2019年7月20日 星期六

【活動紀錄】Women in Security: Building a Female InfoSec Community in Korea, Japan, and Taiwan&DarkReading 採訪


今年的 Black Hat USA ,韓國、日本和台灣的女性資安社群將有一場聯合演講「Women in Security: Building a Female InfoSec Community in Korea, Japan, and Taiwan」

Japan: CTF for GIRLS / Asuka Nakajima
Korea: Power of XX / Suhee Kang
Taiwan: HITCON GIRLS / Hazel Yen

https://www.blackhat.com/us-19/briefings/schedule/#women-in-security-building-a-female-infosec-community-in-korea-japan-and-taiwan-16476




感謝 DarkReading 針對本次議程「Building Infosec Communities for Women」的採訪!

Thanks the interview from DarkReading!

以下為採訪內文中文翻譯

「嘿!請告訴我們一些關於你自己的事。」

Suhee Kang:我在韓國的POC Security擔任研究員。我也是 POC、Zer0Con 和 MOSEC 國際駭客會議的組織者。此外,我還創建了一個名為Power of XX CTF的黑客大賽來培養女性黑客。所有這些都是從POC和我大學的網絡安全俱樂部SISS (Sookmyung Information Security Study) 開始的。

Asuka Nakajima:我是 CTF for GIRLS 的創始人和領導者,GIRLS是日本第一個女性資安社群。目前,我作為安全研究員在 NTT Secure Platform Laboratories 工作。我的研究興趣包括逆向工程,漏洞發現和物聯網安全。我也是Black Hat Asia 的審稿委員。

Hazel Yen: 我是台灣第一個女性社群 HITCON GIRLS 的共同創辦人和總召,在這段時間內我也是惡意程式分析組讀書會的組長,現在在 DEVCORE 工作專注在 WEB 應用安全,去年我也是 Hack in Taiwan Conference (HITCON CMT 2018) 的總召

「今年你們會在 Black Hat 講些什麼?」

我們會分享下面這三項:關於三個女性社群(Power of XX, CTF for GIRLS, and HITCON GIRLS,)的近況、活動跟歷史,以及我們怎麼建立、維持社群營運以及如何應對各種挑戰

我們將會透過比較三個女性社群,揭露開始和維持社群的關鍵,其中一個例子即是每一個社群都是起源於一些精通技術的女性創立,並獲得既有社群的支持

韓國 Power of XX 將提到團體的開端、如何培育韓國的女駭客、發生過什麼困難以及如何克服這些困難。

日本的 CTF for GIRLS 將解釋團體如何運作,如何可視化以及建立 CT for GIRLS 社群,以及如何持續營運。

最後我們將討論關於 HITCON GIRLS 的宗旨、起源和近況,HITCON GIRLS 相信不論是男生或女生都有能力加入資安領域,我們將展示曾經辦過什麼活動、計畫和技術來實現這個可能性


「為什麼現在這個議題如此重要?」

由於讓更多女性加入資安領域的重要性正在增加,過去幾年來女性社群(e.g., WiCyS, Black Hoodies, etc.)的數量正在逐漸增加,我們認為現在正是適合的時間點公開地來討論這個議題。

自從 2011 年來,一些女性社群開始活躍,在這八年來,我們在營運社群面臨到許多障礙和挑戰,此外對照三個社群將會揭示一些營運女性社群的關鍵因素(必要),我們相信這次的議程可以幫助到一些女性社群成立,以及鼓勵已經存在的女性社群

Power of XX (韓國)、 CTF for GIRLS (日本)和 HITCON GIRLS(台灣)都是亞洲地區知名的社群。然而由於亞洲跟西方國家有巨大的語言障礙,這個資訊在西方社群仍然不普及,因此我們相信這次的議程將有助於了解到亞洲女性社群的歷史與現況。

Suhee: 在這個演講中,我們希望讓會眾從上到下了解我們社區的真實本質,也希望他們能夠理解我們的力量不是微不足道的,“資安女性”的規模越來越大。除此之外,還有一些我們想要支持的部分,我們希望(創造)與西方國家的女性信息安全社區合作的機會,以便我們可以增加社會的規模,我們相信這將是亞洲和西方社區的一個良好開端。

Hazel: 對我自己而言,我希望我們的演講可以幫助更多的女性相互聯繫。並傳播宣傳:女性在資安領域或許是少數,但不是弱勢。


「你從哪裡看到這些社群最需要的是什麼?以及為何?」


Suhee: 六年前,當我在大學資安社團 SISS 時,很少有女性學習如何當駭客,當時由於幾個原因(人很少、缺乏社群、學習很困難等),女性很難在其中生存,所以很多女學生不是放棄學位就是中途改變了課程。

這就是為什麼我們要建立自己的社群:培養女性研究人員跟駭客


Asuka: 根據我的個人經驗和女性朋友的意見,當有興趣的女生常常會有這些感受「我很難融入 workshop、社群,因為大部分都是男性⋯⋯」

「大多數的資安工程師都是男生,或許女生並不適合⋯⋯」

「我真的很想開始學習資安,但我不知道從哪裡開始,也沒有朋友可以一起討論⋯⋯」
因此,我認為打破這個障礙的第一步就是建立女性社群以及營運專屬給女性的 workshops 


Hazel: 當談到社群最需要什麼的時候,我認為初期需要告訴女性「我們在這裡」,根據我們的經驗,我們知道資安領域的女性並不多,根據這個理由,如果有一個女性社群可以讓他們加入,我們相信這是可以改變的,因為這些對資安有興趣的女生不會再感到孤單。

當我們開始建立社群,我經常告訴成員不會比其他資安領域的人落後,每個人都有自己擅長的東西,我認為最需要記住的是「自信是成功的最大秘訣」



以下為採訪原文


Three security experts offer a sneak peek into their upcoming Black Hat USA talk on organizing female infosec communities in Korea, Japan and Taiwan.

We recently spoke (via email) with Asuka Nakajima, Suhee Kang, and Hazel Yen who will be sharing their success stories about building a thriving network of cybersecurity communities for women during to Black Hat USA in Las Vegas this August.

Hey there! Please tell us a bit about yourselves.

Suhee Kang: I work at POC Security in South Korea as a researcher. I am also the organizer of POC, Zer0Con and MOSEC international hacking conferences. In addition, I founded a hacking contest called Power of XX CTF to cultivate female hackers. All these things start from POC and my university's cybersecurity club, SISS (Sookmyung Information Security Study).

Asuka Nakajima: I am a founder and leader of CTF for GIRLS, which is the first female infosec community for women in Japan. Currently, I work for NTT Secure Platform Laboratories as a security researcher. My research interests include reverse engineering, vulnerability discovery, and IoT security. I also serve as a Regional Review Board member of Black Hat Asia.

Hazel Yen: I am a co-founder and coordinator of HITCON GIRLS which is the first security GIRLS. During this time, I used to be the leader of the malware analysis group. Now I work for DEVCORE, focusing on web application security. Last year, I was the coordinator of the Hack in Taiwan Conference (HITCON CMT 2018).

What are you going to be speaking about at Black Hat?

We will share three things as follows: The history and current status/activities of three representative Asian female communities, Power of XX, CTF for GIRLS, and HITCON GIRLS, which are established in Korea, Japan, and Taiwan (respectively). Also, how we build and maintain our communities and how we tackle the various challenges, such as having a sustainable community.

We revealed the crucial factors in starting and continuing a female community by contrasting the three communities. One of the examples is that every community had been started by a few tech-savvy women with the support of an existing local community.

For Power of XX, we'll talk about the beginnings of the group, what we do to cultivate female hackers in Korea, what difficulties occur, and our efforts to overcome those difficulties.

For CTF for GIRLS, we'll explain how the group works, how we visualized and established the CT for GIRLS community, and what we do to build it in a sustainable way.

Finally, we'll discuss the purpose, origins, and current status of HITCON GIRLS. We believe the field of cybersecurity should be as accessible to girls as it is to boys, and we will show you what events, programs, and techniques we use to make that possible.

Why is this important right now?

Since the importance of getting more women into the infosec field is increasing, and the number of female communities has gradually increased these past few years (e.g., WiCyS, Black Hoodies, etc.), we think that this is the right time to discuss this topic publicly.

Some of our communities have been active since 2011. Over these eight years, we have faced and solved many challenges and obstacles to building the community. Moreover, a comparison of these three communities reveals some of the crucial factors (necessary) to start and continue a female community. We believe that this talk could help start a new female community and encourages other existing female communities.

Power of XX (Korea), CTF for GIRLS (Japan), and HITCON GIRLS (Taiwan) are all well-known communities in the Asian region. However, since there is a huge language barrier between Asian and Western countries, the information is still not widespread to the Western communities. Thus, we believe that this talk could help to understand the history and current status of the Asian female communities

Suhee: Throughout the talk, we hope attendees understand the true nature of our communities from the top to bottom. Also hope they can understand that our power is not trivial and the scale of 'women in security' is getting vast. Besides that, there are parts (where)  we want to support. We want to (create) an opportunity to cooperate with Western countries' women InfoSec community so that we can increase the size of the society. We believe this will be a great start for both Asian & Western communities.

Hazel: For myself, I wish our speech can help more women have a connection with each other. And spread propaganda: we may be a minority in InfoSec field, but not weak.

Where do you see the most need for such communities, and why?

Suhee: When I was in university infosec club SISS six years ago, it was a total disaster and few women were learning to hack. At the time, it was really hard for women to survive for several reasons (a small number of people, lack of community, difficulty in learning, etc) so a lot of female students either giving up on their degree or changed courses in the middle.

That's why we made our community: to cultivate women researchers and hackers.

Asuka; Based on my personal experience and the opinions of my female friends, women who are interested in infosec field sometimes feel as following:
"To me, it is difficult to fit into a workshop (community) because most of the participants are men..."

"Because most of the security engineers are men, maybe infosec is not for women.."

"I really want to start learning infosec but I don't know where to start, and I don't have friends to ask about that kind of thing..."

Thus I thought, the first step to break the barriers is to make a female community and hold workshops for women.

Hazel: When it comes to talk about the most need for communities, my opinion is that we need to be telling girls that we are here at the early stage. According to our experience, we know there aren't many women in the infosec field. For the above reasons, if there is a female community they can join, we believe that might change, because women with these interests would not feel left out anymore.

Whenever I start a community, I always tell my members that we are not behind the rest of the infosec field; everyone is good at something. I think what we need to remember most is, "self-trust is the first secret of success".

For more information about their Briefing and many more check out the Black Hat USA Briefings page, which is regularly updated with new content as we get closer to the event!

Black Hat USA returns to the Mandalay Bay in Las Vegas August 3-8, 2019. For more information on what's happening at the event and how to register, check out the Black Hat website.

沒有留言:

張貼留言