In January 2019, Hewlett Packard Enterprise launched a program in partnership with the Girl Scouts to educate girls between the ages of 9 and 11 about cybersecurity.
The program is an online game called Cyber Squad that was designed to provide cybersecurity education for Girl Scouts, being safe online and other STEM subjects
In this Q&A, HPE CISO Liz Joyce outlines how it works and why it's necessary for girls to start their cybersecurity education at a young age.
Editor's note: This interview has been edited for length and clarity. This is part one of a two-part interview. Part two can be read here.
What work has HPE been doing with the Girl Scouts on STEM and cybersecurity education for young girls, and how did this program come to be?
Liz Joyce: As a CISO, it's extremely important to me, but also as a mom. I have a young daughter that happens to be a Girl Scout and I'm a cookie mom in her troop, so it's very personal. But we also wanted to look at the bigger picture of what we could do to support it.
Within HPE, we have a
Girl Scouts has very much stated their interest in getting girls on board with the STEM areas and doing a lot more around budgets and programs and patches to support that initiative. They had that need. Obviously, I'm a
A whole load of things aligned: [the Girl Scouts] had that need, and we certainly had the interest and the skill and the passion to support it. We worked with them to create the core curriculum content that we feel is really important and are the fundamental basics around how girls can protect themselves online: The things they need to understand about having a digital footprint once they're online and what they can do to protect themselves from phishing and scams, and how to detect and spot those things.
It was also about giving them an appreciation of privacy and security online, understanding permissions and how to control that information flow.
And then something that we hear a lot about these days -- cyberbullying. It's only a very small percentage, I think it's something like 25%, who really understand what to do when they see cyberbullying. We really wanted to arm the girls to be prepared and to be cyber smart when they are online.
We also wanted to educate about technology through technology. Technology's a wonderful thing, but we want to make sure that it was an interactive, online, plugged-in experience that the girls would have. Additionally, if something is fun and it doesn't feel like a chore, and if you can make learning fun, it's going to be a lot more memorable for any kid. Those were all really important things.
Along with having the content experts that we have and the program structure that we were doing with Girl Scouts, we also engaged with Romero Games. We're lucky enough through our Women in Cybersecurity group to already have some connections there. Romero is a games company that worked with us to create this interactive, narrative game that we believe will truly be engaging and fun but still able to communicate that message to the girls so they would learn and be cyber smart.
I think another point is [we are] certainly very aware of the gender gap that we have. In that larger picture context, it's critically important that this helps educate the youth, but this also helps expose people to other opportunities around cyber, and it might be something that they're interested in.
Even if it isn't sparking an interest in cyber, if it sparks an interest in some other STEM area, we felt that that was an additional benefit of this collaboration. For the Girl Scouts, that's a priority and something they believe in and want to work on, too.
Was there a specific reason the game aims to provide cybersecurity education to Girl Scouts ages 9 through 11?
Joyce: For a lot of kids, they're getting younger and younger with their online exposure. The average age most kids get a smartphone now is at about 10. Then you start seeing kids having their first social media account when they're 11-ish. It seemed really important to try and capture that age group
Liz JoyceCISO, HPE
What specific cybersecurity education does the game cover? And how does it do that exactly?
Joyce: There are four key areas that we want to cover and teach the girls on. These areas are what they are able to earn a virtual badge on or a virtual patch on and, eventually, it allows them to earn their actual physical patch. The four key areas were around personal information and their digital footprint. They learn things like when you're online that you actually have a footprint, you have an identity. And that means that you can leave artifacts behind you and people may be asking for information.
It also covered how to protect that [information]. We talked about passwords and why we have passwords, and then tips about creating passwords and about not sharing them, etc.
Another area that we felt was really important was online safety that focuses on phishing and scams. We know it's a big business in cybercrime, and phishing fills everybody's email box every day. We wanted to make sure that we could educate the girls to understand and recognize [phishing] and turn into cyber detectives.
What are the hints and clues that they could look for that say, 'This may not actually be what it seems to be.' And don't take something at its face value: Look at those hints and tips and clues that might say, 'This is something that you need to be aware of and not respond to.'
Thirdly, we talked about privacy and security. That was a discussion around how you keep your information private, things that people can do with regard to permissions, or use of public Wi-Fi, and understanding what that really means.
The last area was specifically around cyberbullying -- understanding and recognizing what it is. And if you see it, what to do and who to contact and connect with on this. So this is an interactive narrative game. The girls can go online to play the game and create their characters. It's sort of a role-playing format where the main character is a female character or an avatar that the player manages and controls.
As you go through a game, you can be awarded between one and five stars at the end. If you get five stars, that means you get a virtual cyber patch within the game. When you have gone through all of the different stories and earned your four virtual cyber patches, the girls are able to, in the real world, attain their Girl Scouts Cybersecurity patch.
Do the Girl Scouts have any other programs like this for any other subjects where you can do something virtually to earn real-life badges?
Joyce: No, I believe our collaboration with Girl Scouts Nation's Capital is new and unique. Doing something wholly online and having that plugged-in experience is completely new. That was part of what really excited them about this: One, it was content in an important area. But secondly, it was plugged-in and online.
They really believe, as we do, that it's great to do the education in that online environment. The fact that this is a little gamified makes it fun. As such, it should be more memorable and applicable for the girls to be able to apply it in different scenarios. It seemed like a unique and new way to approach this.