Some personal news

A few years ago, I heard an idea that seemed so crazy that it just might work: because so passwords had become so easy to crack and subvert, it was safer for me to not know my passwords than to be able to actually remember them. This idea was put forth by the makers of a thing called a password manager, and I was so intrigued by it that I had to try one. After a long and epic romance of four years with the keeper of all of my most important internet secrets (my passwords!), I’m stupendously excited to share that I am finally making it official with my boo who started it all…  at the end of August, I’ll be joining AgileBits as chief hype girl security evangelist for 1Password, my most favorite software in the world. Continue reading “Some personal news”

Another Student Data Privacy Act That Doesn’t Protect Student Data or Privacy

This weekend, the New York Times published a story mentioning the Obama administration’s focus on online privacy and security. As part of their initiative… the administration intends to introduce and pass legislation about breach notification and student data security. 

From the NYT: 

“The president will also propose the Student Data Privacy Act, which would prohibit technology firms from profiting from information collected in schools as teachers adopt tablets, online services and Internet-connected software, officials said. And he will announce voluntary agreements by companies to safeguard home energy data and to provide easy access to credit scores as an “early warning system” for identity theft.”

The story mentions that this a reaction to the industry’s attempt to self-regulate with a privacy pledge this past October, and that the legislation which will be similar to California’s SOPIPA, which prohibits targeting students with online marketing and advertising, selling student information, profiling students based on data collected, and requiring companies to put security measures in place to protect student data. (While security measures are required to protect student data, SOPIPA set no bare minimum security standards for education technology companies, and did not require companies to disclose their security measures to users.) Continue reading “Another Student Data Privacy Act That Doesn’t Protect Student Data or Privacy”

How to Teach Computer Security Skills

This piece was originally published here by Educating Modern Learners.

With increasing adoption of computer technologies, schools must do a better job addressing two important issues: privacy and security. Here, education security advocate Jessy Irwin offers some first steps in learning about security. And this isn’t just a lesson for students — it’s for teachers and school leaders and parents as well. 

If digital citizens have learned anything from the web in 2014, it is that this year is the year of the hacker. While malicious black hat hackers compromised hundreds of millions of accounts across the web, their ethical, white hat counterparts uncovered code flaws like Heartbleed and Shellshock that weakened parts of the critical infrastructure of the web. In this new web order, the question is no longer “if” you will be hacked on the web, but “when.” In many schools, the primary goal of digital literacy education is to give students the skills they need to find, remix and create content on the ever-expanding worldwide web. In the quest to unlock the potential of the web and its troves of boundless content for learners, however, many educators overlook the weakest aspect of digital literacy for the average web user: security. Continue reading “How to Teach Computer Security Skills”

On Resolutions: Two Lists that Changed My Life

As a rule, I tend to avoid writing about myself in public— but some rules are meant to be broken. As 2014 draws to a close, I couldn’t help but write about what has been the absolute best and most favorite year of my life.

For most of my life, I’ve failed miserably at New Years Resolutions. There was the year when I got all excited (with a million other people) about learning how to code… and ended up being a Codecademy dropout in no time. There was another year where I was going to get back into running again but, … surprise! It’s actually really hard to get motivated to wake up early when you are a night owl and run through the pain of shin splints and past injuries in the frigid, icy cold of winter. Frustrated with my history of failed resolutions (we only really keep to them for about 6 weeks anyway), last year I decided to forego the tradition of setting myself up for failure for the first couple of months of a new year and try something entirely new.

Instead of making resolutions, I decided to make a list. Continue reading “On Resolutions: Two Lists that Changed My Life”

On #edsec: Education’s massive security problem

Dinosaurs are a very important part of the security conference experience.
Dinosaurs: a very important part of the security conference experience.

A few months ago, I gave a talk at BSidesLV on the state of security in education technology. My talk, #edsec: Hacking for Education isn’t a hacker talk in the truest of senses— I had no l33t, sophisticated hacks to show off, no beautiful backdoors into well-maintained code to make my point. Instead, I went the route of discussing the lack of security standards, the dire state of security awareness among educators, the deplorable state of school infrastructure, and the security-averse attitude of developers within education technology .

I should have written this post months ago— I am thankful for alot of people who helped me get through my first-ever talk at a national conference— but I’ve been struggling to overcome an awful, awful feeling that in the pit of my stomach after I finished my week away at hacker summer camp. After being surrounded by people who discussed securing the critical infrastructures that make our web work, protecting medical devices from attack, and preparing for the Internet of Things that is to come, I realized that I didn’t go far enough.  Continue reading “On #edsec: Education’s massive security problem”

A rant: Twitter, your 2-factor Authentication Sucks, or Why #Brands Get Hacked On Twitter

For the past six years, I’ve worked in online marketing. As such, I have been the holder of ALL the keys to the social media accounts for many brands I have worked for and worked with in the Silicon Valley and beyond. My biggest nightmare as the holder of the keys is waking up in the morning to find my company on the frontpage of Mashable as the latest of the #brands (I mean that hashtag ironically) who had a social media account hacked via phishing, spearphishing, or something worse. To prevent the worst from happening, I’ve implemented a variety of multi-layered security strategies over the past few years  to protect myself and my brand’s self to foil any attempts of account takeover.

Today, I logged in to my brand account to reconfigure one of these layers of security on Twitter. When I finally got to the spot in account settings where I can enable 2-factor authentication, however, I was informed that Twitter only allows use of 2factor authentication with one phone number.

Thanks, Twitter but no: THIS IS NOT OKAY. Continue reading “A rant: Twitter, your 2-factor Authentication Sucks, or Why #Brands Get Hacked On Twitter”