Recently, I presented at the BSides Ottawa security conference on the topic of using “Games” vs. “Simulations” for gamified cybersecurity eLearning programs. This event had over 500 security professionals and two days of activities and presentations.

In my session, I noted the subtle differences between what I call “learning games” and “simulations”. “Learning games” are small game modules that teach you simple rules through easy repetition of fun activities. On the other hand, “simulations” are more contextual challenges that put you into a recognizable activity, where you make decisions that are similar to what you might need to make in your job. So, simulations are good for assessing proficiency,  much like “aircraft simulators” are used to check pilots’ skills on a regular basis.

In this talk, I used real-time polls to gather information from the audience. Here are two interesting results…

What percentage of people in my presentation to security professionals identified themselves as gamers? (The graph below shows 42% said they played games occasionally, and another 38% said they played games a lot.)

What was the word attendees would use to best describe their perception of “gamification”? (The “word cloud” below shows a lot of interesting perceptions of gamification.)

These responses suggest that quite a few security professionals know a fair bit about gaming, and most have a positive view about using “Gamification”. While not all respondents had a positive impression of gamification, the most common response was “Engaging”.

I also ran a contest during this session to make a game out of how much information people remembered from my presentation. The resulting competition was a lot of fun, and did get people “engaged”. Games and gamification are powerful tools for education.

Do you think we can use information like this to promote the use of gamification in cybersecurity awareness in your organization? We’d love to hear your thoughts.