If you were asked to teach a 5 hour workshop for some mostly non-technical teenage girls, on infosec, what would that program look like? I'm thinking start with some lockpicking, segue in to "and that's how everything is insecure", and at the end have them all have 2FA & a password manager on all their stuff
@johnnysunshine The key to getting and holding their attention will be showing then how this stuff is relevant for their daily lives. You could have them try & get into each other's Instagram accounts or similar, for example. Or work with them to find out what of their personal data is public online.
@johnnysunshine The analogy of a combination lock (Master lock) works well for passwords and helps someone understand the idea of brute-force attacks. Ones that additionally have a keyhole portrays the idea of an intentional backdoor. Then you can blow their mind by showing them a shim--the analogy to a hack.
@johnnysunshine I always found infosec most interesting when it was framed as puzzles and finding loopholes in the rules of a system. The empowerment side (lockpicking, hacking) was sexy, but it's the other part of it that actually gets people hooked.
@johnnysunshine I had a short course setup at the local community college, & the curriculum looked quite similar. Start out with basic stuff that we take for granted- email/SMS is clear text, cloud services retain backups (assume forever), high level how encryption works, what 2FA is/is not & how it works, why unique passwords are important, ending with everyone on 2FA & password manager. Throw in some physical lock bypassing for fun/shock value, maybe.
The original server operated by the Mastodon gGmbH non-profit