DeepSec is the second hacker conference to adopt a public, enforceable anti-harassment policy in response to the Ada Initiative's article about pervasive harassment of women at several hacker conferences (which called out DeepSec's existing reputation as one of the most welcoming conferences for women).
We interviewed René Pfeiffer, one of the organizers of DeepSec about the conference, why they adopted a policy, and what they are looking forward to at future DeepSec conferences. It sounds like a great conference from all reports!
Tell us a little about DeepSec.
DeepSec's full name is "In-Depth Security Conference". The focus is on information security, and we like to present content which is not purely driven by marketing purposes. We are not a simple tradeshow with a "IT security" sticker slapped on the schedule. We try to be a platform where members of the academic community, governments, industry and (underground) hacking community meet in order to talk about security and exchange ideas. We believe in keeping an open mind and tearing down artificial barriers between groups that have a lot to talk about, but can't in their normal environment. Most security related problems get worse if communication breaks down, so talking to each other is an important aspect of dealing with security breaches. This is what CERTs are preaching and what DeepSec tries to implement on conference-level.
The advantage to meet in person and talk and discuss certain issues from each perspective will give everyone involved a brighter understanding about needs and topics in the vast field of IT security, combined by interesting talks and new business opportunities.
The DeepSec event itself consists of two days of trainings followed by a two-day conference. We organise a dinner for all speakers and staff, and we have a party at the Metalab, a local hacker space, after the conference.
How did DeepSec get started?
In 2007 Paul Böhm created the DeepSec conference from scratch because he felt that a security-related conference where everyone can attend and talk openly was missing. He selected Vienna, Austria, as location which has been traditionally a bridge between different regions. Paul put a lot of effort into the first DeepSec and did a terrific job to kick-start it into existence.
What made you decide to adopt an anti-harassment policy?
There were two motivations. The first one were the experiences from other events participants wrote about. While we don't feel that conferences and events turn into places of harassment in general, we like to do our part to work against this. It really doesn't matter if there was a case already or not. The second motivation stems from the place DeepSec wants to be. We have a very international audience with roots in four different continents. If we want to create an atmosphere where everyone feels relaxed and is treated with respect, then we have to actively maintain this environment. Trust, respect and safe places do not automatically exist, they have to be created; you need people who care and who make sure an event stays hospitable.
Fortunately our staff cares, so our anti-harassment policy is really a statement of what we have been doing and trying to create since the first conference anyway.
What would you like to see at the next DeepSec?
We would like to see more people holding presentations and workshops who are not sure if their skills are "in-depth" enough, or who are not sure if they can handle speaking on stage. We actively support students with bright ideas with our under 21 category, and we will maintain a mixture of seasoned security experts and those who like a chance to become one. Everyone needs a start. Fresh perspectives never hurt, and we will actively support you if you let us know about the work you have done or are doing.
And for all the companies that are listening, please do not always think in leads when dealing with IT security. Be part of the community instead and show this proudly. Companies can have open minds, too.
Anything else you'd like to say?
We are well aware that small conferences have a lot of advantages compared to big events when it comes to publishing and enforcing an anti-harassment policy or protecting all attendees. If you are part of a team organising one of these big events, please consider to signal everyone thinking about attending that you want everyone to enjoy the talks, to have fun and not to be harassed for any reason. While you cannot control every single situation and second of your event, you can clearly state what you expect from everyone being there, and you can instruct your staff to do the same. It's a simple step. Conferences are not intended to create bad memories, only good ones.
The DeepSec and BruCON anti-harassment policies would not exist without the Ada Initiative's work. We are a non-profit funded primarily by donations from people like you. If you believe more women should attend hacker conferences, please become a supporting donor today.