Women Unite Over CTF RSA 2020

podcast default

In this episode of the Cybrary Podcast we sit down with Chloe the VP of of Strategy for Point3 Security at Point3's Women Unite Over CTF Event at RSA2020. Chloe explains how Point3 started the Women Unite Over CTF event as a way to be more inclusive within the cybersecurity community, and how the skill levels of the event range from beginner to more advanced.

Topic: Women Unite Over CTF
Hosted by: Thomas Horlacher, Chloe Messdaghi
Length: 9 minutes
Released on: March 9th, 2020
Listen to the Audio
Enjoyed this podcast?
Share it with friends now!

Thomas Horlacher (Thor), the Head of Creative Services for Cybrary, is at the Point3's Women Unite Over CTF event during the RSA 2020 Conference along with Chloe Messdaghi, the VP of Strategy for Point3 security. Chloe shares her experience as a woman in InfoSec and how she came up with the idea of throwing out a more inclusive CTF event for women.

Chloe explains how the event was made possible and how it all got started. CTFs are pretty intimidating to first-timers irrespective of gender, and even Thomas agrees with it since it was his first time at the RSA conference. The participation of women in Conferences and CTFs was too low. That was the reason why Chloe wanted to get a CTF exclusively for women. She wanted to ensure that any women can participate regardless of their experience in CTFs. The great thing about the event was that people were also able to participate virtually. During the very first time when the event took place, over a thousand women registered.

Chloe looks back on her terrible experience in InfoSec. At the RSA 2018 conference, she was shocked to see that there were only two other women. She almost wanted to leave InfoSec after such an incident. Women are underrepresented in the Cybersecurity workforce. Women Organizations like WoSEC, WomenHackerz, WiCyS, Gatebreachers, Diana Initiative, Women's Society of Cyberjutsu are here to bridge the gap. The notable thing is that Chloe is the founder of WomenHackerz, and also the President and co-founder of WoSEC.

However, after attending the Day of Security conference in June 2018, Chloe was impressed by the numbers of women. She wanted to do something for the women community in InfoSec. The very next year, she created WomenHackerz (currently known as WeAreHackerz) to support and provide opportunities for non-binary and women hackers. Chloe encourages women to get into bug bounties.

Thomas wanted to know how anyone could reach out to these organizations. Chloe recommended visiting the organization's website or contacting through social media.

If you're a woman in cybersecurity or trying to get into it, Make sure to check out the websites of the organizations mentioned by Chloe. Reach out to Chloe on Twitter @ChloeMessdaghi


Thor: Invest in yourself today with our Insider Pro product, which gives you the career path to reach the next step in your cybersecurity journey. Join today on using the discount code podcast. In this episode of the Cybrary podcast, we sit down with Chloe, the VP of strategy for Point3 security at Point3's Women Unite Over CTF event at RSA 2020. Chloe explains how Point3 started the Women Unite Over CTF event as a way to be more inclusive within the cybersecurity community and how the skill levels of the event range from beginner to more advanced for more info on events like this. Make sure to check out the other organizations, Chloe mentions, including WoSEC, Gatebreachers, Women's Society of Cyberjutsu, WomenHackerz, and WiCyS. All right. So we are here at RSA 2020 at the Women Unite Over CTF by Point3. I am here with Chloe from the Point3 security team who's hosting the event. How are you doing today, Chloe?

Chloe: I'm doing perfectly fine. How about yourself?

Thor: I'm doing pretty good. It's my first RSA that we were just talking about. So a lot of new things and this is my first CTF event, so I'm kind of excited to kind of walk around and see exactly what's going on and what goes into the event. So yeah. Can you tell me a little bit about the event, how that started?

Chloe: Sure, so how it got started was at Black Hat of last year, basically Carrie, that was working at Point3, reached out to me. And I had, it was the only time that I had a two-hour break cause the entire week was like, booked, but I had this two-hour break and she messaged me like, Hey, I've been following you. And I would love to meet with you. And I was like, sure. So I went to go meet them. At the BlackHat event. And I sat down with Evan and he asked me, how can we help you out? Cause I'm one of the co-founders of WoSEC, but also I'm the founder of WomenHackerz.

Thor: Oh.

Chloe: And so I was like, well, I've been wanting to get a CTF for women. And the reason for that is because a lot of times when women go to conferences, there’s not a single woman doing a CTF. And if there are, there's maybe like one other person, and if it's their first time, it's already intimidating regardless of what your gender is.

Thor: Yeah

Chloe: So basically I worked with Point3 to try to create something where we would have something for all levels to participate. So we would have a beginner challenge, which would have a walkthrough.

Thor: OK

Chloe: But we also want to make sure that everyone can participate. So our first, only and ever CTF was last year towards the later end. And basically we had a thousand people registered

Thor: Oh, fantastic.

Chloe: And people from all over the world, like every single country, was pretty much represented. And a lot of ways, It was a great opportunity for these women because there's no one around them that works in their field and they themselves, they're a hacker, but they can't go public about it, or there's various different reasons. And so we try to find something more, we'd have something physical. For the people that want to host the event with us or they can just do it virtually from their home. And that's how it kind of grew. And so this is our second one, cause we wanted to do it at RSA too because we want to showcase that you need to include women and, don't just like talk the talk, actually do the walk too. And that's the thing is like, most of the time when you go to conferences, it's just, the CTFs are not that good in an environment for many folks when it's their first time. And also if gender plays a role with imposter syndrome.

Thor: Yeah. I mean, I can imagine. I mean, like I said, I mean, this is my first, you know, RSA and CTF event. Like, I mean, it is a bit intimidating.

Chloe: Yeah

Thor: I mean, especially if you are here alone, you know, you just want to, you just want to come to the event. I mean, you don't know anybody, you don't really know kind of maybe the rules or anything if you've never been to a CTF before. So yeah, it's nice to just have like a very open, inclusive environment where it's like, Hey, we have different skill levels. You know, we have, you know, beginners where we can walk you through. I mean, I'm only been here a little bit, but everybody's been super nice and friendly, which is always like a nice thing, you know, when you go to places like this, you're not overwhelmed by a bunch of craziness that usually conferences kind of entail.

Chloe: Well, the thing with RSA is that in 2018, I actually almost left InfoSec because I went to RSA. And when I was in this room were like 300 people. It was all men except for like two other women and they were assistants and I went to go use the restroom. I mean the male's restroom or cross had like this snake line. Out the door for women, I walk inside. Thinking maybe there's a line. There's no one in there. And I was like, why am I here? If women are not being taken seriously enough? And so I was actually about to leave InfoSec because of RSA, but I know there have been doing quite a bit of work, trying to fix that situation. So it never occurs again for any other woman. So that's why having at RSA is so and critically important because it’s time for men to recognize like, we deserve equal pay. We deserve having equal positions and whatnot. And the best way, how to do that is when you get a bunch of women organizations all in one place. So here we have Gatebreachers. We have Diana Initiative, WiCyS. We have Cyberjutsu. We have WoSEC, WomanHackerz, and I'm probably forgetting one other person, but I mean, we have a good bunch of different Orgs coming together to showcase that CTF shouldn't be something scary.

Thor: Yeah

Chloe: And here, since you're participating in this one that you'll participate when you go to a conference. And so we'll start seeing like a spike of women going and doing CTFs at conferences.

Thor: Yeah. And I mean, that's kind of a good thing. I mean, you just named a bunch of different organizations and you said yourself that you might have forgotten one, which is a fantastic thing. Like it's, it should be where you're like, there's too many. I can't name them all. I don't know them all. You know, you know, you want to meet more people and, you know, make it more inclusive and have it open to everyone.

Chloe: Right

Thor: So it's nice that it's starting to trend that way. And just maybe, Was that RSA last year that you were thinking? Is that these are 2018?

Chloe: So 2018 was when I left, almost left, actually like I, there was like a good four-month gap where I was just out of InfoSec. Like, I don't know if I want to be here anymore. Yeah.

Thor: And I mean, that's, I mean, I mean that, yeah, that, you know, your mindset going into that is probably, you know, you're pretty down in the dumps, like, oh, I don't know if this is for me. And then, you know, if we fast forward two years later, and now you're at an event, you know, specifically

Chloe: It was crazy because like, What happened was that in June 2018, I went to a conference called Day of Security and it was the first time ever I walked in a conference and there was like 200 women in there. And I got really impressed by it. And I was like, wait, there are women out here that are going through what I am like. They're feeling isolated. They're dealing with assaults, harassment, discrimination. Why aren't we fixing this yet? And so, after that conference, I couldn't sleep and I just started jotting down notes. So one of the things I want to create, CTF was one of them and then also partnering up with Tanya and Donna for WoSEC. And then I create WomenHackerz just last year and the end of May for all women hackers and non-binary folks to all come together and up their skills pretty much.

Thor: Yeah. How's that? I mean, what's that membership looking like? Is it just kind of like exploded pretty quickly? I'm guessing

Chloe: Weird, cause like, when I announced it, like, I think we got like 250 overnight and then yeah, we're almost in a thousand, we're getting there, but the thing is, it’s like, Who also been pushing for more women to enter into bug bounty because the chances of being in bug bounty is about less than 1%. And so it's really important to also partner with like HackerOne, Bugcrowd, and Synack to try to get more women in the field and not be intimidated or scared. And also it has, not just that, but it's like, where do you first start? So being able to locate the resources and know that there's other people that are starting and trying to learn from each other, I think that's really important.

Thor: Yeah. So, if anybody wants to get involved with any of those groups, I mean, what's the best way to reach out or find more information about it.

Chloe: Yeah. So if they're interested in like any of the organizations, just can like contact them.

Thor: OK

Chloe: They all have websites. WoSEC is the only one I know that doesn't have a website. So if you want to reach out to them, like DM them at WoSEC tweets to help them out. WoSEC, what they do is they have chapters all over the world basically for women to all meet at a physical location once a month. And this is every single type of title or certain like jobs in it. So that could be someone in sales, marketing. I could be someone who's technical, it's all that in one place. So if you are a woman in InfoSec or trying to get an InfoSec and you're not technical, or you are technical, WoSEC is there for you. WomenHackerz is for those that want to be technical or are technical already. And that's virtual. So anyone around the world can join.

Thor: Okay. And then, just kind of bring it back to this specific CTF event.

Chloe: Sure

Thor: I mean, how many people have registered, how many people are here, do you know about?

Chloe: I do not have the numbers on top of my head right now.

Thor: I mean, there's a bunch of people here that I can see.

Chloe: Majority of people are virtual right now. Most of our players are virtual.

Thor: Okay. Oh, well, great. Well thank you very much for taking the time

Chloe: Well, Thanks for hanging out.

Thor: Yeah, I'm excited to kind of walk around. I'm going to have a bunch of questions for you as we walk around.

Chloe: Cool

Thor: So thank you very much for giving me the time.

Chloe: Thanks. Thanks for coming by.

Thor: Hey, This is Thor. Thanks for listening to the Cybrary podcast and make sure to check back next Wednesday for our newest episode.