An ‘oversight’ at a tech conference exposes the challenges for women in cybersecurity: ‘It was a complete lack of professional respect’
A RootedCON session in Spain reveals the industry’s stubbornly persistent gender bias
On March 7, Gabriela García and David Meléndez gave a talk about technical flaws in railroad networks to 1,500 people at RootedCON, the largest cybersecurity conference in the Spanish-speaking world. Everything went according to plan, and the talk covered a specific railroad signaling safety vulnerability. García is a software developer, hacker and teacher, while Meléndez is an experienced R&D engineer on the Innotec Security hacking team.
The presentation, not online yet, made waves in blogs and social media. However, a few days later, García posted on X, “It’s strange that so many people who watched our talk at @rootedcon forgot to mention my participation, considering that @TaiksonTexas [Meléndez’s name on X] and I shared equally in the research, development and delivery of the presentation.”
García’s tweet ignited a strong reaction, drawing dozens of responses and messages of support. This prompted the Spanish-speaking cybersecurity community to explore the complexities of bias, meritocracy and gender. What initially seemed like an oversight evolved into a multifaceted issue.
“It was a complete lack of professional respect,” García said. “I’ve noticed it happening many times, and it’s made me want to speak up about the lack of credit for my work. This oversight could potentially impact me professionally since it was a standout and technically significant presentation.” EL PAÍS contacted a dozen people in the cybersecurity world who all agreed that the few women in the field encounter unique challenges.
Yet, there is ongoing debate about the reasons and challenges of advancing in this competitive field. “Technology, especially cybersecurity, can be quite aggressive, with egos in the mix, and sometimes just doing a good job isn’t enough,” said García. “You need to get some recognition from your colleagues. The work environment can be tough overall, and for women, it’s no different. Tech isn’t the easiest industry to break into, especially cybersecurity.”
The slights of García at the conference were evident on several levels. Meléndez said, “At the end of the presentation, people came up to say hello and they barely said anything to Gabriela. And then they would say, ‘See you later, guys.’ I have been giving these types of presentations for 13 years, so I’m fairly well known in the field. Maybe they greeted me before Gabriela because they know me more.”
Meléndez believes that there’s more than gender bias at play here, and he’s also sensed this type of belittlement for other reasons. “I really think it’s not just about gender, it’s more about who likes you. You notice how people reach out from one place but not another, even when we fill 1,500 seats at RootedCON. In the industry, I’m known as the drone guy, but it’s interesting how when the subject is drones, someone else always wants to steal the spotlight. It feels like some egos are bruised no matter what you do or don’t do.”
RootedCON selects work to be presented at the conference through an anonymous voting process, says Román Ramírez, the conference’s co-organizer. “We strongly oppose pressuring women to speak at the event. We aim for meritocracy in cybersecurity, particularly in the technical aspects,” said Ramírez. “Technical demonstrations are a must at RootedCON: either demo your code or don’t come.”
For this reason, the cold shoulder García received stands out even more. In this mix of fragile egos, professional tenure and a strong commitment to meritocracy, there’s an additional hurdle for women. The tech industry, especially cybersecurity, has long been male-dominated. “In this field, women make up between 1% and 18% of the workers,” said Ramírez. “At RootedCON, we’ve seen figures as low as 5%, but this year we hit 24%.”
After the heated debate on X, ethical hacker and tech architect Fran de la Iglesia had an hour-long talk with García and Meléndez on his Twitch channel. “Even if we wanted to implement quotas in tech, the low percentage of women makes it technically unfeasible,” he said, “Maybe it’s because it’s a field centered on mathematical analytics; after all, computing deals with equations and programming languages. Perhaps it’s due to its historical male dominance. Time may be key to achieving any kind of gender parity.”
A historical gender gap
“The gender gap in cybersecurity persists due to the historical predominance of men in the field,” said Elena Casado, head of cyber-intelligence operations at Deloitte. “Women encounter extra obstacles like mansplaining and often need to work twice as hard to gain professional recognition.”
Marta Barrio, an engineer at Oracle Netsuite, co-founded Securiters in 2021. One of the company’s initiative aims to connect women in the community. Barrio, an experienced engineer, notes three main challenges or barriers faced by women. “Early on, you’d see a woman give a talk and you’d think, ‘Hmm, she’s going to share something really interesting. I mean, she got picked, so she must be good, right?’” said Barrio. Later, when more women got into the field, she began to see it differently. “Now, people think, ‘They probably chose her because she’s a woman, which helps boost their numbers.’ I have heard that many times.” These reactions to more women entering the field created a triple barrier. “The first one is believing in the value of what you’re about to share. The second one involves exposure and public speaking. However, a third barrier is often imposed on us: the need to prove yourself to counter gender-based assumptions. This added pressure discourages many women.”
“I didn’t look like a speaker”
The pressure to be perfect and prove you’re more than a quota has hindered women’s progress in this area. Gabriela García says she met every requirement to present at RootedCON, yet was still overlooked. One of her tweets says, “They told me I didn’t look like a speaker.” It is the epitome of invisibility — a woman fulfills every requirement, yet she is still undervalued.
This situation has consequences that are hard to quantify as they interact with each individual’s character and confidence. Cybersecurity mirrors societal norms, but the absence of women creates a challenging cycle to overcome. “I know women who are very competent technologists. But there aren’t that many of them, and you need to have a strong character and a forceful personality,” said Iris Martín, a cybersecurity specialist. “In general, women working in male-dominated fields often wait until they achieve way more than their male colleagues before showcasing their work. Unlike many men who apply for jobs meeting only a few requirements, women tend to hesitate unless they meet most or all of the criteria. This pressure leads many women technologists to shift to management roles to make life easier or for better pay.”
Even to write this article, the difference was clear. We had to reach out to twice as many women to get a few who were willing to share their views on this issue. In contrast, all the men we contacted responded promptly and openly. “It’s because of the culture of this field,” said Rafa López, a professor and cybersecurity specialist. Given the scarcity of women in the field, there is an assumption that their backgrounds are less technical. “Some men believe a woman can’t offer technical insights due to gender bias and assumptions about her technical expertise,” said López.
The pressure on women spans the entire tech sector, not just cybersecurity. Azahara Fernández Guizán, who has a doctorate in health biology, transitioned her career to software development. Co-workers often underestimate her technical expertise even though she’s a three-time winner of a Microsoft programming award. “They know I’m all about the technical stuff, that I’m not in a management role. So, who do they think handles my day-to-day work?” Fernández is getting ready to publish a book. “I’m a little nervous about it,” she said. “I told my editor, ‘Let’s see what happens and what people will say.’ Maybe they’ll say I got the technical parts wrong. I don’t know — there’s always a very big double standard.”
Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition