When the RSA Conference released a preliminary list of keynote speakers for its 2018 cybersecurity event in San Francisco, there was only one female in the lineup. You can probably guess what happened next.
Even though it was only a partial list, the upshot was decidedly negative. “It provoked a lot of criticism for our perceived lack of diversity,” said Linda Gray Martin, director and chief of operations for RSA Conferences globally. “In the cybersecurity industry, only 11 percent of roles are filled by women. We ended up actually having 25 percent female keynote speakers in 2018, but that number is low, and it should be much higher.”
The criticism prompted Gray Martin and her team to act. “It galvanized us to proactively put together a very robust D&I strategy—to help move our event forward but also to help move the industry forward.” For the 2019 event, which drew over 42,000 to the Moscone Center, the strategy included six elements—some new, some pre-existing—which she shared with attendees at the Exhibition and Convention Executives Forum in Washington, D.C., in May.
1. Diverse content. The conference went from 25 percent female keynote speakers in 2018 to 46 percent in 2019. “We did do a lot of research and listening, and I think that’s really important,” says Gray Martin, noting that the efforts went beyond improving gender diversity to bring in a broader range of perspectives overall, including different ethnicities and backgrounds and tenure in the industry. “We talked to our community and to the committee of industry experts who work to pull the content together,” she said.
At the breakout-session level, RSAC changed the speaker submission form to focus on obtaining more diverse perspectives, and also worked with affiliate groups, including Women in Cybersecurity, The Diana Initiative, Girl Scouts, The Executive Women’s Forum, Women in Security and Privacy, and others. “It’s about working with them to spread the word and let them know what we’re doing and have them encourage their communities to come forward and participate,” Gray Martin says. “There are fantastic people throughout the cybersecurity industry, and it’s all about the objective of trying to have more diverse voices running through our content.” Since 2018, the show has barred all-male panels.
2. Code of conduct. The show’s code of conduct was developed a few years ago to communicate that the show supports an inclusive, respectful environment. RSAC promoted it on its website and social channels, on signage in the venue registration area, and, new in 2018, in a video before the keynote program. “It is important to us that our code of conduct is front and center, so people realize we are supportive of our entire community regardless of who you are, where you come from, how old you are, what your sexual orientation is, and what your gender is,” Gray Martin says.
3. A “no booth babe” policy. This policy, which got a round of applause from the audience at ECEF, is aimed at creating a “professional, respectful, comfortable environment,” Gray Martin says, noting that it’s been in place for several years and prohibits clothing such as tube tops, mini skirts, and objectional costumes, for men or women.
4. Safe Walk Program. As part of the goal to create a comfortable, safe, and respectful environment, the Safe Walk Program was launched in 2019, increasing police patrols between Moscone Center and hotels not served by bus routes. “The streets of San Francisco can be a little dicey,” says Gray Martin. “We worked very closely with the city to increase patrols and we put brochures in the attendees’ hotels with information on things to be aware of when walking around a big city.” RSA also offered maps with walking routes and an on-demand SUV shuttle.
5. Gender neutral bathrooms. These were introduced to the conference in 2018.
6. Prayer room. In the U.S., the prayer room was new in 2019 for attendees and staff.
Gray Martin hopes to continue to improve on the D&I program for 2020. “I think we made phenomenal progress in 2019, but we can always do better,” she says. “More and more conferences are going to be adopting a D&I strategy. It is ever evolving, and it’s important. We need to listen. We need to research. We need to talk to our communities. This is front and center for a lot of events these days.”