Lesley Carhart 
I had a mentoring session last night with a poc I’ve been working with who went to his first local cybersecurity con, recently. He had such a bad experience with people being cliquey there and ignoring him that he’s ready to stop trying to get into the industry. 😥😰 I knew there are some cultural issues at that con and area but had no idea they were so bad, and encouraged him to maybe look at other cities in the US and their cons. Pitch your city’s infosec community and scene and I’ll share with him?
Alan 
@hacks4pancakes Boston's security scene is pretty good, we've got Boston Security Meetup on the third Thursday of the month, Boston Hackers on the first Thursday of the month
Pete Wright@hacks4pancakes tbh - I’m like a stereotypical tech person (some random white guy) and I stopped going to tech and security cons because of how cliquish they are. I can’t imagine how bad it must be for POC and women.
It’s disappointing that we still feel like the best way to get forward and be accepted in tech is via conferences and who you know
It’s disappointing that we still feel like the best way to get forward and be accepted in tech is via conferences and who you know
@hacks4pancakes and not to be just a hater about this without providing an alternative, I’ve always felt the better way to get more diverse people into tech would be by funding and supporting guilds and proper mentoring programs for young people.
So much of Sysadmin/OPS work is learned via experience and tribal knowledge. If we can offer alternatives to conferences for sharing that knowledge while also helping people get money in their pocket it seems like that would be an improvement.
So much of Sysadmin/OPS work is learned via experience and tribal knowledge. If we can offer alternatives to conferences for sharing that knowledge while also helping people get money in their pocket it seems like that would be an improvement.
Binder🅅@hacks4pancakes
IMO: a very important part of being successful is to develope that "fk you, I'm gonna be successful in spite of you" attitude. That being said, support and a welcoming group can mean a lot.
I really liked the bsides pittsburgh group.
@binder as someone who absolutely had to deal with years of sexism and homophobia to get into infosec, I understand wanting to give up and it’s not on minorities to carry all of that weight in 2023, resilient or not
Pierre D🔤@hacks4pancakes @binder This, 100%. As Graeber would call it, these "lopsided structures of imaginative identification" (https://www.journals.uchicago.edu/doi/full/10.14318/hau2.2.007/) have to be recognized, and specifically targetted by Con organizers to create a truly diverse and welcoming event.
@hacks4pancakes @binder Recognizing my semi-cryptic message, what I mean is that Con organizers are in a position of power and thus have to deploy concerted efforts to take the systemic burden from the back of newcomers trying to enter the industry, and make it theirs.
t60n3@hacks4pancakes NYC hosts many cons, most offer opportunities to volunteer and go for free. It's relatively eclectic in terms of interests, background, and cultures. Your mentee def won't be the only poc in the room. Folx are quite welcoming if you introduce yourself as a newbie, and the t000l kids often show up.
g-clef@hacks4pancakes If he's still a student, perhaps look into something like the Shmooze-a-student program at Shmoocon? They have you meet up with your sponsors and other students beforehand.
In general, cons can be hard. I wouldn't recommend that people start there. I've been in the industry for > 20 years and I love the information I get at cons, but I've never managed to break into the "lobby-con" scene.
@hacks4pancakes I realize this is counter-intuitive, but the semi-corporate cons that provide lunch might also be a good way to meet new folks: you're sitting at a table with a bunch of strangers at the lunch anyway, so chatting to random people is expected and (a little) less awkward.
Turb0Yoda@hacks4pancakes we’ve got LayerOne and ShellCon(hopefully back soon) in LA. OWASP OC is inviting. IVU in orange country is great.
We’ve also got very good tacos. That sells me by itself :)
Taggart 
@hacks4pancakes We are not a city, but @thetaggartinstitute maintains inclusivity and welcoming of all learners as a core value. I'm sure they could find a welcoming space with opportunities with us, if they like. https://discord.gg/taggartinstitute
@mttaggart @thetaggartinstitute it’s more finding a job though in a specific city and moving there, though…
@hacks4pancakes @thetaggartinstitute Understood! Apologies if I misunderstood. Although, that exact scenario has occurred more than few times for us.
Lockpick Extreme@hacks4pancakes a good place to chill out and talk to new people at cons is usually the Lockpick Village. We run the LPVs for BSides-SF, BSides-Chicago and the Diana Initiative. Everyone is welcome.
IntelSoup 
@LockEx @hacks4pancakes 10/10 for Lockpick Extreme's LPV. They've always been super welcoming and relaxed. 
@IntelSoup @hacks4pancakes Thank you! It means a lot to us to hear that.
David GerhartIt's strange observing these kinds of barriers. Time was: We groomed anyone who would take an interest in tech. Ignorant bias held us back at every juncture.
A memorable struggle over clothing catalog imagery going online actually hinged on showing sponsors how porn was already big business online. 1992-ish. 2B+D ISDN raged!
The most recent barrier: Ageism. Turns out respect and inclusion are perishable attributes based on hair color.
@dumbo David, it took my 10 years to find a mentor in the 90s, and I got my ass slapped at a 2600 at the time…
phamtq@hacks4pancakes I'm attending my first Bsides locally and this is what I'm worried about too as a POC. I'm going to keep trying but this is really disheartening and taking out some of my motivation.
JJ@hacks4pancakes I think @1o57 said it best at Thotcon one year. During his keynote, he said something to the effect of, "If you're at a con, and one of your heroes won't give you the time of day, tell them to fuck off. We don't need people like that in this industry anymore."
@guitarfosec @hacks4pancakes @1o57 This is terrible advice. Even heros are people who can have bad days.
Dan Kaminsky blew me off when I asked him a question at Defcon once. I just walked away.
He may have been having a bad day, been overwhelmed with other people asking him for stuff, dunno. But I'm *sure* that coming after Dan Kaminsky for ignoring me would have been a terrible idea on my part.
@guitarfosec @gclef @1o57 I see both points. I have definitely been totally overwhelmed by people asking me for stuff at cons.
Kevin Karhan 
@hacks4pancakes consider checking out local #hackspace(s) and getting to know people by lending a hand at the next local #CryptoParty?
I mean that's how most of my contacts got into stuff...
Christie Dudley@hacks4pancakes I have experienced this cliquey behavior in a lot of unexpected places. I have looked at it as a kind of gatekeeping that insecure people do to try to improve their experience.
Probably the best thing is for someone in that situation to have prior arrangements to hang out with different people in advance. It’s a little contrived, but people who aren’t like what they expect are going to be more skeptical. As they make more connections, they will begin to get recognized.
@longobord this is really important. I too get busy and cannot necessarily talk to everyone, but gatekeeping is usually something people do due to a lack of personal self confidence in their skills, in combination with ego, racism, sexism, etc
@hacks4pancakes I like to take that step back from racism and sexism and say "not what they expect" in generic terms. People who do that kind of gatekeeping mostly do not consider themselves sexist or racist and are often very supportive, they just are using bad signifiers as to who it is meaningful to pay attention to.
@longobord that’s a legit point for sure, though many people who don’t think they are sexist or racist are…
@hacks4pancakes You won't win that battle though. It's not worth fighting if you can remove their foundation.
Chester Wisniewski 🇨🇦@longobord @hacks4pancakes If you can find a mentor to introduce you to people, especially one of the organizers who you reach out to ahead of time this can be a great way to break through. Lots of security nerds are bad at social situations. I was the president of our local group for a while and had many students reach out in this way and I would walk around and introduce them to everyone. I would try to spot people who weren't fitting in, but it helps to identify yourself as well.
robert_athe last 3 big companies I worked for regularly requested mentors for younger employees - perhaps these cons can set up an "I need a guide" "I'll be a guide" match up system.
Andrew 🌻 Brandt 🐇@hacks4pancakes #Boulder has a very welcoming and fun infosec meetup called @bouldersec where we gather at a local pub the first Thursday of every month. I've made a bunch of friends there. We always have new folks every month, and they are always welcome.
The Mastodon account announces the location on the day, and we know where to meet by looking for the sticker-covered Linksys router called Meepy.
Taylor Parizo@threatresearch @bouldersec you might have a new member next Thursday :)
RealGene ☣️
Tinker ☀️@hacks4pancakes - #FXBGHackers is in Fredericksburg, VA and meets each month. We make very intentional efforts to attract folks from all walks of life and demographics. We've got a lot to improve on, but its a topic the organizers are always discussing.
More info at fxbghackers.com and everyone is welcome to join the Discord channel (brings in folks from all around the world, not sure locally).
k3ym𖺀@hacks4pancakes the amount of "pull yourself up by your bootstraps" comments on this thread make make want to puke. That is not equitable - not everyone is starting from the same starting line as you, especially for people who identify as BIPOC or LGBTQIA+.
The onus is on us who are established in the career, especially those of us who are non-marginalized, to go out of our way to be intentionally inclusive and lend a hand up to those who need it. I'll go as far as to say that I believe that the security of the organizations we're defending rely on this.
We are stronger together when we have diversity of thought. Not fostering inclusivity is inherently accepting more risk.
@k3ym0 I had to step away, it's completely demoralizing. I feel like I have to work three times as hard.
@hacks4pancakes it's okay to step away. it's exhausting. you need to take care of yourself. this fight is not yours alone.
TheDude
Romain 
@k3ym0 @hacks4pancakes also neurodiverse folks with social phobias who already expense a ton of energy just to *be there*...
apgarcia@hacks4pancakes The most poc-friendly city I have worked in was Atlanta.
Dr. Russ 
@hacks4pancakes I started JawnCon.org for the explicit purpose for people to build relationships. Everything else about the con is a watering hole to get folks to scratch mental itches. This is our first year, and it's in Philly.
Malcolm Heath@hacks4pancakes Portland is a very welcoming and supportive scene. We have regular meetups, cons like @BSidesPDX (happening next Fri/Sat), and I've been told by a lot of folks coming into the field that they've been welcomed with open arms. There may of course be other opinions, but I'm proud of the scene we've been building here. A great mix of new folks and experienced, young folks and old, students and autodidacts, and heavy hitters in a variety of disciplines who are pretty much universally happy to share knowledge and encourage.
And we have a pretty dedicated and large core of community minded folks who are constantly working on making it better.
If your mentee is ever out this way, they're welcome to get in touch with me and I'll introduce them around.
And we have a pretty dedicated and large core of community minded folks who are constantly working on making it better.
If your mentee is ever out this way, they're welcome to get in touch with me and I'll introduce them around.
Thomas Reed@hacks4pancakes If you’re into security for Apple products, you can’t do better than Objective by the Sea. It’s an incredibly welcoming and informative conference. You could - and should - have a conversation with every person there.
Beyond that, I’ve had similar experiences at infosec conferences, and I’m a white male. It’s difficult for an introvert to know where to start getting to know people, and at infosec conferences large and small I’ve never had people approaching me unless they already knew me. (I had a better experience at my first and the last Derby Con, but that one’s done now.)
Honestly, I get into IT conferences a lot these days, and there’s a surprising amount of security awareness at those conferences. Of those, MacAdmins is my favorite (again, Apple specific).
Shecky - Third Wheel@hacks4pancakes Just so others can see, the Burbsec community in Chicago does a pretty good job of being welcoming.
That said, I have found a big difference between community and community meetups and cons, in attitude and cliquishness. I have found it to the point that I, a CIS White male tends to wallfolwer at some conferences, even when I know people, because I don't want to impose myself into dinners/situations and not do much contribution. I think some of that is due to the frequency of people seeing each other in person leads to them being a bit more unaware of what is going on around them.
Meetups though seem to be a lot more open overall, again due to the nature of it all.
That said, I have found a big difference between community and community meetups and cons, in attitude and cliquishness. I have found it to the point that I, a CIS White male tends to wallfolwer at some conferences, even when I know people, because I don't want to impose myself into dinners/situations and not do much contribution. I think some of that is due to the frequency of people seeing each other in person leads to them being a bit more unaware of what is going on around them.
Meetups though seem to be a lot more open overall, again due to the nature of it all.
AMS@hacks4pancakes Are cons supposed to be all pushy networking eventy outside of specific networking spaces? If I had a bunch of strangers coming up to me at a con I'd take a careful check of my bag and try to find a quick exit before texting the staff letting them know some scam is probably going down. Maybe that's just me though?
@AMS you could watch the talks or play the CTF online, as a counterpoint. They are in person for a reason.
Jima 
@hacks4pancakes I'm curious which metro's community Fucked It Up, for "do better" reasons. 🤔
Gomijacogeo@hacks4pancakes Random thoughts: Try not to send the newbies solo. Do some groundwork before the con, make plans to link up with other first-timers and be con-buddies, go to BoFs (if there isn't a newbie BoF/session, suggest they add one), volunteer, be active on lists/discords/etc in the weeks/months before and make a list of folks who've been friendly/supportive online and make deliberate plans to meet up at the con, announce your intention to attend and see who reaches out, etc.
(void*)huxley @hacks4pancakes This person may want consider @BSidesNYC which has inclusion as one of its expressed goals. At this year’s event the volunteers and volunteer leaders comprised of women, POCs, and gender-expansive individuals. The villages included DEI-focused organizations. We still have a lot more work to do in this area, but I would hope your mentee would feel very welcomed.
Dustin [BusySignal-KE2EFX]@huxley @hacks4pancakes @BSidesNYC
Yep - second the BSides NYC, would also recommend the Long ISland BSides if it ever comes back.
there is going to be a small-very small con in Philly called JawnCon - I plan on being there - oct 19th or something...
I am going to say - that - this is really tricky - a lot of first timers from the Larger Cons had issues with - getting into groups and meeting people... made me concerned for a new generation of gatherings and breaking into the places.
I am NO con expert - but its a lot like EVERYTHING ELSE - you might need network a little...
I wouldn't have known the people I connected with at BSides if I didnt participated in the slack.
I wouldn't know anyone at DEFCON if I hadnt found the WarDrive and WiFi people that go there...
I am NOT blaming them - I am just asking for more clarification and context and how can we build better communities.
BlueTeamSherpa @hacks4pancakes if he’s near DC I’ll meet him.
ShmooCon is good.
BSides DC and Deleware are having a picnic in Baltimore coming up soon.