But privacy and information-security experts, both women and men, also responded with wide condemnation, first pointing out that it was an inappropriate comment to make. Second, that the woman involved has a clearly demonstrated history of expertise in the field. And third, that the use of the word "lady" aimed to be diminishing.
One user tweeted back, "The best time to delete this tweet was before sending it. Second best time is now." Many called for an apology. Many called for the responder to read her bio before accusing her of being professionally inept.
The hostility exemplified wasn't even near the most egregious incidents I see on Twitter or Facebook every single day. I'm sure you've seen the vitriolic responses to women wearing a hijab in their profile pictures or who identify as queer or gay in their bios.
It's long been known that infosec lacks diversity both in gender and race. More than that, many report the infosec community is hostile to women, and that's the reason we don't see higher numbers in the field. In fairness, there has been a push by advocates and some companies to remedy that gap, though many would argue it hasn't been a hard enough push.
I think this is worth talking about. We know even from stories about online bullying among kids how harmful it can be. And while adolescents are arguably more fragile at that stage in development, we're all susceptible to feeling embarrassed and small when someone publicly insinuates (or outright says) that you're an imposter.
If, as modern-day professionals, we need to connect online constantly, how can we operate in a space that doesn't adversely impact our mental health? What strategies can we ourselves — and as each others' keepers — employ to keep debates issue-focused and avoid or neutralize personal attacks?
We're going to talk about this and more on our next Twitter Spaces chat. It's important to me that you know that this is not a session for venting frustration or sharing examples of when it happened and to whom. We know this happens every day. Instead, this is about the way forward, and it's an open invitation for women, men and non-binary professionals. If you belong to an underrepresented group, whether based on your sexuality, identity or race, I especially hope you'll join and help me steer the conversation to a solution-focused dialogue that includes everyone. It's essential that those disproportionately impacted by unfair accusations have agency. And, as with any societal shift, it requires allies, too.
Join us Thursday, July 29, at 1 p.m. Pacific, 4 p.m. Eastern. Important: You must join from your phone using the Twitter app (desktop doesn't work properly). But you can join as a listener or a speaker, whatever you prefer. I’d love to hear your thoughts.
Enjoy reading, and I'll see you next week!
CCPA enforcement isn't just about breaches; it's cookies, too
Digiday reports on the California Attorney General's recent stream of enforcement letters to advertisers, social media sites and data brokers. "It is clear that California Consumer Privacy Act enforcement is not just about data breaches," the report states. "It's about cookies and tracking technologies — including analytics trackers. And the penalties for violations could be steep."
Venmo makes privacy changes, but do they go far enough?
Popular mobile payment company Venmo has designed its app, Ars Technica reports, but the "announcement is worth a closer look." Owned by PayPal, the platform has shut down its public-by-default global social feed, where it published user transactions from all over the world. "It's an important step forward resolving one of the most prominent privacy issues in the world of apps, but the work isn't finished yet," the report states.
The ultimate guide to data discovery (take two)
Data mapping, or "data discovery," can feel like a daunting task. When you imagine the trails of data stretching for proverbial miles even at small companies, trying to figure out where it all leads can feel like an arduous task. In this "Ultimate guide to data discovery," learn where to start. It'll be the essential groundwork for when there's, inevitably, a data breach and regulators come calling or when a customer makes a data-subject access request (DSAR). Last week, I gave you a bad link to this story, apologies. Access it here instead, for real this time.
Engineer's corner: How Osano adopted a blockchain database to solve our scalability problem
This blog aims to illustrate pain points we've run into at various stages of development. We hope to help engineers and product folks overcome similar obstacles by explaining how we overcome our own. In this first installment, Osano's head of IT discusses a common problem at any company, whether an early-stage company or a more mature stage: scalability.
What is HIPAA, anyway?
As the Los Angeles Times reports, the HIPAA (the Health Insurance Portability and Accountability Act of 1996) has been in the headlines lately. U.S. Rep Marjorie Taylor Greene, R-Georgia, recently told a reporter asking if she was vaccinated against COVID that the question was a violation of her HIPAA rights. It wasn't. This primer explains what HIPAA is and what it is not.