Currently, I work for NTT Secure Platform Laboratories as a security researcher. My research interests include reverse engineering, vulnerability discovery, and IoT security. I also serve as a Regional Review Board member of Black Hat Asia.

Hazel Yen:I am a co-founder and coordinator of HITCON GIRLS which is the first security GIRLS. During this time, I used to be the leader of the malware analysis group. Now I work for DEVCORE, focusing on web application security. Last year, I was the coordinator of the Hack in Taiwan Conference (HITCON CMT 2018).

What are you going to be speaking about at Black Hat?

We will share three things as follows: The history and current status/activities of three representative Asian female communities, Power of XX, CTF for GIRLS, and HITCON GIRLS, which are established in Korea, Japan, and Taiwan (respectively). Also, how we build and maintain our communities and how we tackle the various challenges, such as having a sustainable community.

We revealed the crucial factors in starting and continuing a female community by contrasting the three communities. One of the examples is that every community had been started by a few tech-savvy women with the support of an existing local community.

For Power of XX, we’ll talk about the beginnings of the group, what we do to cultivate female hackers in Korea, what difficulties occur, and our efforts to overcome those difficulties.

For CTF for GIRLS, we’ll explain how the group works, how we visualized and established the CT for GIRLS community, and what we do to build it in a sustainable way.

Finally, we’ll discuss the purpose, origins, and current status of HITCON GIRLS. We believe the field of cybersecurity should be as accessible to girls as it is to boys, and we will show you what events, programs, and techniques we use to make that possible.

Why is this important right now?

Since the importance of getting more women into the infosec field is increasing, and the number of female communities has gradually increased these past few years (e.g., WiCyS, Black Hoodies, etc.), we think that this is the right time to discuss this topic publicly.

Some of our communities have been active since 2011. Over these eight years, we have faced and solved many challenges and obstacles to building the community. Moreover, a comparison of these three communities reveals some of the crucial factors (necessary) to start and continue a female community. We believe that this talk could help start a new female community and encourages other existing female communities.

Power of XX (Korea), CTF for GIRLS (Japan), and HITCON GIRLS (Taiwan) are all well-known communities in the Asian region. However, since there is a huge language barrier between Asian and Western countries, the information is still not widespread to the Western communities. Thus, we believe that this talk could help to understand the history and current status of the Asian female communities

Suhee: Throughout the talk, we hope attendees understand the true nature of our communities from the top to bottom. Also hope they can understand that our power is not trivial and the scale of ‘women in security’ is getting vast. Besides that, there are parts (where)  we want to support. We want to (create) an opportunity to cooperate with Western countries’ women InfoSec community so that we can increase the size of the society. We believe this will be a great start for both Asian & Western communities.

Hazel: For myself, I wish our speech can help more women have a connection with each other. And spread propaganda: we may be a minority in InfoSec field, but not weak.

Where do you see the most need for such communities, and why?

Suhee: When I was in university infosec club SISS six years ago, it was a total disaster and few women were learning to hack. At the time, it was really hard for women to survive for several reasons (a small number of people, lack of community, difficulty in learning, etc) so a lot of female students either giving up on their degree or changed courses in the middle.

That’s why we made our community: to cultivate women researchers and hackers.

Asuka; Based on my personal experience and the opinions of my female friends, women who are interested in infosec field sometimes feel as following:

“To me, it is difficult to fit into a workshop (community) because most of the participants are men...”

“Because most of the security engineers are men, maybe infosec is not for women..”

“I really want to start learning infosec but I don't know where to start, and I don’t have friends to ask about that kind of thing...”

Thus I thought, the first step to break the barriers is to make a female community and hold workshops for women.

Hazel: When it comes to talk about the most need for communities, my opinion is that we need to be telling girls that we are here at the early stage. According to our experience, we know there aren’t many women in the infosec field. For the above reasons, if there is a female community they can join, we believe that might change, because women with these interests would not feel left out anymore.

Whenever I start a community, I always tell my members that we are not behind the rest of the infosec field; everyone is good at something. I think what we need to remember most is, "self-trust is the first secret of success".

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16395
PUBLISHED: 2019-09-17
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16396
PUBLISHED: 2019-09-17
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.
CVE-2019-16199
PUBLISHED: 2019-09-17
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
CVE-2019-16391
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
CVE-2019-16392
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.