W0m3nWh0HackM3lb0urn3: Monthly Ethical Hacking Sessions

W0m3nWh0HackM3lb0urn3: Monthly Ethical Hacking Sessions

W0m3nWh0HackM3lb0urn3 is a safe space for women who are keen to learn to ethically hack. We are a community of women identified hackers who support each other to increase our skills and hack all the (legal) things.

Why?

There’s a worldwide shortage of skilled cyber security professionals and there’s a massive lack of women in the industry too. Depending on the statistics you look to, both locally here in Australia and globally, women either represent 11%  of cyber security workers according to a University of New South Wales Study, or 20% to 25% according to Cybersecurity Ventures and McAfee respectively, if you count those who do what are considered cyber security tasks more broadly.

W0m3nWh0HackM3lb0urn3 wants to change this lack of representation and needs you to make it happen. Come and join us every 1st Thursday night of the month in Melbourne from 5:30pm – 9:00pm and you can learn to hack into machines legally and not end up on the 5pm news. Hacking is challenging, it’s a massive learning curve but it’s also super rewarding. You are quite literally learning how to get into systems and dump databases in order to one day teach businesses what to do to make their websites, applications and networks safer.

If you want to change the world, which for most of us encompasses the digital world, learning the skills to become a penetration tester, otherwise known as, an ethical hacker, is one real and concrete way to do it. I follow in the footsteps of brilliant women hackers who have opened doors for me to learn hacking, Esther Lim and Pamela O’Shea. Esther ran a hacking group to train women who wanted to compete in the university cyber security challenge (cySCA) which was my first real taste of hacking culture. Pam ran a web application penetration testing workshop I attended as part of the 0xCC training conference for women which is where the idea for W0m3nWh0HackM3lb0urn3 was born.

But also

I established W0m3nWh0HackM3lb0urn3 because I wanted a crew of hackers to hack with in real-life and not just over the internet. I wanted face-to-face connection and to learn quickly with people who could explain every step of why we’re running this command and using this program so I could understand deeply and that’s what W0m3nWh0HackM3lb0urn3 enables. I’ve got a history as a Social Anthropologist who loved teaching and what I learned from that experience is the best way to really comprehend something is to be able to explain it to someone else and we really encourage that way of learning in our sessions.

What do you do in your sessions?

We use a platform called Hack The Box which has lots of different vulnerable systems packaged up that we can choose in order to attack. We pick one each couple of months and go through a step by step process of learning how to hack into it, get into accounts that we shouldn’t have access to, accessing passwords we shouldn’t have knowledge of and finally taking full control of the system by getting what is called “root” or full privilege access.

How do I sign up?

Our next session is the first Thursday of the month from 5:30 – 9pm in Melbourne’s CBD. Get in touch with me, Brigitte Lewis on Twitter @briglewis for an invite to our Slack channel and the location. It doesn’t matter whether you’re a beginner or have been taking down boxes for years. W3 W@NT Y0U! LGBTI friends and allies very welcome. Please BYO Dinner, VirtualBox and Kali VM.

Want more data?

Women in Cyber Security Literature Review (2017)
https://www.pmc.gov.au/sites/default/files/publications/cyber-security-literature-review.pdf
Women Represent 20 Percent Of The Global Cybersecurity Workforce In 2019 (2019)
https://cybersecurityventures.com/women-in-cybersecurity/
Cybersecurity Talent Study (2018)
https://www.mcafee.com/enterprise/en-au/assets/reports/rp-cybersecurity-talent-study.pdf

Originally published by the Australian Women in Security Network (AWSN).

The era of Lesbian Bed Death is over, long live Lesbian Fuck Eye

Sex is an art. And one that lesbians in particular have apparently, according to myth, taken a few decades to get their heads and legs around. Let alone actually in their beds. Today however, lesbian women have more orgasms, better sex and sex that lasts longer than...

Mad, criminal or straight: Female desire in film and TV

  When it comes to representations of lesbians in film and television, sometimes they're there, mostly they’re not. And if they are, they're mostly confined to cells. The lesbian in popular culture is usually mad, criminal or she’s really, actually, heterosexual....

Penetrating Real-Time Threat Behaviour: Cyber Analytics and the Pen Tester

Penetrating Real-Time Threat Behaviour: Cyber Analytics and the Pen Tester

It’s the wild, wild, west out there in cyberspace, except the feral camels[1] that once roamed Texas are the hackers, and they’re roaming beyond borders and through firewalls on the daily.

At present, cyber threat intelligence gathering is a mish-mash of intrusion detection system logs, port scans, IP addresses, information sharing platforms, Twitter feeds and traditional write-ups. There is no one consistent language used across these platforms to refer to attacks, techniques or procedures and there’s no one single source of data. Much like post-truth America, you’ve got to look in all the right places to piece together the whole story and even then it’s hard to know if you’ve put the puzzle together the way it was intended. What this means is while there’s massive complexity when trying to understand the path an attacker has taken, it also means that there’s huge potential when it comes to leveraging the data or bits (pun intended) of evidence a hacker leaves behind.

Information Gathering and the Penetration Tester

Penetration testers, who are my focus here, do much of their work when it comes to figuring out attack paths and new ways to penetrate, based on historical data or tried and true ways to compromise a system or application. They might listen to a few podcasts, keep an eye on social media, follow a hacking news website and sign up to a mailing list, but all of this is hugely labour intensive and no one person has the hours in the day to keep on top of, let alone be well versed in, all the latest attacks. The dream, of course, is to have a program or Artificial Intelligence learn the tactics, techniques and procedures of hackers out in the wild, bring it all back into a nice table where all the data is the same data type, turn into a visualisation with a gorgeous dashboard and then teach the team new attacks on the fly as they happen in real-time. This, dream, as wondrous as it sounds, is hanging above the Magic Faraway Tree and yet to be written down and sold as a four set gold embossed collection. What we do have, and I’m focusing here on open source data and software, are many tools and data sets that can bring us just that little bit closer to a rousing monologue that could change the history of how we prevent cyber-attacks in the future.

Big Data Big Complexity

For data analysts, one of the problems with data on the internet is that it comes in many forms, with many definitions and no one universal dictionary to look-up in order to know for sure what a word or a phrase means. Structured Threat Information Expression[2] or STIX, which created by the United States Department of Homeland Security) and is used here in Australia by our own Cyber Security Centre, was created to address this issue. It’s useful in order to try and start standardising the way we talk about cyber threat intelligence so that we are all in fact, having the same conversation, in the same language. Some platforms, like MISP[3] which is a Malware Information Sharing Platform created by Christophe Vandeplas who was working for the Belgian Defence Department at the time, allows users to export the Indicators of Compromise (IOC) that they and others share on the platform in the STIX format. This actively aids the development of a threat intelligence language so that we may use it to talk back to one another and share with the various systems we all use. MISP itself is an interesting platform with the public instance of it boasting more than 1000 organisational users from the across the globe, including the big players like Google, Apple, and our own Federal Police. It’s great at gathering threat feeds that are readily usable for other machines to digest but like every feed I’ve found to date, it tells only one part of the story of an attack or attempted attack. To tell the whole story, human research, interpretation and reasoning is needed, along with further data and frameworks in order to be able to map or make sense, of what actually happened blow by blow. Therefore, mapping attacks is where MITRE’s ATT&CK Framework comes in. ATT&CK describes why an action was performed and the technique used to do it, which is often missing in publicly released reports or write-ups that gloss over the specifics of an attack. MITRE have even produced a STIX version of ATT&CK so you can output the data in a standardised format.

So Many Data Types So Little Time

Using a common language is not the only challenge when it comes to data mining threat intel because when you’re out in the wild looking for feeds that deliver indicators of compromise or information, not all data is created equal. You’ll find XML, JSON, JavaScript, images and if you’re lucky, APIs to query data in a more programmatic way. At this point you’ll need a good grasp of either Python or R to make HTTP requests to get the data like you would if you’re looking up a regular web address, and then you’ll sometimes find purpose built libraries which are often built in Python. So depending on your language preference, R for beauty and simplicity or Python for a more smash and grab approach, both are good to have in your tool belt. Once you’ve pulled the data from various feeds and platforms, you’ll then notice that you’ll have to transform it into something much easier to work with, than JSON key-value pairs which is where data frames come in. Each data set will have particular information that doesn’t always match information in other data sets so cleaning the data is a crucial activity too. After this, you’ll then need to push it to an unstructured database of your choice. Then and only then, can the magic happen. The magic being a genius, yet simple way to collate masses of data and turn it into easy to digest threat intel, served with a side of sweet visualisation and predictive analytics in the making.

The future of cyber analytics is now and I am excitedly working towards making the internet a more hospitable place. I would love to hear from you if you are too.

[1] https://www.history.com/news/10-things-you-didnt-know-about-the-old-west

[2] https://oasis-open.github.io/cti-documentation/

[3] https://www.misp-project.org/index.html

Originally published by the Australian Cyber Security Magazine.

Lesbian Desire Across The Ages: From Insane To Cult Hero

Cast your mind across everything you know about lesbians in history. In particular, Australian history. You might be able to name one or two lesbians, bisexuals or queer women from the 1900s, if you’re in the know. Otherwise, it’s a pretty bleak and sparse canvas,...

WTAF is IoT?

From space, to transport, to the design of cities, IoT is the latest acronym to sweep the cyber landscape. IoT is short for Internet of Things and was coined by Kevin Ashton in 1999.  IoT is any device, be it your phone, laptop or Raspberry Pi that is connected to the...

WTAF is IoT?

WTAF is IoT?

From space, to transport, to the design of cities, IoT is the latest acronym to sweep the cyber landscape.

IoT is short for Internet of Things and was coined by Kevin Ashton in 1999.  IoT is any device, be it your phone, laptop or Raspberry Pi that is connected to the internet. And so these devices come to be known as ‘things’, especially as more things like light globes, fridges, watches, TVs and vending machines are internet enabled. Depending on your position, this is either great for business or terrible for the human proclivity towards laziness because who wouldn’t want to turn their lights off from the comfort of bed right?

Business and government are particularly keen on the Internet of Things and what it can potentially do in terms of increased productivity, efficiency and citizen engagement. But the take home from many of the sessions at Melbourne’s recent IoT Festival was that many people have no idea what IoT is or how it can impact them in positive ways.

——

Traffic lights that are IoT enabled can send data back to traffic controllers (both real life and digital) who can then increase or decrease stopping signals depending on traffic flow and therefore make our roads less congested and more efficient. Goodbye bumper to bumper (I can dream).

A water company in South Korea was fitted out with IoT devices by local Mount Waverly team Freestyle Technology. What this meant from a social good perspective is that when their devices that were fitted to local houses detected zero water usage, a social worker was then called out to check whether the resident was in distress. This is in addition to the usual ways you could imagine IoT and smart water working. These range from detecting leaks with much greater speed, creating alerts if there are failures along the pipeline, tracking worker locations to minimising down time because the whole system is delivered in real-time and able to be visualised and understood remotely.

Japanese smoking rooms are also a great example of IoT enabled things. The devices in these rooms can detect how many people are in the room and increase or decrease the ventilation required which resulted in a 30% increase in energy savings for companies who use them.

Gelato companies have partnered with uber so their clients can literally track how far away their sugar hit is. Farmers have taken up the call with water monitors that are IoT enabled. These devices send farmers a message if their livestock’s water is low and save them from dehydration and potential loss of income from sick animals. Coca-cola envision a day in the not too distant future where drones drop off coke via your GPS location so you could be sipping coke while you wait for your pizza delivery in the park on a Sunday arvo, which is already has IoT written all over it.

In Queensland, the government developed an open data policy and provided an app called Breathe Easy which measures air pollution & water quality so residents can decide where they’d like to live based on environmental concerns.

The word on the street is that people are hungry for tech and IoT enabled devices are the latest way to get satiated. But with all the data being collected already and an estimated 75 billion devices predicted to be online by 2020, the kinds of data being collected is also crucial so we don’t end up with systems and languages and devices that don’t talk back to one another. Standardisation is key when thinking about where to from here as are guidelines around the security of IoT devices from the code used to create the interface to the person or people on the other end. Many of the security issues that we already face with devices such as our laptops and phones are exactly the same. From insecure code, users with insecure passwords and people all along the supply-chain without sufficient knowledge of what it is to be secure and what it all means on a day-to-day way when you engage in risky behaviour. The answer as always is education. Another key take home from the conference is the ability to tell stories about how and why these things are important to the people that use them. STEAM or Science, Technology, Engineering, Arts and Maths majors will come into their own in this space and are why there are ever louder calls for people with communications skills to enter the IT industry.

There are no current accepted standards when it comes to the IoT. What there is, however, are Australian guidelines which outline the importance of embedding security in IoT devices and therefore code from the ground up, rather than as an afterthought which is often the case. Data security is also crucial, especially with the recent global attacks and the proliferation of highly sensitive data connected to IoT devices like health records. Additionally, monitoring of devices is important to enable vulnerabilities are identified before they become a beacon for hackers and of course, ongoing compliance and risk assessment as landscapes, software, users and hacks change and evolve, often on a daily basis.

IoT is here and chances are, you’re already a node in the network.

Burp: A Quick Installation Guide

In order to execute a SQL injection, for example, we need to see what’s going on in the code behind the interface when we enter our username and password and send it over the internet or from the login page to the database.     To do that we need to use what’s called...

Searching Twitter Data with R and Grep

Learning how to use R Studio, R and then all the libraries and functions inside it can be hell(ish). But there's good little ways to search your Twitter data for whatever you're looking for, and give you some instant satisfaction in the process. Step 1 You will need...

Searching Twitter Data with R and Grep

Searching Twitter Data with R and Grep

Learning how to use R Studio, R and then all the libraries and functions inside it can be hell(ish). But there’s good little ways to search your Twitter data for whatever you’re looking for, and give you some instant satisfaction in the process.

Step 1

You will need to install the following packages and then load the libraries of:

twitteR
dplyr

Step 2

Assuming you’ve got your data pulled off twitter and saved into a data frame so you can access it and it’s in a structured format, you can then begin the search process by using the following code:

#find a word in a df of twitter data

abuse_tweets <- filter(tweets.df, grepl(“abuse”, text))
tally(abuse_tweets)

This code uses the function filter() and inside it the grepl function which then looks for whatever keyword you want inside the double citation marks ” ” and you want to be looking inside the text field so you use the term text. You can then call the tally function and pass the tweets you’ve just searched through into it and it will return the result.

My result looks like this:

 n
1 4

This says n is the number of tweets returned and that number is 4. The grepl function returns a true or false answer and so counts the number of true or false responses. The grep school of functions are known as pattern matching and replacement functions or instructions to search and/or replace text or data.

The documentation for each package you use is invaluable. In this case:

TwitteR
dplyr

Happy searching!

 

 

 

 

 

 

 

 

 

WTAF is IoT?

From space, to transport, to the design of cities, IoT is the latest acronym to sweep the cyber landscape. IoT is short for Internet of Things and was coined by Kevin Ashton in 1999.  IoT is any device, be it your phone, laptop or Raspberry Pi that is connected to the...

W0m3nWh0HackM3lb0urn3: Monthly Ethical Hacking Sessions

W0m3nWh0HackM3lb0urn3 is a safe space for women who are keen to learn to ethically hack. We are a community of women identified hackers who support each other to increase our skills and hack all the (legal) things. Why? There’s a worldwide shortage of skilled cyber...

Gender Inequality in the IT Sector and Why it’s Bad for Business and Society

Gender Inequality in the IT Sector and Why it’s Bad for Business and Society

This piece focuses on diversity from a gender perspective. It recognises that the term diversity encompasses many more social categories than gender, such as, race, nationality and sexuality. However, the piece limits its discussion to gender, and specifically, to women’s participation in the IT workplace. It explores the social and cultural history of women’s participation in the workforce, the current gender pay gap and how this influences women’s participation in the IT workplace in particular. Furthermore, it explores ways to increase diversity in the IT workplace and why this is important from not only a social equality perspective but financial and economic perspective.

As Sonja Bernhardt notes, women in technology have been present across history (Bernhardt 2014, p. 1). The first computer programmer, Ada Lovelace, was a woman, as was Grace Hopper, who created the first compiler in 1952 (Bernhardt 2014, p. 2). These names have become increasingly well known due to the push to recognise female erasure from history and write women back into the pages of history. Yet it is the pervasive “social and cultural contexts” (Bernhardt 2014, p. 1) that act as “barriers against” (Bernhardt 2014, p. 1) women which not only hinder but also suppress female involvement (Bernhardt 2014, p. 1). What Bernhardt is addressing, is at once, the historical oppression of women in regards to access to education and their concomitant exclusion from traditionally male dominated fields, in this case, anything considered technical.

In Australia, we currently have a gender pay gap, that is, the gap between what men and women are paid for doing the same job. PriceWaterHouseCoopers Annual Women in Work Index (2016), which combines key indicators of female economic empowerment into a single comparable index for 33 OECD countries, found that Australia has continued to fall in the rankings as other countries have improved, falling back to pre-2007 performance in 20th place. Women are paid $83 for every $100 her male counterpart earns on average across the OECD (PricewaterhouseCoopers 2016, p. 3). Women who report being underemployed and unable to find more hours is also a significant issue with more than half a million women, or nearly a quarter of all part-time workers (PricewaterhouseCoopers 2016, p. 3) falling into this category. As the Workplace for Gender Equality Agency in Australia state, “women represent one half of the global population—they deserve equal access to health, education, earning power and political representation” (2016, pp. 1-2). In an ideal world, diversity in the IT workplace would be representative of women holding one half of IT positions and being paid the same wage for the same job.

In Australian IT workplaces in 2011, only 25 per cent of employed Information technology qualified workforce aged 15 years and over were female (Professionals Australia 2015, p. 4). This lack of gender equity is also found at Universities where the “gender gap in computing is getting worse” in both the United States (Accenture Research & Girls Who Code 2016, p. 2) and Australia. In Australia, domestic female enrolments in computing have declined” (Vivian 2015). While, in the U.S., the gap is not just low, it is lower than female participation in computer science majors in the 1980s. Statistically, in 1984, 37% of computer science majors were women, today, only 18% are (Accenture Research & Girls Who Code 2016, p. 3).

The aforementioned 2016 report by Accenture and Girls Who Code, found that universal access to computer science risks re-enforcing the prevailing gender imbalance in IT, and that exposure alone is “insufficient to increase the proportion of girls pursuing computer science” (Accenture Research & Girls Who Code 2016, p. 3). What they are highlighting is that the gender stereotypes around what kind of people study and then pursue careers in IT are so powerful that new ways of representing what IT is and how it can appeal specifically to girls and women need to be constructed. They suggest that the key to improving women’s participation rates are a three-fold education program which focuses on, “sparking the interest of girls in junior high school, sustaining their commitment in high school where early gains are often lost, and inspiring college undergraduates by reframing computer curriculums” (Accenture Research & Girls Who Code 2016, p. 3). They give an example of reframing curriculum with the University of California Berkeley, who renamed their ‘Introduction to Symbolic Programming’ course to, ‘Beauty and the Joy of Computing.’ This change of name resulted in women outnumbering men among the course attendees for the first time in 20 years (Accenture Research & Girls Who Code 2016, p. 14).

Societal representations of who does IT are critical, especially in younger women because if women and all categories of people for that matter, cannot see representations of themselves on TV and in the media at large, how can they aspire to become what they do not see? For example, in 2015, only 17% of the top grossing films had a female lead (Geena Davis Institute on Gender in Media 2016). A further breakdown of this data to explore women’s representation in STEM fields, found between 2006 and 2011, women made up only 16.3% of characters in family films and 21.1% of characters in prime-time TV show’s (Smith et al. 2013) which is an improvement, and on par with women currently working in the sector.

Outside of the pursuit of equality being a reason to cultivate diversity in the IT workplace, there are also economic reasons to cultivate gender diversity. The 2016 Australian business case for gender equality report highlights that, workplace gender equality is associated with, improved national productivity and economic growth, increased organisational performance, enhanced ability of companies to attract talent and retain employees, and enhanced organisational reputation (Workplace Gender Equality Agency, p. 1). Goldman Sachs & JBWere calculated that the rise in female employment since 1974 has boosted Australian economic activity by 22% and that a 6% increase in the female participation rate would boost the level of GDP by 11% (Workplace Gender Equality Agency 2016, p. 2). In a similar vein, the Grattan Institute estimates that increased access to childcare and tax benefits would act as incentives for women to enter the workforce and increase the size of the economy by $25 billion annually (Workplace Gender Equality Agency 2016, p. 2). Thus, showcasing that there are also distinctively economic reasons for increasing workplace diversity.

Further to this, the business case for gender equality report found that, “more gender balanced teams are better in promoting an environment where innovation can flourish compared to teams of one particular gender” (Workplace Gender Equality Agency 2016, p. 3). In an increasingly global world, innovation is crucial to remaining competitive both locally and internationally. This recognition has prompted an effort to get more women on company boards both in Australia and globally. A report by MSCI found that, companies who had strong female leadership generated a return on equity of 10.1% per year versus 7.4% for those without (MSCI 2015, p. 4). Interestingly though, a 2014 global survey of 21,980 firms headquartered in 91 countries, found that the presence of female CEOs has no noticeable effect on firm performance (Noland, Moran & Kotschwar 2016, p. 3) unless there are women in positions of power throughout the organisation, and not just one lone woman at the top. This survey also found that a transition from no female leaders to 30 per cent representation is associated with a 15 per cent increase in the net revenue margin (Noland, Moran & Kotschwar 2016, p. 16). Thus, highlighting the importance of gender diverse workplaces when it comes to creating innovation and overall performance.

However, this research is critiqued by Sonja Bernhardt, who argues that theories about a leaky pipeline (Bernhardt 2014, p. 75), in other words, women not having access to positions of power across organisations, and the idea that once women reach a critical mass things will change, are outdated. Bernhardt, highlights that “if 30% is the critical mass figure for women in ICT professions, then it is close to being reached in user support and operation technician occupations, and there should be evidence of culture change in these occupations” (Bernhardt 2014, p. 75). This culture change, as I have discussed has not occurred. As a result, she argues that these theories “ought to be cast aside” (Bernhardt 2014, p. 85) and we should instead focus on what individuals want. Despite this assertion, and the merit of an individual approach, I suggest we cannot simply separate the individual from the larger cultural and social contexts that they exist within, especially when it comes to gender diversity and the context of an IT workplace.

Accenture’s Getting to Equal 2017 report reminds us that “that today’s female university students in developed markets could be the first generation in history to see the gender pay gap close in their professional lifetimes” (Accenture 2017, p. 2). To ensure this happens however, they must makes strategic choices and learn more digital skills (Accenture 2017, p. 2). In addition to this, businesses, governments and academia must also provide crucial support. The report identifies three powerful equalisers to closing the pay gap and the IT workplace is integral to addressing the issue. These are the cultivation of digital literacy, having a career strategy and having opportunities to be immersed in tech and therefore advance their careers as quickly as men (Accenture 2017, p. 3).

As this report has shown, gender diversity in the IT workplace is undoubtedly a current challenge facing IT professionals and the nation at large. However, multiple solutions and strategies to meet the challenge head on are at hand. These include, targeted curriculum, female role models, deconstructing gender stereotypes around men and women’s work and opportunities for women to become more digitally literate. After all, if IT workplaces are equally appealing to men and women, organisations have access to a larger pool of talent (Workplace Gender Equality Agency 2016) and the individual, organisation and economy all benefit.

Reference List

Accenture 2017, Getting to Equal 2017: Closing the Gender Pay Gap, Accenture, New York.

Accenture Research & Girls Who Code 2016, Cracking the Gender Code, Accenture, New York.

Bernhardt, S 2014, Women in IT in the New Social Era: A Critical Evidence-Based Review of Gender Inequality and the Potential for Change, Advances in human and social aspects of technology (AHSAT) book series, Hershey.

Geena Davis Institute on Gender in Media 2016, ‘The Reel Truth: Women Aren’t Seen or Heard’, viewed 24 March 2017, <https://seejane.org/research-informs-empowers/data/>.

MSCI 2015, Women on Boards, MSCI, New York.

Noland, M, Moran, T & Kotschwar, B 2016, Is Gender Diversity Profitable? Evidence from a Global Survey, Peterson Institute for International Economics, Washington.

PricewaterhouseCoopers 2016, International Women’s Day PwC’s Women in Work Index, PricewaterhouseCoopers, Sydney.

Professionals Australia 2015, Women in STEM position paper, Professionals Australia, Melbourne.

Smith, SL, Choueiti, M, Prescott, A & Pieper, K 2013, ‘Gender Roles & Occupations: A Look at Character Attributes and Job-Related  Aspirations in Film and Television’, viewed 25 March 2017, <https://seejane.org/wp-content/uploads/key-findings-gender-roles-2013.pdf>.

Vivian, R 2015, A Look at IT and Engineering Enrolments in Australia, The University of Adelaide, viewed 24 March 2017, <https://blogs.adelaide.edu.au/cser/2015/07/03/a-look-at-it-and-engineering-enrolments-in-australia/>.

Workplace Gender Equality Agency 2016, The business case for gender equality, Workplace Gender Equality Agency, Sydney.

Gender Inequality in the IT Sector and Why it’s Bad for Business and Society

This piece focuses on diversity from a gender perspective. It recognises that the term diversity encompasses many more social categories than gender, such as, race, nationality and sexuality. However, the piece limits its discussion to gender, and specifically, to...

W0m3nWh0HackM3lb0urn3: Monthly Ethical Hacking Sessions

W0m3nWh0HackM3lb0urn3 is a safe space for women who are keen to learn to ethically hack. We are a community of women identified hackers who support each other to increase our skills and hack all the (legal) things. Why? There’s a worldwide shortage of skilled cyber...

Inside Google South Korea as a Google Women Techmakers Scholar

Inside Google South Korea as a Google Women Techmakers Scholar

Utter the words, ‘I’m going to Google’ and a collective awe spreads across faces like seeing your favourite singer on stage for the very first time. Google has undoubtedly reached rock star status in the collective consciousness of almost anyone who has ever had the privilege of accessing the internet, and with good reason. Built in the dorm rooms of two uni kids with a dream and a motto of ‘don’t be evil’, they’ve created a powerhouse of a company with an ethos and culture to match. That’s what most of us thought until we read the now infamous Google anti-diversity memo. Three weeks after Gizmodo released it to the interwebz, I jetted off as an Asia Pacific Women Techmakers Scholar with stars in my eyes but also a bitter taste in my mouth with the echo of the old trope of women being biologically inferior to men, just as Australian Indigenous populations, Jewish people and African Americans have been thought to be at various times in our not too distant past.

The retreat which is held annually at different offices across the globe was held in South Korea for the 71 2017 Asia Pacific Scholars. It’s an all expenses paid celebration of the leadership of female students and researchers in tech, and aims to pave a way for us to become active leaders in the field of computer science.

During our stay, North Korea flew a missile over Japan, my mum texted in a panic but most of us were none the wiser. It was a jam packed 4 days that began at 8:40am for a group bus ride to the office and ended with a group dinner that stretched well into the evening. It was to my delight, a celebration of diversity, passion, intense drive and a real and evident social conscience to try and change the dismal numbers of women entering into and staying in tech. Every morning began with learning the dance steps to a Korean Pop song dance routine and each day ended with a group dinner. A culture of togetherness and allegiance to the bemouth that is Google seemed to be embodied in almost everyone I met. It was writ large in their love for the organisation, their Google branded clothes and the language they used to refer their identities.

The retreat presentations were opened by a self-professed ‘Gaygler,’ a gay Google employee which was a beautiful little affirmation for my flag waving self who knows LGBTI people in South Korea are marginalised and there are few openly LGBTI public figures. Despite this, the Gayglers and their ‘Googler’ (Google employees) allies, hit the streets in a celebration during Pride. That’s what I call walking your talk. The Gaygler went on to say, the face of power is not changing and the room let out a collective nod. That diversity is the new Darwinism because diverse teams outperform non-diverse teams and create more innovation and the importance of speaking up when you see behaviour that is not quite right. Her talk set the scene for the rest of the retreat which explored calling out unconscious bias, the future of search, using Google’s BigQuery for data analytics of massive data sets, becoming the change, dealing with being the minority in a room full of men, responding to misogyny, cracking the coding interview and a slew of lighting talks on projects currently happening at Google offices across the world.

If there’s one thing that bound each and every presenter, and we witnessed them all day long over the four days, it’s passion and depth of knowledge. But most striking was the ability of each person to deliver complex technical material in simple ways that even the most tech challenged among us could digest and engage with. It is this combination of passion, tech skill, communication ability and relatability that really makes Google shine, and I didn’t expect it. I stumbled around slack-jawed for days because they made work look inspired and they spoke with a collective humbleness of people who just wanted to share what they knew and make the world a better place.

They even made their notoriously difficult coding interviews seem do-able to career changers like me. It wasn’t about doing it all alone in front of a green screen at 3am on remote control in a hoodie, sinking red bull, and frantically bashing a keyboard in a trance like state.

It was about sharing how you think, being able to speak about a problem and what you might do to address it, asking for help, and showing that you could explain a problem, not just solve it.

Not long after my Google experience, I attended a cyber security conference in Melbourne, where I was told that sexism doesn’t exist, the gender pay gap is a myth and we live in a meritocracy. It was a reminder of the context in which the anti-diversity memo was written and how far we have to go to make tech a truly welcoming space for women. The Google Women Techmakers Scholars program is one step toward changing the landscape.

 

Get in touch if you want any advice on applying to become a Google Women Techmakers Scholars this year. It’s a trip you won’t soon forget!

Apply here to become a 2018 Google Asia Pacific Scholar. For tips, on 8th August Google is running a livestream here.

Inside Google South Korea as a Google Women Techmakers Scholar

Utter the words, ‘I’m going to Google’ and a collective awe spreads across faces like seeing your favourite singer on stage for the very first time. Google has undoubtedly reached rock star status in the collective consciousness of almost anyone who has ever had the...

Kneel

I’ve knelt down and opened my mouth to check the heart beat of many women it lives there louder than the organ that sustains us but only this time have I opened my heart wider than my legs and said   I love you for the way you make my eyes widen before our lips have a...