The Benefits of Gamified Learning in Cybersecurity
Gamified learning is a teaching method capturing the attention of more than just university professors and instructors. This engaging technique is being applied to cybersecurity training of professionals and is growing in popularity due to successes in retention, comprehension, and overall engagement. But why does this gamified learning method work so well and what does it mean for the future of cybersecurity professionals tasked with keeping companies safe from adversaries?
The cybersecurity industry has taken note of the learning retention that a traditional, classroom-style approach yields. In actuality, students forget...
- 40 percent of what they’ve learned after 20 minutes
- Between 50 and 80 percent of what they’ve learned after one day
- 77 percent of what they’ve learned after six days
- 90 percent of what they’ve learned after one month
Limited retention is driven by the minimal opportunities in lecture-based learning for students to proactively solve problems, think critically, and analyze material. Instead, they memorize concepts to pass the tests, without truly understanding the application to real-world situations. The result is often students who are disengaged, disempowered, and unmotivated. In the cyber training arena, this also can mean students are not building the best cyber abilities or critical thinking skills they need.
Gamified learning is an active learning approach that teaches techniques through the use of video game-style activities. For cyber skills training, the learning exercises occur in virtual environments called cyber ranges. Cyber range training can engage an individual or a team in critical thinking and problem solving. When used within a gamified environment including a little healthy competition with scoring and leaderboards, as well as digital badges for successes, and even completing work role certification, students not only perform better, they retain more knowledge. When professionals use gamified training platforms, they are more engaged, empowered, excited, and possess deep, conceptual understandings of topics learned.
Active learning involves collaborating with teams and applying concepts to real-world exercises and scenarios, which improves retention rates to 75 percent, compared to 5 percent through traditional learning methods. In fact, the use of “discover learning” or practicing-by-doing, is one of the most effective methods of learning because it engages multiple senses in the learning process. This encourages professionals to apply what they’ve learned and use hands-on applications that promote a deeper understanding. This results in a more in-depth comprehension of the material, and greater cognitive retention.
In gamified cyber learning environments, professionals typically are:
- Rewarded for good behavior
- Incentivized to maintain good behavior
- Encouraged to dialogue about their lessons learned with peers
- Reminded of what they don’t yet know and held accountable
- Engaged in their progress, thanks to leaderboards
- Prepared to participate in simulated threat situations that further prepare them when real-world attacks occur in the workplace
To go one step further, I believe gamification is the natural, logical step in training the next-gen learner (born after 1980), who has never known a world without video games and understands game logic very well. Unlike many current teaching methods, gamified teaching engages trainees through modern learning strategies. It works by deploying connected, interactive, social settings and communities that allow learners to excel in competitive, strategic situations. It also enables learners to apply what they know to simulated environments or “worlds,” creating a natural flow that keeps learners engaged and focused. Organizations that offer gamified exercises to cyber teams report that 96 percent of workers see benefits, including increased awareness of weaknesses, knowledge of how breaches occur, improved teamwork and response times, and enhanced self-efficiency.
Active, gamified cyber learning is only effective if trainees apply concepts learned to real-world scenarios. For this reason, cybersecurity leaders are encouraged to measure the effectiveness of training efforts through regular cyber exercises and assessments to determine which employees may still pose a risk to the overall security posture of the organization. Using a gamified cyber learning platform, these exercises and assessments can yield a great deal of data for CISOs and security managers.
The Time Is Now
Why is this new method of training needed for the cybersecurity industry? Currently there is an undeniable job shortage in the industry. Without proper cyber training and skills development, professionals can’t keep pace with evolving cyber threats, causing teams, organizations, and companies to succumb to hacker attacks. According to a recent ESG/ISSA study, 70 percent of cybersecurity professionals claimed their organization was impacted by the cybersecurity skills shortage, with ramifications such as an increasing staff workload, hiring and training junior personnel rather than experienced professionals, and situations where teams spend most of their time dealing with emergency issues, leaving little time for training, planning, strategy, etc.
If gamified learning sounds interesting for your cybersecurity strategy, take some time to reflect on how your company’s efforts in training staff work today and see if your organization could benefit from using gamified cybersecurity training.
Keenan Skelly is VP of Global Partnerships and Security Evangelist at Circadence, a market leader in next-generation cybersecurity readiness. The firm offers cyber range solutions and cybersecurity learning platforms, running on Microsoft Azure, that leverage artificial intelligence and custom content to address critical security challenges for enterprise, government and academic institutions. Skelly has more than 20 years of experience providing security and management solutions across a wide array of platforms to include personnel, physical, and cybersecurity. She brings more than 10 years of government service with a focus on National Security. Skelly served in the U.S. Army as an Explosive Ordnance Disposal Technician and went on to work for the Department of Homeland Security, where she served as Chief for Comprehensive Reviews in the Office for Infrastructure Protection. To learn more about cybersecurity training with Circadence using its Project Ares solution, visit: www.circadence.com.