Skip to Content

Cyber enthusiasts, my RSA 2020 submission: Humans, evolution of games, and how to teach cybersecurity to grandpa

Many information security professionals are often surprised by how little people outside the community (and in some cases, within the herd,) know about the space. With a little introspection, we may quickly see how we are part of the problem and what we can do to change things. The thing we tend to miss is that not everyone has the same technical literacy, however, a good fraction is reasonably smart enough to understand important concepts and almost everyone, loves to play!

We can use this to make the world reasonably secure and we need to start by training the weakest link, the human. Think of grandpa (or grandma)!

But why do they love to play? Can we use this natural drive to help everyone learn?
How did games evolve? More importantly, what aspects from the gaming world overlap with cybersecurity?
This highly interactive session begins by teasing the audience about two innate human needs, learning and recreation, followed by a brief history of gaming.

Next, it dives into relevant genres of popular games and their overlapping concepts as these relate to the cybersecurity world. For instance, can you guess the ‘crown jewel’ in chess? Can you leverage the game mechanics to introduce the concept of a firewall to grandparents?

Using game design principles, this workshop invites the audience to design one in real-time. The end goal is to help the group rethink what effective cybersecurity awareness and training could look like. To help the engagement and get the audience started, a basic game design is pre-setup using the red team – blue team framework and a diluted version of the cyber kill chain. Blank cards, boards and stationary will be provided, and the audience will be asked to design a game that explains the basic attack and defense mechanisms to anyone, ideally grandpa.

The group will be split into smaller teams, each to design three basic elements of the game, viz., awareness cards, gameplay rules, and winning criteria. The audience is also encouraged to be creative and create their own unique path using the basic concepts and tools of game design they just learned. If time permits, the teams can even present their newly designed games, ask questions to other teams and improvise the ease of spreading cyber awareness through a game.

The best part is that they get to go home, with a game they designed! I, perhaps, have the right geeky (and quirky) mix of experience in learning, tutoring, board gaming and cybersecurity experience to run this.

Syndicate content

blog | by Dr. Radut