Supporting Women Hackers, Closing the Gender Gap in Cybersecurity

In early November, Point3 joined WoSEC, Women’s Cyberjutsu, WomenHackerz, and Gatebreachers in hosting the first Women Unite Over CTF, a women-only capture the flag competition both in-person and online with participants from all over the globe. A majority of participants were beginners, who valued the sense of community and camaraderie that an all-female CTF provided.

“I felt very nurtured and supported in an all-women environment,” wrote one competitor in an anonymous post-event survey. “I find most male engineers off-putting, distant, and non-relational, overly competitive, often hostile and intimidating.”

Often, would-be infosec practitioners find the very idea of capture the flag competitions intimidating. Walking into a room of hyper-focused people who look like they know what they’re doing - even if, in reality, they’re engaging in the same kind of experiential, trial-and-error learning as a brand new participant - can scare a lot of people off from taking part in their first CTF.

In fact, one important feature of the Women Unite was that people could participate both in the presence of others or from the comfort of their own homes, schools, or offices. But that doesn’t mean they were on their own: there was an active Slack channel with lots of chatting, learning, and collaborating throughout the event. A vast majority of participants self-identified as beginners; having a safe space to ask questions without fear of being judged was part of what made the event such a positive-- and powerful-- event/experience.

But it wasn’t just the “who” and “how” that made the Women Unite Over CTF a valuable experience for participants. The “what,” too, made this CTF different from others. “A lot of the problems that I worked on were defensive security focused, and I really liked that,” said a cyber security incident responder in an interview after the event. The incident responder participated in numerous CTFs as a member of a competitive team in college. “A lot of other CTFs are really offensive focused - hacking and breaking things - and I liked that this one had a defensive focus, too. For me as a security defender, it was really good for me to do network analysis, malware analysis, reverse engineering…”

When asked if she found CTFs to be good learning tools, the incident responder replied with an enthusiastic “Absolutely.”

“CTFs in general are good learning mechanisms because they provide challenges you wouldn’t necessarily get to see in your own work environment,” she continued. “A lot of it is about getting out of your comfort zone in a safe environment” where, if you make mistakes, nothing terrible is going to happen. “And, if it’s [a CTF] where you can collaborate, you can learn with the community that you’re in in that moment.”

“Ordinarily you don’t have a lot of talking or group cooperation,” the incident responder said, “but [at Women Unite], there was a lot of communication over slack channels. I really liked the camaraderie.”