August 2018
Issue Map
TD Magazine

Play to Protect

Wednesday, August 1, 2018

Game-based training benefits cybersecurity.

From small businesses to large conglomerates, all modern organizations deal with cybersecurity. And according to Winning the Game, a recent McAfee study that surveyed more than 950 cybersecurity managers and professionals, 93 percent of people working in the industry believe the complexity of threats they face will increase over the next year.


To prepare, some companies have had success with game-based training. The study reports that four in 10 cybersecurity professionals say their organizations already hold some type of game-based exercise at least once a year, and 96 percent of those who do have such exercises say they have seen benefits. The most common of these include awareness and knowledge among IT staff of how breaches can occur, how to avoid becoming a victim of a breach, and how to best react to a breach.

Learning professionals who want to use games to help develop their organizations' cybersecurity teams have many options, but two that the report highlights are tabletop exercises and capture the flag.

Not sure where to start? According to Grant Bourzikas, chief information security officer at McAfee and vice president of McAfee labs, the exercise you should use depends on your organization's maturity.


He suggests beginning with tabletop exercises, which walk teams through different scenarios. "These are great for evaluating your thought process and measuring how long it takes your team to come to a decision," he says. "For example, you might begin with the whole organization getting phished, and after your team decides to block the email, you can see how quickly it decides to take action on the machines that were infiltrated."

Once your team masters the decision-making process, Bourzikas recommends moving on to games such as capture the flag, which involves having teams alternate between attacking and defending. These activities can develop execution and readiness. "You can set up a demo environment and run what's called a 'sanctioned' attack, when your team knows something is coming," he explains, "or you can do an 'unsanctioned' exercise, when you don't warn the defenders."

About the Author

Alex Moore is a research analyst for the Association for Talent Development. Alex returned to ATD in 2019 after spending a year living and working in Chile. Prior to moving abroad, Alex was a writer/editor for ATD working on TD magazine, a research coordinator at ATD, and a customer care advocate at ATD. He graduated from Virginia Tech in 2015 with a B.A. in English.

Be the first to comment
Sign In to Post a Comment
Sorry! Something went wrong on our end. Please try again later.