Penetration testing, or “pen testing,” is when someone tries to break into a system. An app maker often hires an outside group to do pen testing. They do things like download and decompile the app, test endpoints and APIs, and try to brute force passwords. Basically, they try to break into your system. It’s like hiring a master thief to try to get something out of a museum to test your security system. It’s not quite as cool as breaking into a museum at night, sneaking down from the ceiling and avoiding bright red lasers, but it’s pretty cool. You get to legally play hacker.
Emily Mitchell was wearing her pen testing t-shirt at the Black Hat USA cybersecurity conference in 2015. She approached Blizzard’s booth. They were hiring, and she was interested in working for the company. Blizzard, now known for being an incredibly toxic company, reacted about how you might expect a group of 12-year-old boys to react (note: these were adult men, despite their behavior). They asked her if she “liked being penetrated,” and “how often [she] got penetrated.” They ridiculed her and asserted that she couldn’t possibly be at the right place. She grabbed the free swag from the booth and left in a huff.
Years later, Blizzard approached the company she worked for. It may have been the first time someone outside of the company told them Blizzard’s rampant misogyny would come at a great cost. Unfortunately, that message took years to sink in.
An Attentive CEO
Mitchell was then working for a company called Sagitta HPC (now known as Terahash). The company sold various security services and hardware, including password cracking boxes. When she saw the order coming in from Blizzard, she raised concerns with the CEO, Jeremi Gosney. Specifically, she said, “fuck no.” The CEO reached out to Blizzard.
“One of my C-suite executives saw that you had been added to our CRM database, and shared a very troubling and upsetting story with me:
Back in 2015 at the Black Hat USA security conference in Las Vegas Blizzard had a recruitment booth in the “Career Zone” section of the vendor area. … My executive … approached the Blizzard booth to inquire about open positions; however instead of discussing potential job opportunities with her, the Blizzard recruiters ridiculed her for being a woman. They asked her if she was lost; if her boyfriend brought her to the conference; if she even knew what the conference was about; if she knew was penetration testing was, and how often she got penetrated; and a slew of other extremely inappropriate and wholly unprofessional questions.”
– Jeremi Gosney, Terahash CEO, emphasis added
Gosney went on to describe other behavior his employee encountered at the booth, as well as the fact that she was not the only one. During that day, other women also experienced the same misogyny. It seemed Blizzard was harassing many women who came to their booth, pushing them away from the positions at Blizzard.
Rather than ban Blizzard, Gosney decided there would be a better way to teach them a lesson.
The Misogyny Tax
Not going to name-and-shame, but "Don't Be a Dick" is globally applicable. There are repercussions. #womenintech #InternationalWomensDay pic.twitter.com/Wcds3a2bnA
— Jeremi M Gosney (@jmgosney) March 9, 2017
Terahash’s CEO sent Blizzard an email outlining the conditions Blizzard would have to accept to do business with them. First Terahash would charge a 50% “misogyny tax.” 100% of this would go to women’s charities, Women in Technology International, Girls in Tech, and Girls Who Code. They also stipulated that Blizzard would be a Gold Sponsor of the Grace Hopper Celebration of Women in Computing 2017. Blizzard did not do this, although Activision, its parent company, was a Silver-level sponsor that year. Finally, he demanded a formal letter of apology from Blizzard’s C-suite staff for Terahash’s COO, Emily Mitchel, along with verification that Blizzard employees had undergone sexual harassment and equality training. Blizzard also never apologized.
Blizzard didn’t comply, deciding not to do business with Terahash instead. I wonder how that turned out for them.
Blizzard still hasn’t been back to the Black Hat security conference. With news of the vile environment at Activision Blizzard making its way into mainstream news outlets, they may never be popular anywhere ever again.