Kyla's really passionate about cybersecurity. She's so passionate that she started a company that produces events and content to help people better understand security and how to protect themselves. She's worked with IBM and Facebook, created open source curriculum that's being used in other countries, and she's also sixteen. She shares why she's so passionate about security, what we as consumers and developers should pay attention to, and how we can build security into all the things we code.
[00:00:00] SY: Okay, so we are all sold out of earlybird tickets to Codeland. But regular tickets are now available. They start at 99 bucks, and they get you talks, a workshop, great food, great people, all in New York City on July 22nd. Go to codelandconf.com for more info. Link is in your show notes.
[00:00:36] (Music) Welcome to the CodeNewbie Podcast where we talk to people on their coding journey in hopes of helping you on yours. I’m your host, Saron, and today, we’re talking about cybersecurity.
[00:00:48] SY: (Music) Kyla is the CEO and Founder of Bits N’ Bytes Cybersecurity Education, a company that puts on events and writes articles, and partners with companies like IBM and Facebook, to educate people about cybersecurity. She’s also 16 years old.
[00:01:04] KG: Hi. I’m Kyla Guru. I am the founder of Bits N’ Bytes Cybersecurity and I work to make sure that vulnerable populations are aware, and secure, and safe online.
[00:01:15] SY: That’s right. She’s in high school, and a few years ago she got really interested in cybersecurity and she learned everything she could about it from reading articles, talking to cybersecurity professionals and now she’s taking all that knowledge and sharing it. She gives us an intro to the world of cybersecurity and tells us how we as coders can help make things more secure and why she decided to start a whole company around her passion for this topic after this.
[00:01:38] SY: If you’re listening to this, you’re already on your way to changing your life through code. But have you made the jump yet? Those of you who know my story know that I graduated from the Flatiron School. They run classes in software engineering, data science, and design, and they focus on outcomes. So if you’re thinking about a tech career, you don’t have to do it alone. I’ll be in DC on March 12 for a Fireside Chat at Flatirons School’s DC campus. We’ll be talking about the different ways to launch a career in tech and that, no matter your background or where you came from, you can do this. To register for the event, go to flatironschool.com/codenewbiedc.
[00:02:21] If you’ve got a personal project, a small business, or a big business with lots of data, Linode offers you secure hosting for all your infrastructure needs. They are a Linux Cloud Hosting provider where you can get a new server up and running in under a minute. Plans start at one gigabytes of RAM for just five bucks a month. And with the promo code CodeNewbie2019, you can get a $20 credit. So go Linode.com/codenewbie and give it a try. Also they’re hiring. Check out their jobs at linode.com/careers. Link is in your show notes.
[00:02545] SY: As you know, I’m a podcaster, and I love talking to people and hearing their stories, and I love it so much I actually host another podcast called Command Line Heroes. It’s produced by Red Hat. And in that show, I get to talk to tons of people doing incredible work in open source. But besides awesome interviews, it’s also got sound effects, background music, you know, creative audio stuff. So if you’re looking for some more awesome tech podcasts to fill your feed, check out Command Line Heroes. Go to redhat.com/commandlineheroes. Link is in your show notes.
[00:03:29] Digital Ocean provides the easiest cloud platform to deploy, manage, and scale applications of any size. They remove infrastructure friction and provide predictability so you can spend more time building what you love. Try Digital Ocean for free by going to DO.co/codenewbie and get $100 in infrastructure credit. Link is in your show notes.
[00:03:54] SY: So cybersecurity. So this feels like a really big project, a big problem for anyone to tackle, let alone a 16-year-old. So before we get into how you managed to do all of that, I want to kind of start with just how did you even know this was a problem?
[00:04:11] KG: Yeah, definitely. So what it really started from was my dad. He used to be a fraud examiner when he was an immigrant to Canada and he used to work on examining fraud in accounting specifically and he still works in accounting, but he does more business now. So he always had this background of thinking about fraud and thinking about the vulnerabilities in every system. So he would come home and he would be really savvy in talking about these kind of security problems at the dinner table and he would bring them up because every day in the news there would be something new about cybersecurity and privacy. And simply just being involved in these conversations with my parents, it really opened my eyes to realize that this was… this new digital age that we were walking into and nobody really could foresee that cybersecurity and these threats would be on the front line when we were walking into the space. And now that it was, I knew that I had to, you know, do something, be involved in these conversations and really realized that the news was really tangible things that were happening in the world. And so it was those dinner table conversations and also just I used to watch a lot of FBI TV shows and movies. So I was always fascinated with things like the Imitation Game and War Games and things like that. So that’s also a big factor.
[00:05:29] SY: So that makes sense, but also when I was a kid, you know, both my parents are pharmacists.
[00:05:33] KG: Yeah.
[00:05:34] SY: So they’re always talking about drugs, you know, they always talk about, you know, pharmacy and working in hospitals and all that. But even with all those dinner table conversations that I had, it didn’t necessarily pull me in. It didn’t necessarily connect with me.
[00:05:47] KG: Definitely. Yeah.
[00:05:48] SY: Yeah. What is it about your dinner conversations that made you go, “Oh, this is interesting and I want to be involved”?
[00:05:54] KG: Yeah. So it wasn’t just the dinner table conversations. Those really kick-started me into the industry and I kind of got my feet wet with those, but then I really started to get into it after I signed up for a GenCyber Camp the summer before I went to high school and that was really the point that really opened my eyes to see what was really going on in the industry and the stories behind all these news headlines. So I went into this GenCyber Camp just knowing what I had talked about with my parents and what we had discussed and what I had seen in the news. And then GenCyber, it gave me the connections, It showed me these professionals and these masters students working on the frontline of defense, and just having these conversations, you know, we would stay up till, you know, midnight in the dorm lobby and we would just talk about the deep web, and that’s a part of the web that you can’t really… nobody really knows a lot about. And so it was really just fascinating to hear about how much uncertainty there was in the internet. Just knowing that, hearing that, learning from them, it made a big impact in my story.
[00:06:57] SY: Wow! That sounds like an amazing opportunity. So between that camp, and hearing from all these professionals, and then your parents and those dinner table conversations, it sounds like you had exposure to a lot of different topics and a lot of different problems in the world of cybersecurity. What is the thing that gets you most excited? What’s, I guess, the more specific problem that you’re hoping to solve?
[00:07:25] KG: At GenCyber actually I learned and someone told me that humans are the weakest link and they’ve always been considered the weakest link.
[00:07:32] SY: We’re terrible. Yeah.
[00:07:34] KG: And yeah and also in cybersecurity, but someone would say that the biggest threat in security is the person sitting in the chair behind the computer. You know, it’s not the software, it’s not the hardware, it’s actually the human, and the human era aspect. And I kept on hearing that and I was just as this young person thinking about all the technology and all the resources and manpower that we have, I really started to focus my efforts on outreach and thinking about how I can impact the human side of this and make sure that we are the strong society that can resist these threats and know how to mitigate risk when we see it. So that’s really what I’ve been focusing on, this human relationship building, this human resistance. And yeah, just this building of a community of white hats is what I’m working on specifically.
[00:08:24] SY: So when you think about humans being the weakest link and making them stronger and resistant, what does that actually look like? What would we be doing differently or what would we know that would make us not so weak?
[00:08:39] KG: I think the biggest thing is to let people know that security is a part of our life whether we like it or not. And a lot of people tend to think that, “Okay security, cybersecurity, it’s for the really savvy, these masterminds behind the computer, the IT department’s going to handle it.” But I think we really need to shift that perspective to realizing that humans and users of technology itself, everybody should be educated and should know how to deal with these risks as we go into this. Cybersecurity is just as important as physical security is something I’ve always tried to stress, you know, like we lock our cars before we leave, and we lock our doors before we sleep. You know, it’s the same idea of we always wanted to feel safe and secure ever since -- in history. And so it’s the same thing when we translate that into the digital age.
[00:09:30] SY: Yeah. So I think one of the things that makes it hard for “regular people” to take security seriously is we don’t really feel like we have much to secure, you know, like everyone can already see my tweets, they can already see my Instagram posts, you know for the average person who isn’t working with, you know, company secrets or IP or you know sensitive information, we kind of think, “Well like, you know, I have a good password, maybe I use a password manager, but what more do I need?” So in your experience in the conversations that you’ve had, what are the things that average everyday people may overlook and underestimate when it comes to cybersecurity?
[00:10:11] KG: Sure. Sure. Yeah, so cybersecurity I think yeah, you’re totally right, that people always think that “I don’t have anything to hide. I don’t have anything that I would be uncomfortable with other people seeing” and I think that’s a big myth and I try and debunk that through my work and through what I do, but I think that if we have that perspective and move through this digital age with that perspective of I have nothing to “hide” or I have nothing at stake, then we are putting ourselves potentially at such a great risk to potentially put our information in the hands of really, really bad people on the dark -- and this information on the dark web. And with this digital age of having this information everywhere, could you even imagine if our information was put into the hands of a criminal and then they were able to, you know, socially engineer something and get into our emotions like that? That’s what I try and go at, that this isn’t just one piece of information or one tweet that you’re sending out, that you’re actually building a portfolio for yourself online that the criminals and the bad guys in the black hats can take advantage of and that’s the most dangerous part of it.
[00:11:19] SY: So can you give me an example of that? So if most of my stuff is, you know, public stuff on Twitter and Instagram and that’s kind of it. And you know, a bad guy might do something with that, like what would they do?
[00:11:29] KG: Yeah. Yeah. So actually I watched a really funny video the other day and it was of this kind of psychic guy. They tried to put together a show of this guy bringing in these different contestants on a fake show and he was trying to show like he could predict into their future, read about their life, and he had this small mic in his ear but nobody really thought anything of it. You know, he was telling them, “Okay, you have your home on mortgage, or you have three cats, or I sense a butterfly tattoo on you or something.” He would say all those things and people would be like, “Wow,” so fascinated with that. And then he was like, “Do you want me to reveal my magic?” And he just, you know, snaps his finger and this whole screen comes down, and there’s this whole room of people just searching online facts about the contestant that has walked in the room. So I guess as you said like one piece of information or some things that can really build your digital profile, you know, even tweets and being mindful of how and where you’re tweeting, being mindful of who’s seeing your tweets or your Facebook posts or your social media profiles I think something people really skip over and something that people have really realized after the Facebook breach of trust issue is who’s seeing my profile and what’s on my profile? And realizing that you actually have control on your profile where you can say that I only want, you know, my friends of friends to see it or I only want my friends to see it and even putting that control on your profile picture and saying I only want people who I friend to see my profile picture, that also increases your control. And so in this matter of taking control over your own information in the digital age, I think people need to realize that that’s a big part of it and that your social media profiles are a key factor in that.
[00:13:24] SY: That makes total sense to me, this idea that, you know, especially with something like Twitter. For me it feels very ephemeral. You know, it’ll go away and no one will see it in a day or two, but technically it’s there forever.
[00:13:34] KG: Oh my gosh. Yeah.
[00:13:35] SY: And if you want to go back and build a portfolio of me, you can and you would probably know things about me that I’ve already forgotten. But going back to the worst case scenario, if I accept that there’s probably more information about me than maybe I’d be comfortable with, I can still look at that and go, “Well, I put it there, right? I wanted to share it. So what’s the big deal? Who cares if I have a portfolio that other people have access to if it's information that I know is public?”
[00:14:05] KG: Right. But the scary thing now is that we’re going into this digital age where some of the information that the bad guys are getting hold of is information that we might not want to put online and Personally Identifiable Information or what we call as PII that we don’t want people to get hands of because if they do, it could lead them down this path of knowing more and more and more about us to build a physical profile of us and that’s really scary if you think about it. If you think about someone, you know, having your, say your social security or say even your dog’s name from something you posted and then say one of your passwords is your dog’s name and they are trying every form of attack and every vector they can, that’s even a threat to you. And so thinking about all these different possible ways that this could happen I think is just super important and knowing that this information, alongside many of the types of information that hackers get through breaches including sometimes medical information, that’s the kind of data that these hackers and these people who are doing really, really dark things, really want to get their hands on because that’s where the money is at and that’s where it’s lucrative for them.
[00:15:18] SY: Interesting. Can you tell me a little bit more about the lucrative part? Because when you said if I tweet, you know my dog’s name very innocently, I got a new dog, I just named it now, I want to share it, right? Because he’s really innocent and not thinking that, “Uh-oh, you know, one of my security questions is, ‘What’s the name of your dog?’” And then you have that information. That seems very real and very scary. But when you talk about it being really lucrative and them doing kind of terrible things, what are some of those things?
[00:15:44] KG: There are some really, really incredibly large attacks happening in our digital world right now and you probably have heard of Petya and WannaCry that happened last year.
[00:15:54] SY: Yeah. Tell me about that.
[00:15:55] KG: Yeah, in 2017. And yeah, WannaCry was the biggest ransomware attack that has ever happened in history. And what we saw with that was WannaCry was able to make its way into 53 different countries and attack, you know, hospitals and schools and large corporations who have placed incredible security measures and that in itself is leading to this thought of, “Wow, hackers could really get their hands on critical infrastructure,” and hackers could take down hospitals so that we’re unable to do surgeries for a whole month and it’s crazy to think about that. You know, this has happened before, that hackers have attacked grids and power lines. Today even I was watching a documentary that was talking about this and they were saying that the next world war doesn’t have to be defined by, you know, who shot the first gunshot, it could be defined by who is taking down the power grids of a nation. And to think that this could be something that nation-to-nation nations use to attack one another and to think about how like we can scale, you know, personal information, personal data, and personal threats, up to the corporate world and then up to the nation, nation state the global attack space, it’s really scary and really truthful and realistic to think of it that way as a progression of scaling from, you know, you, and your computer, and your laptop, your data up to the what kind of corporations do you work with and then up to who do those corporations work with and what is their global, you know, scale with that.
[00:17:29] SY: Wow. That is scary.
[00:17:31] KG: It is, but you know what? This is all really scary and of course we’re talking about, you know, the Doomsday kind of scenario, but you know, I work to tell people that we have to be empowered to really strengthen our side and if we just worry about, you know, our own security and if we really pay attention and make these things kind of second nature, then it becomes a part of our life and we don’t even have to think about it the next time.
[00:17:54] SY: Yeah. Okay. So I’m a believer, I’m totally convinced, I need to do better, I need to be more secure. What do I do? Where do I start?
[00:18:03] KG: Yeah. So whenever I have these sessions, whenever I meet people, I always tell them there’s a couple different really simple things that you can do to check and one of them is seeing if you have two-factor authentication in almost all of your accounts and seeing if you really just don’t have this one layer of having your password. Because of course as I mentioned before, what if that gets breached, but also having something on your phone or something going to your voicemail that tells you a different number, adding that layer of security can help so much in building your fortress. And that’s only one thing, you know, thinking about strengthening our passwords themselves. That’s a whole other story, right? Like using all the strategies you’ve probably heard, making it more than eight characters, making it something that isn’t the, you know, top 100 passwords that hackers check, things like that and of course staying safe on public Wi-Fi. I’m always saying that you should just be careful and use a VPN or on your cell phone use your data if possible. So things like that, just thinking about where you’re going, what you’re doing there and even just in your physical space, how does security fit into that.
[00:19:14] SY: So we’ve been talking about cybersecurity from the perspective of a consumer, a user, someone who’s using the internet, but what are your thoughts on cybersecurity as it pertains to developers for people who are building the apps and building the websites? Where does cybersecurity fit in for people who are creating the actual products?
[00:19:36] KG: Oh my gosh, yes. This is so important and actually the fundamental piece that helps consumers be more secure. And really I had the incredible chance to do some work at Apple over the summer and what I could see there and what I really admired about them was that they enforce security and they continue to do so, alongside a lot of the tech companies in the Silicon Valley on this idea of enforcing security through the stages of hardware building and hardware development, not only through the software, because we know that software will have bugs sometimes and software always tends to have some bugs and holes. But one thing that we can do is make sure that we have security measures and security policy that is forward thinking and progressive for these big functioning, high-functioning tech companies. And I think that that is really where it starts, as I said. That’s where if we start enforcing it when the product is built, when the product is developed, then we can start to see that consumers can kind of have more ease of mind, more trust in the product and find their security to be easier. So definitely and a key part of the process to keep the builders in mind.
[00:20:48] SY: What are some things that you’ve seen developers overlook or just don’t think about, don’t think to incorporate that would make the things we build a little bit safer?
[00:21:00] KG: I think there’s a lot of things. I think one thing is thinking about, “How do we balance user interface and great user design and user ability to be flexible with the design with security and with privacy concerns?” And I think that’s something that tech companies are really juggling around right now, like how do we make our user interface beautiful and interactive and engaging but also keep all these security and privacy measures in mind, especially with GDPR which is the General Data Protection Regulation that has just come out in Europe, but has affected United States tech companies greatly. That has been something that they’re juggling around with. And so I think something that we’re still figuring out is, how can we incorporate policy with our need for a progressive technology that impacts the future?”
[00:21:52] SY: Yeah. I’m trying to think about what are some features of most apps where security comes into play? There’s obviously the username and password portion.
[00:22:00] KG: Right. Yeah.
[00:22:02] SY: So I feel like that’s a place where developers can nudge folks in the right direction and kind of help them be more secure.
[00:22:08] KG: For sure. Yeah. Yeah. So I think another place would be when you ask for permissions on things, so permissions to use the maps, permissions to use your contacts. Really thinking about why we’re asking those permissions and for what features, kind of trying to reduce as many permissions that we have to ask because one thing I’ve stressed on the human side is paying attention to what the apps are asking for. And I think the less that these apps ask for, the more attractive it is for users to trust the product and use the product. And if we can achieve this productively efficient state by using the least amount of user data possible, that would be fantastic. And I know in many cases that’s highly unlikelier, likely to be impossible, especially if you think about the Apple Watch or Fitbit or devices like that that use so much consumer data, but trying at its best to make the user have as many controls as possible and also letting them know what permissions is asked for and trying to develop around that I think is a big thing.
[00:23:14] SY: Yeah, because a lot of times we give permission and don’t realize it or we kind of forget about it. The other day I was authenticating something with Twitter and Twitter prompted me and said “Hey, you should review, you know, the list of apps that you’ve given permission to and, you know, make sure that you still would like to do that.” And I don’t remember half these apps at all. You know? There was like 30, yeah, like 40 apps out there and I’m like, “I literally don’t even remember what these apps do.” And if Twitter hadn’t prompted that, you know, if Twitter hadn’t said, “Hey, come look, check and make sure,” I don’t think I would have ever looked at that page.
[00:23:50] KG: Yeah, and I think that brings up another good point of what are these tech companies doing to protect us? And that is really where they create these privacy policies outlining exactly what user data they’re collecting and how they’re collecting it, and what controls that the user has and that’s something that developers should really think about too is creating this kind of manual for what kind of data they’re collecting on their users and sharing that. Being really transparent about it is a key factor.
[00:24:21] SY: Yeah. I think what makes that hard especially for newer developers, but also developers who don’t quite know what they’re looking for in their apps is this idea that “I need to gather all the data because I don’t know what data I’m going to need,” so my default is kind of to have more that I might need just in case because once the data is gone, it’s kind of gone, right? We can’t go back and retroactively collect anything. There’s like this Data FOMO that happens with developers. Yeah. How do you suggest we deal with that or we think about that?
[00:24:55] KG: I think it’s just a matter of thinking about it beforehand and really taking a lot of time to sketch out the exact data you want and what’s the purpose of this data and really thinking about the functionality and the functions that you want your app to have, I think that can really guide the way and I know that’s something I thought a lot about when building some of the apps that I’ve developed in the past just for fun, but that’s definitely something that sketching out, brainstorming beforehand what kind of data that you need and then making sure to be really transparent and stick to that as you develop.
[00:25:31] SY: And I like the point about being transparent too because it’s like the more transparent you are, the more you have to explain yourself, right? So if I know that I have to tell you that I’m collecting your data, then it puts me in a position to go, “Okay, I should have a good reason why I’m collecting this data because Kyla is going to know and she may not be happy with me.” You know, it kind of allows you to filter and focus a little bit more too.
[00:25:54] KG: Totally, totally. And that’s something that I ask some of the people that I talk to as well. I tell them to ask these questions to companies and make sure you’re always asking what is this company doing with my data and that’s something that we could really see when Facebook had this breach of trust, that people were starting to ask those questions and getting the wake-up call that it’s time.
[00:26:15] SY: Coming up next. Kyla tells us how she taught herself cybersecurity, how learning about it has impacted her life and the way she navigates the internet and shares what you can do to learn more about the world of cybersecurity after this.
[00:26:30] Linode is giving you a chance to try their powerful servers built for all your infrastructure needs. They’ve got nine data centers worldwide with new data centers opening this year in India and Canada. Getting started with a shiny new server takes less than one minute so you can get up and running in no time. And you can get a $20 credit by using the promo code CodeNewbie2019. Just go to Linode.com/codenewbie for more info. Link is in your show notes.
[00:27:02] Are you thinking about a career in tech but want to be confident about successfully making that transition? Well, Flatiron School is designed for you. I actually went to school there myself. Flatiron is a global school with in-person and online courses. They audit and publish the outcomes of every single student. And the courses come with a money-back guarantee. If you’re looking for a way to launch a career in tech, check out flatironschool.com. And if you’re in the DC area, join me on March 12 at Flatiron School’s DC campus for a Fireside Chat about the pathways into the tech industry and how to enter successfully. I’d love to meet you. To register, go to flatironschool.com/codenewbiedc. That’s flatironschool.com/codenewbiedc to register.
[00:27:51] DigitalOcean is the easiest way to deploy, manage, and scale your application. Everything about it was built with simplicity at the forefront: setting, deploying, even billing. Their support is amazing. They’ve got hundreds of detailed documents and tutorials. So if it’s your first time deploying an app, they’ve got great tools and community to make it nice and easy. Try DigitalOcean for free by going to DO.co/codenewbie and get $100 in infrastructure credit. Link is in your show notes.
[00:28:20] We’ve talked about open source a bunch of times on this podcast, but frankly, open source is so big and complex and fascinating that it needs its own show, and it has one. It’s called Command Line Heroes. It’s produced by Red Hat and it’s hosted by me. That’s right. I’ve got another tech podcast talking to incredible people about all things open source. We talk about the history of open source, the introduction of DevOps and then DevSecOps, and we even do an interview with the CTO of NASA. And that’s just the beginning. We also dig into cloud and serverless and big data and all those important tech terms you’ve heard of, and we get to explore. If you’re looking for more tech stories to listen to, check it out at redhat.com/commandlineheroes. Link is in your show notes.
[00:29:14] SY: So I want to switch gears and talk a little bit more about you. You have taken this love of cybersecurity, this passion for cybersecurity and you’ve turned it into a company. What’s the company’s name again?
[00:29:25] KG: Yes, so I founded Bits N’ Bytes Cybersecurity, my freshman year.
[00:29:30] SY: Freshman year of high school?
[00:29:31] KG: High school, yes.
[00:29:32] SY: High school. Okay. So tell me a little bit about how this company operates. What does it do? What does it sell? Tell me about that.
[00:29:39] KG: For sure. So basically we have three different avenues which we kind of deal with and spearhead these activities for. And so number one is our speeches and our in-person events and that’s something that we partner with community organizations and different corporations to make sure that we’re catering to the right audiences and bringing them the material that they need. And so in these in-person events, we usually do some sort of station activities or have them really interact with this material or bring in their devices to ask questions or get comfortable with the presentation material and things that I’m talking about them with. And so that is what like the in-person events are for and I think that has really allowed me to connect with so many different folks. So that’s one of my favorite parts. So we have our in-person events and then we also have our blog articles. So we post about bi-weekly now and we post about the trending topics in cybersecurity. So we’ll post about if there’s some sort of legislation that’s passing, we’ll post about a little blurb about what it is and how it affects users and what we can do going forward. And so on the blog articles really allow us to address the facts and the news articles that I was talking about that got me interested in this space. Those address those topics right when we see them and when they catch our eyes. So our blog articles are there for people to always check out anytime. And then we also just do a lot of campaigns on social media. October is actually Cybersecurity Awareness Month and we had the opportunity to do 31 days of cybersecurity, 31 days of tips for people, and so we really just try and interact with students, interact with parents, allow them to follow our hashtags and ask the right questions.
[00:31:25] SY: Who is your primary audience? Is it other students like yourself? Is it big companies? Is it developers? Who are you hoping to inform and educate?
[00:31:37] KG: Actually it’s funny. When I started all of these projects, I really wanted to cater to the youth audience specifically. And I think what I quickly realized is that there are so many vulnerable populations out there that are in need of this education and would benefit from it. So that is why I kind of took a wider look at it and kind of stepped back and looked at, okay, how about if we created programs for youth and also for people in the elderly population, people working, people who are teenagers, people who are just starting to think about this maybe, you know, kindergarteners? So I really stepped back and I took a wider look at who can this really impact and then it soon became having events for youth but also having events for the senior citizens of our community and also the working population of parents with children in this community.
[00:32:29] SY: What happens at these events? What do you do?
[00:32:32] KG: Yeah. So usually these events I do in partnership with an organization. So for example, we’ve done events with IBM in the past, right now we’re starting a partnership with Facebook, which I’m really, really excited about coming up. But so we usually partner with some corporations and then we put together an event based on what resources this organization has to bring and also our resources and we kind of combine our powers and put together speeches, we’ll do tech talks, you know, maybe like a fireside chat with a cybersecurity professional or in the case that it’s just, you know, a regular event, we’ll just have them have the students or whoever is at the event working through the station activities and that’s something they have really enjoyed and has gotten them to be have work in small groups, but still be really interactive and engaged with the material.
[00:33:23] SY: So to put on these workshops, these events, to go out and speak to youth and elderly and different types of people, it requires a level of expertise in the subject matter. How are you, 16, you’re still in school, so I assume you have regular homework to do, you’re running a company, but you’re also an expert in cybersecurity? You’ve leveled up and you’ve absorbed so much information that you’re able to now share it with other people. How did you have the time? Like physically, how did you do that?
[00:33:56] KG: Yeah, it takes a community. I do have an advisory board and they help me with making decisions, with deciding what to do with my partnerships, who to talk to and where to go next for my speeches. So they’re always there, great network, and then also I have my lovely parents who help me a lot with logistical things with traveling and booking things and speaking to partners as much as they can, which is really great. And then I also put in a lot of time on the weekends and after school and cut out some time for this because it is also while it is something that I use to impact the world and something that of course takes my time, it’s something that has become more than my passion project, it’s become a part of my identity. So it’s definitely something that I loved from the start and something that I’m so excited and so thrilled and fortunate to see growing now.
[00:34:49] SY: When you think about your own future and kind of where you want to take your life, and you have time so no pressure, but do you see specifically Bits N’ Bytes as something that you want to grow and develop and build as an adult for many, many years to come or is it a company and activity that is helping people right now and you’ll kind of see where that takes you? How do you see it fitting into your future?
[00:35:14] KG: Yeah. I always want cybersecurity awareness and Bits N’ Bytes, the main message of Bits N’ Bytes to always be a part of my life and it’s definitely going to stay. It’s definitely here to stay and I want to see it grow and I think something that will really help with that is another part of what we do is we’ve developed this curriculum that we can share to partners and share with people that I can work remotely and not have to travel so much for each partnership, which makes it really, really, really great for these partners as well who have full access to my resources and my open sourced materials and can readily use them for their sessions and stations, which is really exciting and something that is has actually been implemented in Puerto Rico and it is being implemented in Seattle this weekend. So that’s something that has really helped me kind of stay on top of things.
[00:36:06] SY: Yeah.
[00:36:06] KG: I definitely want to grow in terms of being a cybersecurity professional. There’s always things to learn, always people to learn from, and I think one of those special things is I have the ability now and the network now to do that and I think that’s really special that I can become and grow and flourish as this professional in the industry.
[00:36:26] SY: How do you personally learn about cybersecurity? You know, I assume you learned some stuff from your parents, but you personally when you think about building your own expertise and staying on top of things, where does that self-education come from?
[00:36:39] KG: Actually, in fact, my mom is actually in pharmaceutic, in the pharmaceutical industry as well. So she works in biochemistry. That’s her expertise and then my dad primarily works in accounting. So definitely I get influences from them and then also just reading so much online from magazines, from the blogs, the amazing cybersecurity blogs that are out there right now. I love Naked Security. That’s a really great one. There’s Heimdal Security blog which I used to read all the time. So there’s these really great people and professionals online that have influenced me and also just meeting these professionals and getting to talk to them and having conversations about their expertise in and sharing that wealth of knowledge I think is so important. And something that I’ve been doing a lot actually recently like this past summer when I was out in California I had the opportunity to chat with Parisa Tabriz, who’s the Google Security Princess. And so yeah. Yeah. So having these incredible conversations with people like Parisa who… Parisa is, you know, like this queen of cybersecurity.
[00:37:46] SY: She’s amazing.
[00:37:47] KG: I know. I’ve been looking up to her ever since I started. So having these conversations, meeting these people, reading, and being aware and keeping my eyes always on the news and always reading headlines, I think, has kept me on my feet all the time.
[00:38:03] SY: How has it impacted your personal life the way that you navigate the internet and use apps and products? How has this knowledge impacted you and how you how you walk the world of the internet?
[00:38:16] KG: I think by learning more about security and by getting this deep in this project, I’ve really gained a sense of what I was saying before, security becoming second nature to me. And that’s something I think has been one of the most, I guess, like hilarious and crazy things to think about in my life that like before as a young person nobody was really there teaching me about these security things. And now that I’m learning them, I’m kind of like a sponge absorbing all this information and then seeing it implemented in my life, it’s crazy. But I do take the security precautions and the measures that I preach about. So I am really careful about that and then also just making sure that I’m always aware of something that has happened after Bits N’ Bytes was created was that whenever I see some news or something about cybersecurity, I want to share it as soon as possible because I know that it’s not only about my life anymore, it’s about sharing these preventive measures so that the society can benefit from them and sharing them through all the avenues I have and the platform that I have at any point has always been important to me.
[00:39:22] SY: Of all the things that you’ve read about, all the things you’ve absorbed, what is the most interesting or the most surprising thing that you’ve learned in the world of cybersecurity?
[00:39:33] KG: So one thing that I recently was told and I actually kind of knew that this was a problem in the industry as well was that only 11 percent of cybersecurity professionals are women.
[00:39:45] SY: Oh, wow! That’s really low.
[00:39:46] KG: Yeah. Yeah. I know. Yeah. And I learned that and it really, really opened my eyes to see like, “Wow, this is an incredible problem,” not only in tech, not only in STEM but even in this in the subsection of cybersecurity, which is greatly, you know, threatening for our future that we don’t have as many women involved as we should. And then after I learned that, I have steered efforts to breaking the glass ceiling and breaking that barrier down and I think that’s definitely one of the, I guess, scariest facts that I learned.
[00:40:20] SY: Yeah. So for folks who hopefully are interested in cybersecurity, they want to learn, they want to maybe put on their own workshops, their own events one day, what advice do you have for them, especially for future developers and folks who are going to be building a lot of the apps and software and websites that we’re going to use? What advice do you have for them to begin leveling up and begin understanding the world of cybersecurity better?
[00:40:45] KG: Step one is just realizing that security is for you, security is for everyone, and that everybody needs security. The next thing I would suggest is just stay aware and stay on top of what’s going on and ask the right questions and be the most aware and vigilant civilian and citizen you can be and do that, you know, civic duty of yours to make sure other people are protected as well. Share when you see something that looks off and something that looks suspicious, you know, just the everyday things that we think about with physical security, start to translate them into cybersecurity. And you know, once we do that, that’s the really key factor that will turn the switch to allowing everyone to realize that they could be a weak link and then strengthening it so that we can build this like strong cyber fortress.
[00:41:37] SY: I love that. I love this idea of pretend it’s physical. You know, you don’t leave your car without locking it, you don’t go to bed without locking your door. You at least close your door. You know, there’s some kind of basic, obvious things that we do all the time when it comes to our physical safety and for some reason online, it just feels different. So if you say “I’m going to pretend that my Twitter and my inbox is physical, it’s a physical mailbox, what would I do? How I would treat it?” I think that’ll help us think about things a little bit differently. Thank you for that. That’s great.
[00:42:03] KG: Yeah, of course. Yes.
[00:42:12] SY: Next. Let’s do some fill in the blanks. Are you ready?
[00:42:15] KG: I am ready.
[00:42:16] SY: Number one, worst advice I’ve ever received is?
[00:42:19] KG: Yes. So I did see this question and I was like I don’t know about the worst advice, but I can give you the worst mindset that I’ve heard. And that is I think a lot of people right now are thinking that young people and Gen Zers are kind of like the lazy generation. And we’re the generation that has all this technology and we rely on these hardware devices to do the work for us. And believing this I think is one of the most dangerous things because I think Gen Z, yes, we do have this technology at our disposal, but that gives us so much more power to amplify and mobilize and unite communities. Using this technology is so cool to see, like the young people right now doing what they’re doing. We are the future and we’re going to be doing loads and loads with technology and beyond and I think thinking that we aren’t is a myth. So I’m here to debunk that.
[00:43:14] SY: I like it. I agree. Number two, my first coding project was about?
[00:43:19] KG: Yeah, my first coding project was actually at the University of Illinois. I went for a camp there when I was in middle school and I had always been doing little things with Scratch and MIT App Inventor, those are kind of the, you know, the drag-and-drop kind of programming things. So what I did was I used Arduino LilyPad and that program software and I used the hardware thing too to develop this kind of this poster billboard and with copper tape and I put together the copper tape to use the LEDs to kind of light up the Chicago Skyline that I had drawn.
[00:43:54] SY: That sounds so pretty.
[00:43:56] KG: Yeah. So it actually turned out a lot better than I initially thought it would. But I put these LEDs on the skyline and then I programmed using the Arduino LilyPad. I programmed the LEDs to kind of light up and do this little pattern dance and then I had these fireworks on top too and I had those light up. So that was really exciting. That was my first coding project just working with, you know, copper tape and LEDs and then a little Arduino.
[00:44:22] SY: That’s a great first coding project. Oh, it’s so pretty. Number three, one thing I wish I knew when I first started to code is?
[00:44:30] KG: One thing I wish I knew was there’s such a large community out here for any type of coder, specifically for me that has been a community of women in technology. And this community I think has really developed who I am. And once I realized that there’s this huge community out here for me that supports my growth and that supports the opportunities and giving these opportunities and making sure this field is equitable for all women, the moment that I realized that it has really opened so many doors for me. And I have to thank NCWIT and some wonderful organizations that are working towards doing that right now and NCWIT is an incredible one. There’s also LeanIn, which is Sheryl Sandberg’s organization, and other ones that are doing great things to make sure that women are leaning in and have a seat at the table. And one thing I love is Bumble, the company, always says this, “Glass ceilings make great dancefloors.” So yeah.
[00:45:26] SY: I love that. Oh, that’s great.
[00:45:28] KG: Yeah. Yeah. I heard that. I was like, “I love this. I’m going to use it.” I think once I figured out that there is a community for me, that I had people that understood me and that people were there when I had questions, when I could ask things without seeming ignorant, I think that was the moment that I realized that this community is so grand, so vast, everybody has this thought of being forward thinking and progressive. I think it’s incredible to think about how many people are there.
[00:45:55] SY: Very cool. Well, thank you so much, Kyla, for talking to us all about cybersecurity and the amazing many things that you do. You’re a very busy lady. I appreciate your time. You want to say goodbye?
[00:46:05] KG: Thank you so much for having me. This has been so fun and I really hope that you guys can learn something and go out there and implement your security. So I’m really happy about that.
[00:46:14] SY: And that’s the end of the episode. Let me know what you think. Tweet me at CodeNewbies or send me an email, firstname.lastname@example.org. For more info on the podcast, check out www.codenewbie.org/podcast and join us for our weekly Twitter chats. We’ve got our Wednesday chats at 9 P.M. Eastern Time and our weekly coding check-in every Sunday at 2 P.M. Eastern Time. Thanks for listening. See you next week.
Thank you to these sponsors for supporting the show!