Engaging Employees With Gamified Learning

Hackathons, bug bounties, and Capture-The-Flags (CTFs) are, by now, familiar to many information security professionals. They’re fun opportunities to demonstrate, challenge, and grow technical skills. At the same time, these events pose a more daunting picture to those attempting to break in to cybersecurity. They want to participate - these cyber challenges seem like fun - but they don’t feel they belong with the “elite hackers” huddled over computers in hushed conference rooms.

But they do belong there. All they need to know is how to play the game, and the best way to learn is to start playing.

Unfortunately, though, that’s not the way we think about learning. Broadly speaking, the American education system classroom structure has largely remained unchanged since the late 1800s. One source of knowledge (the teacher) is tasked with transmitting a standard set of information (the curriculum) to a large group of learners (the students).

It is efficient, if you ignore the facts: different people learn differently; retention rarely lasts beyond the exam; and curriculum designed for the average student will slow down some students and be out of reach for others. Plus, it can be pretty boring.

When it comes to meeting the increasing demand for cybersecurity talent, it is clear we need methods of instruction that are both efficient and effective. And that’s why we use games.

Nearly every culture has games; in fact, play is a main learning mechanism for species across the animal kingdom. From hangman to hopscotch, Catan to Call of Duty, there’s a game out there for just about every cognitive skillset - including cybersecurity.

Games set a goal for players, barriers to achieving that goal, and rules for how those barriers can be overcome. They are fun, engaging, and immersive. The best ones tap into a person's desire to achieve on their own, even if the game itself requires multiple people.

If you’ve ever gotten better at a game by playing it, that itself is evidence of learning. But researchers, too, have shown that certain types of video games can increase neuroplasticity and response times. And those aren’t even games designed for teaching. When games are developed with the intention of conveying information and/or teaching skills - like teamwork, problem solving, creativity, media literacy - they can be highly effective and genuinely enjoyable learning experiences, as educator and game designer Karen Schrier proved with her augmented reality game on the Battle of Lexington.

If games work for teaching history, as well as critical 21st century skills, could they work for teaching cybersecurity?

The answer is a resounding ‘Yes.’

Employees want to work for companies that invest in them. Training and education is one of the best ways to do that, but all too often, access to webinars, e-libaries, and videos are left underutilized. They are not immersive, not fun, and, for many, not very effective, merely digital replicas of the Victorian model of education. But with challenges and games, employees are engaged and learning, which is good for them and good for their employers.

So, let’s play a game.