Security questions by an 8 year old girl

This post is about my conversation with my daughter who asked questions which gave me an opportunity to tell her what I do. A couple of years ago, when my 14 year old niece asked me what I do, I stumbled and explained the best I could. I had to do that without using any jargon like Software Security Architecture, Design, Offensive Security, etc. This time it was different, because my daughter didn’t ask me what I do, but rather was curious about how someone can do bad things to a website. I used this opportunity to explain both Authentication, auditing/monitoring/SIEM works and how intrusions are detected. Whether you work in the security field or not, you can probably use a similar approach to relate your work to something they can understand.

We were having lunch on thanksgiving day and my eight year old daughter started asking questions. Usually her questions revolve around school, what she is learning or things about family & friends. But today she asked me “What if someone tried to do bad things to a website?” Let me share the conversation.

FYI : I will be using Google as a reference here as thats what she is familiar with and uses almost every day.

Her : “What if someone tried to do bad things to a website?”

Mom & Dad : “What do you mean ?”

Her : “mmm.. You know bad things on website?”

Me : “When you invite someone to our home, you know they are invited, your friends or family right. Otherwise they are strangers i.e intruders. The same way when people go to a website, they should be known otherwise they are intruders”.

Mom jumps into this conversation: “No one can just do anything on a website. You know you have username and password for your google docs, right? The same way, everyone needs to have a username and password to go to their account on a website.”

Here I was thinking may be I can use this time to explain to her what I do and something about security.

Me : “You know what I used to do at Oracle and GE? ”

Her : “Something like stop the bad buys from doing bad things”

Me : “Oh well, I told you that when you were four years old. I can tell you more. “

Her: “Okay!… with a typical OooKayyy sound”. :)

Me : “I help stop the bad guys from coming into websites”

Her: “How?”

Me: “Do you see we have doors and locks in the house. They are there to stop bad guys from coming inside the house. Just like how you use a username and password to go to your google docs (she adds google slides and google sheets as well).”

Her : “mm.. what if someone breaks into the house?”

Me, thinking how I can relate these two: “See we have this ADT Security that beeps when someone opens the door without disabling the code?”.

Her :”Yes..”

Me: “ The same way I help build alarms. (Technical term logs, SIEM for those who are wondering what this is.”

Her : “How do alarms work?”

At this point I am full of smiles that my daughter is asking questions related to my work and I can explain in a way she understands. I give her a “High Five”.

Me: “Companies know when bad guys come in. See when you login to google docs and your cousin tried to login with your password from CT, google knows that there can’t be two of you using same username and password at the same time from two different states, and they know something is wrong”.

Her : “ You mean like a fingerprint?”

Me : “Awesome. Yes just like we have fingerprints that are unique, when you go online there are things that can be used to find out who is using the website from where, what time, etc.”.

Her : “How?”

Me : “See we live in XYZ Street and House number 1234. House number identifies where we live in the street. Street tells where we are, and then city and state. Same way each computer has a MAC Address — a unique number and when you go online, you also get an address (I did say IP Address not sure how much she got that). This way companies can tell if you are coming from your home in CA or from the intruder’s in CT.”

Her : “What if both of us didn’t login at the same time?”

Me : “Man.. you are on a roll here today. That’s an excellent question. Even when you are not online at the same time, companies know where you are coming from generally and if anything different happens, they can let you know.”

Her : “Okay… . but what if the bad guys hide and can’t be found?”

Me : “mmm .. good question. Bad guys will eventually be found. Sometimes it might take time but they will be found.”

Her : “ Okay ..but..”

Me : “ Alright, lets finish lunch and we can talk more later. Good questions though! I loved it.”

Her : She smiles her usual smile (one that usually melts my heart and she can get away with anything).

That was one interesting conversation with my daughter today (11/23/2017). I liked the way she asked questions and I tried to explain by relating to every day things she knows so she can understand better.

My 2 cents is, as we all gather around dinner table for this holiday season or in general, don’t try too hard to tell friends and family what you are doing. Just relate to common things and try to make it simple and generate some interest.

Related posts:

First released 2015 with Microsoft Windows 10, Microsoft recently (Jan, 2020) released a major upgrade to the Edge. Unlike the previous versions, latest edge would run on Blink and V8 engine. So in…

No matter how much you love someone, there comes a time when that person begins to lose their appeal. Once upon a time, you could have taken a bullet for this girl, but now you are the one pointing…

2019 will go down as the year that marks the beginning of the 21st century. Just as the First World War in 1914 marked the historic beginning of the 20th century, the Corona pandemic marks a new era…