A published cybersecurity expert and a high-ranking security official at a popular information security conference are at odds over a Facebook group that has served as a platform for harassment and misogynistic comments toward women in the profession.
Last month, the founders of DerbyCon — an annual hacker conference held in Louisville, Kentucky — announced that 2019 would be the last year for the event. In a blog post announcing the cancellation, the conference’s founders didn’t point to a single incident that led them to their decision. However, one passage stirred up controversy: “There is a small, yet vocal group of people creating negativity, polarization, and disruption, with the primary intent of self-promotion to advance a career, for personal gain, or for more social media followers.”
The “negativity, polarization and disruption” heightened in the wake of the announcement, with members of a Facebook group known as “illmob” posting comments that the cancellation was due to a select group of people taking umbrage with the way things were run at prior DerbyCon events. Those comments were first reported on by Vice’s Motherboard.
One person, Georgia Weidman, was called out for a tweet in which she said speaking at DerbyCon in 2013 was more detrimental to her career than an incident at a conference in Germany where she fought off an attempted rapist.
#Derbycon in 2013 did more damage to my career and life than Confidence 2013 where I had to bash a guy in the face with a coffee cup to keep him from raping me.
— Georgia Weidman (@georgiaweidman) January 19, 2019
In the wake of the dispute, Weidman and Joshua Marpet, a security organizer at DerbyCon, have spoken with CyberScoop’s “Securiosity” podcast about the harassment that’s been unearthed in the aftermath.
You can listen below. The relevant passages begin at the 24-minute mark.
Weidman says that she has been labeled as a “train wreck” since speaking at DerbyCon, adding that she’s been labeled as unhirable and people have steered away from buying her book. The book, “Penetration Testing: A Hands-On Introduction to Hacking,” is well regarded among cybersecurity professionals.
In the Facebook group, a number of members used the “trainwreck” term about Weidman and made crass allegations about her behavior at other conferences.
“I was particularly surprised that there were a few people who I thought were my friends who were on [the Facebook] groups saying I was a train wreck,” she says.
Weidman says the “train wreck” characterization comes from a belief that she gave a 2013 conference talk while intoxicated.
“The [attendees] hand out drinks to speakers on stage or while you’re presenting,” Weidman said. “If a man gets drunk presenting, it’s epic. My getting tipsy demonstrates that I was unprofessional? People also want to point out I had spikes on my jacket, which is true, I did, but this is an event where people literally show up dressed as Stormtroopers. It’s such a double standard for women and minorities.”
According to Marpet, issues like this are a big reason why DerbyCon is shutting down. He says on “Securiosity” that the “drama” of years past has outweighed the “fun” for the founders of putting on a conference.
“We’ve had some drama happen. Let’s be blunt, it was drama,” Marpet said. “I’m not saying it was wrong, or right, or justified or not. I’m just saying it was. We had a couple of people get drunk at night and we had to work on them. We had somebody who got transported to the hospital, and it was a medical issue. Just getting briefed on that in the morning is terrifying. … I think that this DerbyCon got to the point where it wasn’t fun, and that’s why [conference founder] Dave [Kennedy] said ‘I’m done.'”
As to the harassment Weidman faced in the illmob Facebook group, Marpet said despite what was shown in the media, there have been times where misogynistic comments or harassment have been called out.
“I’m not going to say that I caught every bad discussion that was in there,” Marpet said. “I have other things that I do with my life than checking every Facebook group I’m in every day. I don’t know that I caught those particular discussions [about Georgia], but I know that there’s a lot of times that when I did catch something, I said, ‘Hey, stop.'”
Weidman said she wants to see more people be vocal about that type of behavior, including herself.
“I really wanted to stay on ‘the party line’ if you will, because I knew that ‘the men don’t want to hear about that’ is a general rule,” she said. “Over time, I guess, I’ve matured as a person. I guess I’ve realized that it’s more important than being in the cool crowd to try and fix these things for the women who come after me.”
Correction, 2/4/18: This story has been updated to reflect Joshua Marpet’s role in DerbyCon security.