Last week, what I saw in Las Vegas made me sick. And I blame RSA for that.
I’m not a prude and there is a time and place for everything under the sun, so let’s establish context for this. Our expectations for, say, cocktail waitresses in a Las Vegas nightclub, will differ materially from marketing staff and engineers in a daytime business function. I enjoyed my time at the RSA party Wednesday night, because the nature of the setting matters. I’m grateful to the company and its employees for inviting me in. That said. in 2012 at a professional conference such as Black Hat, we must not accept blatant sexism on the conference floor on the part of an official sponsor. What I saw this year disgusted me as a professional, and everyone at RSA involved with Black Hat should be ashamed of themselves for letting this happen.
Of course, part of human nature includes the idea that some people will always attract attention because of their good looks and charisma. (I’m idealistic but not naive.) As adults and not adolescents, however, we all can distinguish between a woman’s physical attractiveness and her professional value, not to mention as a human being in general.
Yes, I said “women” in particular. In IT and information security, the inappropriate sexism nearly always occurs against women. We should not pretend that turnabout is fair play, of course: male strippers on the conference floor would also draw our ire, as it should. But our society has held women to a different standard for a very long time. Pretending otherwise would be disingenuous.
So while we can have a separate debate about charisma and professionalism, including for marketing and sales professionals, what happened last week offended on a lower threshold: women dressed in a sexually provocative manner for the sole purpose of attracting the classic “male gaze” and drawing in visitors not based on anything remotely related to the company’s offerings.
RSA should think about the message they send when they do this. Maybe they have so little confidence in their public image that they believe they need to drop down to this level just to stay relevant somehow. Maybe they still haven’t figured out a good PR response after they so badly botched the handling of last year’s compromise. Or maybe they just feel like this is still okay because, after all, security nerds are a bunch of nerdy boys just happy to be able to see girls anytime our bosses let us out of the data centers and cube farms. I can only imagine what the highly qualified women at the conference felt when they saw a major security company essentially affirming that this industry is a boys’ club where the only exception to the “NO GIRLS ALLOWED” sign is a stack of their dads’ Playboy magazines in the corner.
Others noticed, of course:
RSA wasn’t the only offender here. Foreground Security and SecureNinja also provided booths with women in scant attire just to draw in visitors. But RSA went over the top here as a major sponsor of the conference, not to mention as a subsidiary of a large publicly held company and the organizer of a similarly sized large security conference every year.
I have no doubts that many people at RSA did not feel good about what their organization did last week. In fact, RSA certainly has policies about hostile work environments and sexual harassment that set a different tone from their public behavior. Thus I hope that they’ll have a vigorous and honest exchange of views internally and then join the rest of us in the 21st century the next time they sponsor a conference. An apology would be even better, but despite the “corporations are people too” meme, that’s not true. Corporations are made up of people, and the people who let this happen are unlikely to take public responsibility for their inappropriate decisions – but they could give us all a pleasant surprise by standing up and showing integrity. Apologize and show us what you’ve learned from this. Set an example.
Shame on the people who did this, and shame on RSA. You can do better, and next time I hope you do.