Menu Icon
< back to main
 • 3 min read

OURSA, Their Presentations, and Your Follow-up

OURSA, Their Presentations, and Your Follow-up
Mike Shema
Mike Shema

Having studied at Penn State University, Mike leads security teams that protect products, users, and their data. With his cybersecurity expertise, he has a passion for all things security and a wealth of experience in the cybersecurity sector.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

OURSA

The RSA Conference descended on San Francisco again this year. It attracts hordes of infosec people who wander the jumbled grid of vendor expo halls and attend sessions. For several years it has been preceded by the BSides SF conference, which is far smaller and far more focused on technical and practictioner tracks.

For several years, and this year in particular, the RSA keynotes have skewed mostly-to-almost-entirely male. BSides also skews this way, as do many conferences. RSA’s response to this situation evoked the mundane refrain that not enough diverse speakers were proposed or submitted by the keynote sponsors.

This prompted several people to challenge the assumption that speakers from under-represented groups are hard to find. Roughly five days later that challenge was transformed from an idea into the announcement of the OURSA conference. It promptly sold out in 12 hours.

The speakers weren’t essentialized to their identity or set forth only for their personal experience. Their experience and identity informed the security and privacy work they’ve been doing on a daily basis. It was that work, that context, and that perspective that was set forth throughout every presentation.

The format of the sessions contributed to both a focused message and enabling a variety of voices. Sessions were broken into roughly 15 minute blocks followed by a moderated panel of the speakers. The moderators continued that focus on message and brought out discussions that helped tie the presentations together.

Check out the recorded stream. It’s a long day of sessions, but it’s one well spent.

It’s a reminder that these groups exist, that they’ve been participants in infosec since the beginning. There are professionals with a voice working on important problems.

It’s a reminder that diversity enriches knowledge and points of view. Appsec, threat models, and privacy are enduring conference topics. Hearing them presented from different perspectives highlights important aspects that the usual lists and recommendations miss.

It’s a reminder that inclusivity requires action to build programs and that representation matters. Speaking in support of an effort isn’t as strong as having members of an under-represented population speak for themselves. Urging people to “just submit” to a conference where they may be unsure they’re welcome isn’t as strong as inviting people who can set the standard for technical content and presentation skills.

It’s refreshing to see how well a conference can be run — on schedule, high-information content, engaging speakers. It’s especially refreshing to see one that demonstrates how many of the familiar mantras of threat modeling, privacy, and appsec have failed to account for the context of underserved and vulnerable populations. Appsec and privacy need to raise the bar in terms of how they protect users and their data. To do so will require revisiting our understanding of these issues and how apps are or are not helping. What OURSA proved is that there are already people who understand this. Even better, they’re already working on solutions.

In a way, the OURSA conference shouldn’t be necessary. The speakers and their work should be visible in other conferences, as should speakers like them. The presentations were far more interesting that yet another discussion of weaponizing XSS or shallow commentary on why users make security impossible. The type of work they’re doing, applying appsec to vulnerable populations and pushing for more privacy engineering, makes for engaging content. And it pushes for ways of making infosec pick up more of the burden for crafting effective solutions.

I’m looking forward to 2019.

Sectalks 2021: faster, smarter, stronger cybersecurity event

Cybersecurity Insights

Related Stories

How We Run Hackathons at Cobalt
How We Run Hackathons at Cobalt
Twice a year, Cobalt arranges a hackathon for all employees.
Read moreArrow Right
Why We Do Hackathons at Cobalt
Why We Do Hackathons at Cobalt
At Cobalt, we want to create a culture of innovation.
Read moreArrow Right
451 Research Takes a Close Look at Cobalt in Latest Report
451 Research Takes a Close Look at Cobalt in Latest Report
Recently, 451 did a deep dive on Cobalt — our business model, differentiators, and value prop — along with a SWOT analysis.
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens