Earlier this year, HPE partnered with the Girl Scouts to launch an online game for girls that would provide education about cybersecurity and being safe online. The Cyber Squad game has four areas of focus — understanding a digital footprint, protecting your information, identifying phishing scams and responding to cyberbullying — that together enable players to receive digital and real-life badges in cybersecurity.
The game also aims to raise awareness about STEM and cybersecurity as educational and career options for girls.
In this Q&A, HPE’s CISO Liz Joyce talks about the game’s importance and other efforts HPE is developing to encourage more women and girls to enter the cybersecurity field.
Editor’s note: This interview has been edited for length and clarity. This is part two of a two-part series. Read part one here to learn more about Cyber Squad and its development.
In addition to providing cybersecurity education to the Girl Scouts, the Cyber Squad game is also meant to encourage girls to get into STEM and STEM-related fields. How does it do that?
Liz Joyce: I think just providing the opportunity to have a fun experience in a game. All of us who have kids know how much they like those games. It’s the kind of fun experience that will show them how they can apply something.
As we were going through this, we did pilots where I would go to a troop or a classroom and go through the program and the content. Part of it also was explaining what I did, what my job was. I think it was the first time ever that my daughter’s friends thought I was cool, when I actually explained what I did and we had this whole conversation around it.
It was just, one, to see the possibility, and then two, to see if they’re interested in this area. Just having exposure to the technology is teaching them something and exposing them to a whole other area about how they could be those cyber detectives and what they can do. It just seemed to spark a lot of interest and response.
When I was in the classes, some of the things that I loved about it were the sessions when you get into a conversation about the topic or when you’re talking about it after they had run through the online scenario. It seemed to spark up so much more conversation and get the girls thinking about these other places where it applied.
One girl, after we did the piece about the digital footprint and personal safety, put up her hand and asked, ‘Well, what if my mom wrote my password down and we’re not supposed to share passwords?’ It was just how they applied it in context of their life and started thinking about those things differently. To me, it was just an exposure to an area and that it’s an option and a possibility.
Since we’re doing it online, hopefully it may spark interest in other areas. That is something that we are discussing and working with Girl Scouts on. This is a platform and the game format currently is structured around cyber awareness and cybersecurity.
Now that we have that platform, there is no reason why you can’t make use of that in order to use it to create other games and scenarios where we’ll look at other STEM areas and maybe provide some of that education and also hopefully spark some interest in those areas, too.
Do you have any plans to expand beyond the Nation’s Capital group?
Joyce: We did those smaller pilots, and now we’re launching with Girl Scouts Nation’s Capital, so that’s 60,000 girls. We’re already talking to them about offering this to other councils that may want to apply it in their patch program, too.
Liz JoyceCISO, HPE
There has also been some interest from some other organizations because the issue of cyber awareness and safety online is not just unique to girls, obviously. I think it applies to all kids.
Having some very early conversations with some other groups, both nationally and internationally, you could see the advantage and the interest in having this type of platform to help further awareness and education. We’re certainly very excited about that possibility.
I know some adults who would benefit from that kind of cybersecurity education, too.
Joyce: It’s a really good point. I mean, that was a lesson for me going through the process. As somebody who works as a cyber-professional, you take some of this for granted and it was eye-opening for me.
We also work with Girl Scouts, for example, to ensure that we’re providing all the collateral and material to support the troop leaders [to] be able to share that with parents of the girls because it is important that you do not take for granted some of the basics of cybersecurity. You don’t assume a toddler knows how to cross the road safely or put on a seatbelt; it’s something that you teach them.
We want to make sure that we teach the kids, but also make sure that we can make the parents aware so they can support it, as well.
HPE’s Women in Cybersecurity group was involved in the game creation process, but they have other initiatives as well. Could you tell me a little bit more about the group and what they do?
Joyce: Within HPE, we are very focused on community service, pro bono, but additionally, a real strong culture, a real strong imperative around inclusion and diversity. One of the things that helps support that is we have employee resource groups that support the teams internally. We have some that work around women in technology.
Specifically, in my team, I have a very passionate group of women who saw an opportunity and a need, and we worked to create Women in Cybersecurity. It’s been around a couple of years now. The intent originally was to basically do outreach. We’ve seen the gap in the cyberworkforce and the gap in skills in general and the gender gap.
They were very passionate about getting out there, talking about opportunities for women in cybersecurity, trying to encourage that by engaging with universities and schools and other women’s networks to promote the area of cybersecurity.
When they go out and they encourage women to get into technology or STEM, what advice do they give? What do they tell people to do?
Joyce: It’s a good question, and there are probably a lot of different answers we could give. One is just talking about the fact that there is a cybersecurity profession: ‘Here are all the different types of options of jobs and what it is and what you do.’
Secondly, what do we, as a company, look for? What are the capabilities and skills? Also, a big part of it is telling their story. How they got into it, why they like it and why they’re passionate about it.
Sometimes, it’s the academic challenge; other times, it’s about the notion of trying to fight the bad guys. It’s talking about all those different facets about why they got interested, their path to get there. We have hosted events where we bring people in to talk and see what we do and just open up their visibility of the industry and what it is and what’s possible in it.