The GREPSEC workshop was launched in 2013 with the goal of encouraging female and underrepresented minority graduate students to participate in top security conferences. Here, Terry Benzel, Research Director and Internet and Networked Systems Division Deputy Director at USC’s Information Sciences Institute and one of the GREPSEC founders, discusses the motivation behind the workshop, its successes, and diversity goals beyond the workshop.
Question: You and two colleagues started GREPSEC [Graduate Representation in Security] in 2013. What was the impetus for founding the workshop?
Benzel: In 2012, I was with Hilarie Orman from Purple Streak Software and Susan Landau from Privacy Ink at the IEEE Symposium on Security and Privacy. We noticed that out of the 50 program committee members, there were two women and no underrepresented minorities, and there were fewer than five women lead authors of presented papers. The three of us started thinking about what we could do to increase the female and minority population at the conference, and in the field as a whole. There are so many things that need to be done to increase diversity in cybersecurity, but we chose to focus on giving young women and minorities in their second or third year of graduate school the opportunity to gain skills and interest to one day participate in program committees and publish at a leading research conference.
Question: How was the first workshop received? Did it achieve what you hoped?
Benzel: The first GREPSEC was held the weekend before the 2013 IEEE Symposium on Security & Privacy (S&P). Our goal was to have about 40 participants; we ended up in the 30 range. The workshop went all day Saturday, with a social event in the evening, and ended mid-day Sunday, allowing participants to transition over to the S&P conference. We included a variety of research topics with speakers primarily from underrepresented groups—although we also included some men who’d been successful working with these groups—and encouraged informal conversation during the social hour, lunches, breaks, and so on. We kept the ratio of presenters to students very low to allow for a lot of interaction. This created a very friendly, accepting environment.
In retrospect, we weren’t as well connected with the S&P conference as we could have been, and we found that some of our students attended GREPSEC and then went home. They didn’t understand the connection with the conference.
Question: Were you able to apply any of the lessons learned from the first workshop to the next one, in 2015?
Benzel: For the 2015 workshop, we worked with the S&P conference so students who came to GREPSEC could also apply for grants to help with the costs associated with the main conference. This was very successful. About 15 young women and minorities from our workshop attended the conference’s Sunday afternoon reception. Although they clustered together that first afternoon, they changed the demographics in the room. Moreover, because they already knew us—the organizers and several speakers from the workshop who were also at the conference—they felt more comfortable, and throughout the week they were well integrated and dispersed. They asked questions of the speakers, talked to other participants, and met other graduate students.
Having this group at the main conference and their being able to stand up during the question-and-answer period and ask the speakers a question helps widen the dialog for all of us.
Question: Is one of your goals that the participants in GREPSEC will come back in later years as presenters at the S&P conference?
Benzel: That’s our main goal—to have them return as presenters and organizers and members of the program committee. The IEEE Symposium on Security & Privacy is one of the leading contributors to creating a tenure case for new assistant professors. We want to support the whole lifecycle: from helping them attend as graduate students, to becoming presenters at the main conference, to getting on program committees, to getting publications that can lead to faculty positions, to becoming faculty members with research groups that can continue to bring in more women and minorities, to helping us train the next generation of researchers.
Question: You’ve been involved in recruiting women in both industry and academia. Do you have any advice for organizations seeking to diversify their workforce?
Benzel: Connecting young women and minorities with women and minorities currently in an organization is important, and it’s incumbent upon women of my generation to reach out and make sure this happens.
Here’s an example. In the office next to mine are seven high school students—six men and one woman—working on a project for six weeks this summer. I hear them come in in the morning or after lunch, and the men are talking about everything—cars and travel and politics—and then there’s this one voice that says, “What are we focused on now?” She brings them right back in and they get back to work. But she could also probably use a break once in a while. The other women on the floor have started stopping by to check in with her: “How’re you doing? You want to come down and talk for a few minutes?” Knowing that other women have walked that path will make a difference as to whether this young woman continues to pursue technical subjects in college and perhaps onto grad school.
Question: What are your goals for the 2017 workshop or hopes for the future?
Benzel: The 2017 workshop will be a bit different from previous workshops. We’re developing some interactive exercises, and we’ll break the students into groups and ask them to solve a computer security problem. Students interested in attending will find the submission deadline and details on the GREPSEC website. The IEEE Cybersecurity Development (SecDev) conference, which is coming up in November, also makes a strong effort to encourage student participation. Students can apply for travel grants through 16 September. Information is on the conference website.
Unless we can bring people in at the fundamental academic research level, I don’t think we have a chance of changing the dynamics of the cybersecurity landscape. I’d like to think that GREPSEC will help contribute to change in this area.