From cyberbullying and privacy concerns to malicious content and online predators, today’s digital world presents significant challenges to children and teenagers. Many lack the knowledge to navigate these risks, and often, their parents and teachers — who didn’t grow up in the same digital age — struggle to provide adequate guidance.
Recognising this gap, the Croatian Academic and Research Network, CARNET, has launched two innovative cybersecurity initiatives: Cybersecurity Ninja and Hacknite. These aim to educate and empower young people to protect themselves online, while also upskilling parents and teachers, and fostering interest in cybersecurity careers.
Vlatka Jajetić, Head of Cybersecurity Incident Handling and Security Management Division, and Marina Dimić Vugec, Head of Cybersecurity Awareness Education Department in CARNET’s National CERT, explain how these initiatives work, their impact, and what they’ve learned about successful security awareness for children and teens.
Cybersecurity Ninja: Educating children and adults
The Cybersecurity Ninja project uses a gamified approach to teach students aged 10 and up how to behave securely online, and why it matters. It also educates parents and teachers about the specific cybersecurity challenges children face, and how to help them mitigate these and deal with incidents.
Cybersecurity Ninja is Vlatka’s brainchild: as a U.S. International Visitors Leadership Program (IVLP) alumna, she successfully applied for IVLP Impact Award project funding by the U.S. Department of State’s Bureau of Educational and Cultural Affairs.
In 2023, Vlatka and her colleagues held 10 Cybersecurity Ninja workshops across five cities for over 380 participants. Half the workshops were for children and half for parents and teachers, with each designed to meet these groups’ distinct needs.
“We used gamification to cover topics of interest to the children. These include threats within video game platforms and social media, how to talk to their peers online, the risks of talking to strangers, and basic cyber hygiene like safe passwords,” Vlatka explains. “We also discussed their digital footprint and how it can affect their future, because it’s not erasable.”
A strong hands-on component helped make the lessons memorable and fun.
“We got students to compete for prizes by creating the strongest password. This interactive approach was very successful — they were really engaged, and I believe they’ll now remember to use stronger passwords in the future.”
For parents and teachers, the project took a train-the-trainers approach. “We taught them to understand the cybersecurity challenges that children face, and how they can help them. This included their own behaviour — we shared examples of the dangers of parents oversharing details about their children online.”
After the workshops, a panel discussion was held featuring prominent Croatian cybersecurity experts with experience working with children. This event aimed to showcase the outcomes of the Cybersecurity Ninja project, inspire companies to launch similar initiatives and encourage experts to become role models for future generations of cybersecurity professionals.
Challenges in teaching cybersecurity to children
Teaching cybersecurity to children presents unique challenges. Vlatka notes that many are not fully aware of the dangers lurking online or the consequences of their own behaviour.
“Children often don’t understand that their behaviour online can affect others. They hide behind screens, sometimes saying mean things that they wouldn’t say in person.”
“They also don’t realise that a person can be pretending to be someone else,” Vlatka says. “We’ve had several cases where children met someone they’d thought was their peer online — but it was actually an adult.”
Social media presents another significant risk. Dangerous trends and idealised images on platforms like TikTok have been linked to depression and, in some tragic cases, suicide.
“There have been some very sad cases in Croatia where children died by suicide, possibly unintentionally, as a result of TikTok challenges.”
To help young people navigate these risks, Vlatka believes it’s essential to begin security awareness education early in life. “We live in a digital age where children are faced with technology at a very young age. So we should start cybersecurity education in preschool.”
However, this isn’t common practice yet, and there is still a significant generational gap between tech-savvy children and their less digitally aware parents and teachers.
“Parents today didn’t grow up with the same technology. So they’re unaware of the threats online and don’t know how to teach their children to be safer online.”
Hacknite: inspiring the next generation of cybersecurity experts
While the Cybersecurity Ninja project focuses on early education, Hacknite targets teenagers with an interest in cybersecurity.
Hacknite is an annual competition that uses a capture-the-flag format to engage high school students in tackling cybersecurity challenges, testing both their skills and teamwork. Marina explains that the name Hacknite was inspired by popular gaming culture: “We wanted to combine the concepts of Fortnite and hacking.”
The first competition in 2020 attracted over 150 students, well above initial expectations — and it kept on growing. “It was a huge success from the start. More than 1,000 students have participated over the past four years.”
Feedback from students has been overwhelmingly positive. Many return year after year, motivated by the challenge itself rather than prizes, Marina says.
“Students’ motivation for participating in Hacknite is intrinsic — they are driven by a genuine interest in cybersecurity, not by rewards.”
Hacknite has spawned a community of students who stay in touch via platforms like Discord, continuing to engage with cybersecurity challenges throughout the year.
Building a career pipeline through Hacknite
One of Hacknite’s most exciting — and unanticipated — outcomes is its role in building a pipeline for future cybersecurity professionals. In response to demand, CARNET expanded the competition to include a university-level version.
“Students asked us, ‘What now? We want to continue after Hacknite.’ So we created a platform for them to continue developing their skills,” Marina explains.
Supported by both educational institutions and the private sector, this pipeline offers students a clear path towards cybersecurity careers while also addressing the growing demand for professionals in the field.
Businesses have recognised the value of this programme and are eager to tap into the talent pool it creates. “Private sector companies are very involved, providing experts to share their knowhow and even considering students for future roles in their organisations.”
Lessons learned and future directions
Both Cybersecurity Ninja and Hacknite have taught the organisers valuable lessons, particularly around the need for more comprehensive security education in schools. While there are some efforts underway in Croatia, Vlatka believes they are not yet sufficient.
“The biggest lesson learned is that cybersecurity needs to be part of the national curriculum, not just something teachers do if they’re ambitious. This would also be in line with the Digital Education Action Plan 2021–2027, which promotes the integration of cybersecurity education in schools and advocates for teacher training in this area.”
Another key lesson learned is the need for better training and support for teachers. “We need teachers to act as mentors to build Hacknite teams and prepare students for the competition,” Marina explains. However, many teachers feel underprepared for this, especially teaching technical security skills.
“We can’t expect teachers to have the skills and knowledge to teach cybersecurity to children who are already more digitally advanced than them. We need to equip teachers with the right tools and training.”
To address this, CARNET is launching several new projects, co-created with teachers, to build their capacity to teach and mentor students in cybersecurity skills. Teacher engagement has now become a cornerstone of their strategy.
Building a global model
Marina and Vlatka believe that these initiatives can serve as models for other countries looking to improve cybersecurity education for children and teenagers — an area gaining increasing international attention. The success of Cybersecurity Ninja and Hacknite demonstrates the power of engaging children, teachers, and parents in fun and meaningful ways.
“Not just in Croatia, but globally, there’s now a real focus on the need to talk more about online safety, protecting privacy, and cyberbullying on social platforms children use, like TikTok and Snapchat,” Marina says.
For anyone looking to implement similar projects, Marina offers this advice: “Listen to young people because they have real and concrete goals. Support them and value their motivation — they just need the opportunity to build their own community and find their peers who are also cybersecurity enthusiasts.”
Wrapping up: Gamify and conquer
From cyberbullying to stranger danger and the digital generational gap, creating security awareness initiatives for children and teenagers presents unique challenges. Through innovative projects like Cybersecurity Ninja and Hacknite, Croatia is not only improving cybersecurity skills in its younger generation, but also generating valuable evidence and insights into how to do so effectively.
Turning cybersecurity awareness into a game or challenge is key to the success of both projects — interactive fun is engaging and memorable in a way that dry theory and abstract explanations can’t match.
As these initiatives evolve, they are helping to build a safer online environment while also nurturing a new generation of cybersecurity experts ready to tackle tomorrow’s challenges.
About Vlatka Jajetić
Vlatka Jajetić got involved in cybersecurity as bachelor student and has been working in the field ever since. During her eight years at Croatia’s CERT, she has developed knowledge of log analysis and use of open-source security tools, and focused on cooperation with various entities through cybersecurity working groups. Vlatka also participates in cybersecurity awareness-raising activities and other day-to-day operations related to preserving cybersecurity in Croatia.
About Marina Dimić Vugec
Marina Dimić Vugec started working in Croatia’s national CERT seven years ago, playing a key role in designing Veliki hrvatski naivci (Great Croatian Naifs), the first national campaign to raise cybersecurity awareness. She is passionate about deepening her cybersecurity knowledge and dedicated to making the subject more accessible and understandable for wider audiences.
Also this year GÉANT joins the European Cyber Security Month, with the campaign ‘Your brain is the first line of defence‘. Read articles from cyber security experts within our community, watch the videos, and download campaign resources on connect.geant.org/csm24
