New game provides cybersecurity education for Girl Scouts

A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game.

In January 2019, Hewlett Packard Enterprise launched a program in partnership with the Girl Scouts to educate girls between the ages of 9 and 11 about cybersecurity.

The program is an online game called Cyber Squad that was designed to provide cybersecurity education for Girl Scouts, being safe online and other STEM subjects

In this Q&A, HPE CISO Liz Joyce outlines how it works and why it's necessary for girls to start their cybersecurity education at a young age.

Editor's note: This interview has been edited for length and clarity. This is part one of a two-part interview. Part two can be read here.

What work has HPE been doing with the Girl Scouts on STEM and cybersecurity education for young girls, and how did this program come to be?

Liz Joyce: As a CISO, it's extremely important to me, but also as a mom. I have a young daughter that happens to be a Girl Scout and I'm a cookie mom in her troop, so it's very personal. But we also wanted to look at the bigger picture of what we could do to support it.

Liz Joyce, CISO, HPELiz Joyce

Within HPE, we have a real strong culture of community service and pro bono work. There's a colleague of mine, Todd Tabor, and his wife is a troop leader with the Girl Scouts Nation's Capital, and she was looking to help educate the girls about being safe online and cybersecurity. At the time, she couldn't find any content that would really help her do that and educate the girls. Todd came by and asked if I could help out. The whole thing was somewhat of an aligning of the stars, where you had a need to create some cyber awareness and interest.

Girl Scouts has very much stated their interest in getting girls on board with the STEM areas and doing a lot more around budgets and programs and patches to support that initiative. They had that need. Obviously, I'm a cyber-professional . Additionally, within my team, I have an extremely talented and passionate set of women who are a part of our HPE Women in Cybersecurity. It's an internal group in our organization that really was about encouraging more women to get into cybersecurity and reaching out to youth to make them aware of it.

A whole load of things aligned: [the Girl Scouts] had that need, and we certainly had the interest and the skill and the passion to support it. We worked with them to create the core curriculum content that we feel is really important and are the fundamental basics around how girls can protect themselves online: The things they need to understand about having a digital footprint once they're online and what they can do to protect themselves from phishing and scams, and how to detect and spot those things.

It was also about giving them an appreciation of privacy and security online, understanding permissions and how to control that information flow.

And then something that we hear a lot about these days -- cyberbullying. It's only a very small percentage, I think it's something like 25%, who really understand what to do when they see cyberbullying. We really wanted to arm the girls to be prepared and to be cyber smart when they are online.

We also wanted to educate about technology through technology. Technology's a wonderful thing, but we want to make sure that it was an interactive, online, plugged-in experience that the girls would have. Additionally, if something is fun and it doesn't feel like a chore, and if you can make learning fun, it's going to be a lot more memorable for any kid. Those were all really important things.

Along with having the content experts that we have and the program structure that we were doing with Girl Scouts, we also engaged with Romero Games. We're lucky enough through our Women in Cybersecurity group to already have some connections there. Romero is a games company that worked with us to create this interactive, narrative game that we believe will truly be engaging and fun but still able to communicate that message to the girls so they would learn and be cyber smart.

I think another point is [we are] certainly very aware of the gender gap that we have. In that larger picture context, it's critically important that this helps educate the youth, but this also helps expose people to other opportunities around cyber, and it might be something that they're interested in.

Even if it isn't sparking an interest in cyber, if it sparks an interest in some other STEM area, we felt that that was an additional benefit of this collaboration. For the Girl Scouts, that's a priority and something they believe in and want to work on, too.

Was there a specific reason the game aims to provide cybersecurity education to Girl Scouts ages 9 through 11?

Joyce: For a lot of kids, they're getting younger and younger with their online exposure. The average age most kids get a smartphone now is at about 10. Then you start seeing kids having their first social media account when they're 11-ish. It seemed really important to try and capture that age group .

We wanted to make sure that we could educate the girls to understand and recognize [phishing] and turn into cyber detectives.
Liz JoyceCISO, HPE

While they'll have all the benefits of access to information being online, along with that comes some of the associated risks. We felt it was really important to focus on that age group first.

What specific cybersecurity education does the game cover? And how does it do that exactly?

Joyce: There are four key areas that we want to cover and teach the girls on. These areas are what they are able to earn a virtual badge on or a virtual patch on and, eventually, it allows them to earn their actual physical patch. The four key areas were around personal information and their digital footprint. They learn things like when you're online that you actually have a footprint, you have an identity. And that means that you can leave artifacts behind you and people may be asking for information.

It also covered how to protect that [information]. We talked about passwords and why we have passwords, and then tips about creating passwords and about not sharing them, etc.

Another area that we felt was really important was online safety that focuses on phishing and scams. We know it's a big business in cybercrime, and phishing fills everybody's email box every day. We wanted to make sure that we could educate the girls to understand and recognize [phishing] and turn into cyber detectives.

What are the hints and clues that they could look for that say, 'This may not actually be what it seems to be.' And don't take something at its face value: Look at those hints and tips and clues that might say, 'This is something that you need to be aware of and not respond to.'

Thirdly, we talked about privacy and security. That was a discussion around how you keep your information private, things that people can do with regard to permissions, or use of public Wi-Fi, and understanding what that really means.

The last area was specifically around cyberbullying -- understanding and recognizing what it is. And if you see it, what to do and who to contact and connect with on this. So this is an interactive narrative game. The girls can go online to play the game and create their characters. It's sort of a role-playing format where the main character is a female character or an avatar that the player manages and controls.

There's a few different storylines, each of which equates to those areas of phishing, cyberbullying, online safety and digital footprint. As the girls go through the story, they are presented with these scenarios -- and they can be based in school or at home or online -- and they're allowed to then select options and answers as they go through the role play. The story branches out into different dialogues. That way, they get to see the impact of the decision that they've made and the consequences that it can have on their character in the game.

As you go through a game, you can be awarded between one and five stars at the end. If you get five stars, that means you get a virtual cyber patch within the game. When you have gone through all of the different stories and earned your four virtual cyber patches, the girls are able to, in the real world, attain their Girl Scouts Cybersecurity patch.

Do the Girl Scouts have any other programs like this for any other subjects where you can do something virtually to earn real-life badges?

Joyce: No, I believe our collaboration with Girl Scouts Nation's Capital is new and unique. Doing something wholly online and having that plugged-in experience is completely new. That was part of what really excited them about this: One, it was content in an important area. But secondly, it was plugged-in and online.

They really believe, as we do, that it's great to do the education in that online environment. The fact that this is a little gamified makes it fun. As such, it should be more memorable and applicable for the girls to be able to apply it in different scenarios. It seemed like a unique and new way to approach this.

Next Steps

Can a new DHS cybersecurity strategy help the private sector?

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing