Girl Security, the organization I founded in 2016, builds more equitable pathways through learning, training, and mentorship for girls, women, and female-identifying and non-binary young people interested in national security careers. Ann Johnson, Corporate Vice President of Security, Compliance, and Identity Business Development at Microsoft Security, and I recently spoke about the unique challenges, like privacy, that youth confront as digital natives—defined as “a person born or brought up during the age of digital technology.”

Insights from Generation Z supplement the insights we get from adults and people currently in the workforce.  When Ann and I talked about Generation Z, we considered a couple of big questions: 

• How do younger generations think about and experience personal privacy in a digital world shaped by the sharing of personal information and narratives? 
• If young people forge a new understanding of privacy—where less privacy becomes the cultural norm—what might the implications be for society today and in the future? 

Privacy expectations have changed

To get answers, I recently sat down with nine remarkable future national security leaders, ages 16 to 19, who completed the 15-week Girl Security National Security Fellows Program, to discuss the experiences of girls and women online and how those experiences shape their understanding of cybersecurity.

In discussing what the internet and technology are getting right and what can be improved, the fellows explained that technology provides an unprecedented level of access to information and resources and is an affordable method of communication. However, they emphasized the need to make technology and cybersecurity education more accessible to more communities across the United States and globally through in-school learning, financial support for educational opportunities, and training programs like Girl Security.

Preventing large-scale disruptions through responsible technology is also crucial, according to Prachi, a 17-year-old high school student interested in cybersecurity. She noted that prevention can also be personalized with the use of multifactor authentication and password protection. Advancing more robust user-friendly policies, laws, and regulations is also imperative to maintaining digital trust.

Gurman, a 19-year-old who is pursuing a career in cybersecurity, added that the first step to protecting personal privacy in a shifting digital landscape is to acknowledge “how little is in our control.”

“The invasion of privacy is so normalized that we have stopped worrying about it in a way,” Gurman said. “Social media detoxes are becoming more popular because on some level, we understand as a society that living through a digital world isn’t healthy because it detaches us from reality. Yet, in my opinion, all of these things have the underlying assumption that tech is so pervasive, it cannot be controlled so we have to rationalize and normalize it as a way to seemingly maintain some control over our reality.” 

There’s a growing sense of apathy among younger generations with respect to personal security online and the proliferation of user data, according to Rachel, a 16-year-old interested in economic security. She emphasized young people’s willingness to readily share locational data and other personal data.

Amanda, a 17-year-old who is particularly interested in human rights and technology, added that while adults can benefit from tech education, young people are normalizing bad online behaviors by prioritizing convenience (like saved passwords) over privacy and security.

Security protection and consent remain a challenge

As we discussed the impact of a growing reliance on technology to share information among friends and family, attend school during the pandemic, run businesses, and more, the group considered what exactly should society seek to prevent, protect, preserve, and advance with technology.

“The government and industry should do more to prepare digital citizens for breaches or attacks that may compromise personal data and privacy,” according to Sama, an 18-year-old pursuing an interest in geopolitics and counterterrorism. She began using social media in elementary school and signed various consent forms regarding the use of her data. While aggregation of user data is not all bad—information can feed technology innovation—there need to be enhanced protections for youth on social media platforms, particularly around consent.

“Women and girls are empowered and more secure when they can claim more agency in their lives, especially in settings when they are not given choices,” explained Jasmine, a 19-year-old who is pursuing a career in international relations. “On the internet, I feel I have lost that control.” 

The burden is often placed on parents to educate youth about online harms, such as cyberbullying, harassment, image sharing, and doxing (when people reveal private information about someone), according to Jasmine. However, many Generation Z parents were born before the widespread advent of the internet and email, and often lack access to training and learning tools about the types of cybersecurity threats their children may confront online. 

In fact, some parents contribute to the sharing of children’s personal information online—sharenting is the sharing of a minor’s information by a parent or caregiver.¹ 

Nicole, a 16-year-old interested in climate security and technology, said she believes user-friendly policies, laws, and regulations might lessen generational tensions around sharenting. Such measures would build greater trust and confidence in the technology many youths in the United States and other parts of the world use every day. 

Making cybersecurity more accessible

Achieving greater individual online privacy and security for future generations and advancing government and industry standards requires adopting approaches like the Zero Trust model as well as installing mandatory reporting and incident notification systems, according to Sravya, a 16-year-old interested in cybersecurity and the role of language in our cybersecurity understanding. The fellows also emphasized the need to create a shared discourse across generations about the interconnectedness of personal privacy, cybersecurity, and national security. 

Generation Z perspectives can inform cybersecurity policies

We hope you’ve enjoyed hearing these Generation Z perspectives from the Girl Security fellows. In addition to the Girl Security National Security Fellows Program, girls interested in security pathways can also be mentored through Girl Security’s nationwide e-mentoring program and learn from leading experts from Microsoft Security and across government, industry, and the social sectors. In addition, Girl Security hosts summer empowerment programs, learning and training webinars, and community-based programming, including the Girl Scout patch Finding Your Superpowers in Cybersecurity created in partnership with Microsoft and Girl Security.

The program was kicked off to help young students learn security fundamentals, but it turns out, we have as much to learn from them about the importance of online privacy when developing cybersecurity policies and programs. Happy Women’s History Month!

Next steps

Learn more about Girl Security initiatives and the Cybersecurity Superpowers program.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Sharenting: 5 Questions to Ask Before You Post, Claire McCarthy, MD, FAAP, American Academy of Pediatrics. November 20, 2019.

Disclaimer: The views expressed here are solely those of the author and do not represent the views of Microsoft Corporation.

The post What Generation Z can teach us about cybersecurity appeared first on Microsoft Security Blog.

Women in cybersecurity

How do girls identify their superpowers in cybersecurity while women continue to make gains? To explore this key question, Microsoft Security in partnership with Girl Security, a nonpartisan, nonprofit organization preparing girls, women, and gender minorities for careers in national security, co-hosted an event on April 27, 2021, alongside thirty or more girls and women in high school and university from across the United States and globally.

Joining the Girl Security participants was an extraordinary panel of women in cybersecurity from Microsoft Security, including Amy Hogan-Burney, General Manager of the Digital Crimes Unit, Associate General Counsel, Microsoft; Vasu Jakkal, Corporate Vice President, Microsoft Security, Compliance, and Identity; Ann Johnson, Corporate Vice President of Security, Compliance, and Identity, Business Development; Edna Conway, Vice President, Chief Security and Risk Officer, Azure Microsoft Corporation; and Valecia Maclin, General Manager Engineering, Customer Security and Trust, Microsoft Corporation.

Girl Security and Microsoft Security are forging a new fellowship around a shared commitment to make cybersecurity more accessible to all, especially girls and women who remain underrepresented in the cybersecurity workforce. This first co-hosted event offered an exciting opportunity for participants to ask firsthand questions and participate in intimate breakout sessions with a diverse group of leading experts. Importantly, participants were able to hear women experts share personal narratives that described their unique—and often non-linear—pathways into cybersecurity.

Security requires all

Vasu Jakkal, who leads Microsoft Security, Compliance, and Identity strategy, kicked off the event with a simple but powerful message: “Security is for all, and security requires all.” Over the one-hour program, the group explored a wide-ranging series of topics that included career-oriented questions, such as the importance of certifications to recruiters and pathways into cybersecurity, as well as topics on advances in the field, such as emerging cybersecurity threats, the impact of quantum cryptography and artificial intelligence on the digital landscape, and the intersection of policy and security.

When asked how someone with a humanities background might consider a pathway in cybersecurity, Valecia Maclin poignantly noted that cybersecurity is a complex field with many components, including law, policy, technical competencies, and more. She emphasized the need for professionals who can bridge the gaps between those areas, but also work within them. In addition, she added that beginning one’s career in one area of cybersecurity does not preclude a transition into other areas of cybersecurity. In response to a question posed to all panelists, Maclin noted that her cybersecurity “sheros” included the long unsung African American women codebreakers who provided crucial intelligence to the United States during WWII.

The many pathways of a cybersecurity career

The narrative that pathways into cybersecurity are nonlinear is a crucial message for girls and women who may not perceive their own technical competencies or seek to pursue more technical careers, but whose strengths and interests may lie in the field’s myriad tracts. Girl Security works with girls, women, and gender minorities across the United States and globally to convey the message that girls already have the competencies they need to excel in security’s many pathways. Additionally, Girl Security is exploring the best analytical approaches to better understanding girls’ interests in cybersecurity. Combining an equity-informed approach to existing STEM models assessing girls’ interests and pathways can offer important insights into needed interventions.

As the field continues to forge new, crucial approaches to supporting girls’ interests in cybersecurity, reaffirming that there is no one “right” path into cybersecurity offers timely reassurance to girls and women amid a more challenging pandemic economy. One high school participant noted that she was graduating high school and pursuing community college. Another participant, who was transferring from community college into UC Berkeley, jumped in to reassure her that community colleges offer many pathways into the field. Jakkal, in response to observing the participants’ positive support, highlighted the importance of building peer and lateral networks at the onset and throughout one’s career.

Edna Conway, who began her career in law, emphasized the value of career twists and turns. Detours, she noted, can provide invaluable experience. She added that the most important aspect of any career is bringing one’s whole self to the job and appreciating the process. She explained, “Understand what gives you energy and follow that.” Ann Johnson, who leads Microsoft’s security and compliance road map across industries worldwide, agreed: “Bring who you are to what you do.” Conway also noted that women tend to have an inclination toward critical thinking and problem solving, making them particularly qualified for cybersecurity challenges. And in the event of a professional roadblock? Johnson reassured participants: “As for help, don’t take no for an answer. You’re going to stumble and that’s ok.”

Amy Hogan-Burney, who holds a law degree and began her career as an attorney with the U.S. Department of Justice and Federal Bureau of Investigation, now leads Microsoft’s Digital Crimes Unit, a global team of attorneys, investigators, engineers, and analysts working to fight cybercrime. She encouraged participants to trust their instincts, noting, “It is easy to make things hard and hard to make things easy, so trust yourself and trust your capabilities and ask questions.”

Girl Security participants offered meaningful feedback following the event about the importance of visible women role models in cybersecurity, the value of “face-to-face” (albeit virtual) interaction with women leaders, and the need for additional programming that highlights the field’s diverse pathways. As one participant noted, “I never realized how broad the field is. It’s exciting to think my interests could lead to a career!”

What’s next

As part of this exciting new partnership, Girl Security and Microsoft Security will continue to host programming and cybersecurity education. On June 28, 2021, at 4 PM CST, Girl Security and Sara Manning Dawson, Chief Technology Officer, Enterprise Security at Microsoft, will conduct a session on disinformation, cybersecurity, and national security alongside budding cybersecurity leader Kyla Guru for Girl Con—an international tech conference (for high school students, by high school students) aiming to empower the next generation of female leaders. In addition, Girl Security and Microsoft Security will join forces for a new leadership program on cybersecurity for the Girl Scouts Greater Chicago, Northwest Indiana, and more. Sign up to be the first to learn about new Girl Security and Microsoft Security events.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Cybersecurity Workforce Study: Women in Cybersecurity, (ISC)² Cybersecurity Workforce Report, 2019.

²(ISC)² survey shows women increasingly embracing cybersecurity as a career path, Security, BNP Media, July 21, 2020.

The post Encouraging women to embrace their cybersecurity superpowers appeared first on Microsoft Security Blog.