DrupalCon Nashville 2018: The Kids Are Going To Be 200 OK
Infosec is like sex ed. If you wait until kids need it, you have waited too long.
Schools don't, peers can't, we have to.
Talking to adults about security culture is only a small part of the problem. We really need to be thinking about how raising and mentoring the next generation is our way to change culture. We are at a crossroads where we can either teach children that their only safety lies in compliance and censorship, or we can give them tools and mental models for how to stay (reasonably) safe in an unreasonable world.
If we could get even a small percentage of children to spread ideas about psuedonymity and data protection to their peers, we would be changing the future of educational, corporate, and government responses.
As security professionals, we spend a lot of time educating adults on how to be safer, how to protect themselves, how to be security aware. But if we really want to change the culture, we have to start earlier. We have to teach kids what information they should never give out. We have to give them methods to evaluate the truth of what they are reading. And we have to prevent them from becoming the next generation of jerks.
This talk is not about net nannies, monitoring your router traffic, or behaving like a security organization in your home. It's about genuinely teaching new humans how to behave in an environment we had to figure out the hard way.
It'll be about
troll-proofing your kids (I/O)
privacy and autonomy
identity and sharding
optimism
information jubilee
and how kids are like automation scripts.
Information security as a life practice is not something we're taught, it's something we have absorbed in our time in the industry. How can we distill all that life-experience into something that we can teach and pass on? This talk is for everyone with a n00b in their lives, or anyone who isn't sure how to keep themselves safe(ish).
Slides: https://docs.google.com/presentation/d/1kHPN_8qSVA-P8u8tavY0bfYcV5BcODsb7XE5VyeSKA4/edit#slide=id.g74adcbd046062c0c_0
Schools don't, peers can't, we have to.
Talking to adults about security culture is only a small part of the problem. We really need to be thinking about how raising and mentoring the next generation is our way to change culture. We are at a crossroads where we can either teach children that their only safety lies in compliance and censorship, or we can give them tools and mental models for how to stay (reasonably) safe in an unreasonable world.
If we could get even a small percentage of children to spread ideas about psuedonymity and data protection to their peers, we would be changing the future of educational, corporate, and government responses.
As security professionals, we spend a lot of time educating adults on how to be safer, how to protect themselves, how to be security aware. But if we really want to change the culture, we have to start earlier. We have to teach kids what information they should never give out. We have to give them methods to evaluate the truth of what they are reading. And we have to prevent them from becoming the next generation of jerks.
This talk is not about net nannies, monitoring your router traffic, or behaving like a security organization in your home. It's about genuinely teaching new humans how to behave in an environment we had to figure out the hard way.
It'll be about
troll-proofing your kids (I/O)
privacy and autonomy
identity and sharding
optimism
information jubilee
and how kids are like automation scripts.
Information security as a life practice is not something we're taught, it's something we have absorbed in our time in the industry. How can we distill all that life-experience into something that we can teach and pass on? This talk is for everyone with a n00b in their lives, or anyone who isn't sure how to keep themselves safe(ish).
Slides: https://docs.google.com/presentation/d/1kHPN_8qSVA-P8u8tavY0bfYcV5BcODsb7XE5VyeSKA4/edit#slide=id.g74adcbd046062c0c_0