Cybersecurity demands are evident, with a singular fault resulting in cataclysmal consequences. Given the rapidly growing nature of cybersecurity and its ever-evolving threats, remaining up-to-date can be a challenge. This causes bottlenecks in the traditional education system, as it is not structured in a way conducive to these concerns. But what if learning how to defend against threats was more like playing an immersive video game? Associate Professor Ersin Dincelli is doing away with textbooks and turning cybersecurity education into an interactive storytelling experience at the CU Denver Business School.
“Most people tune out when they see technical jargon and coding,” says Dincelli. “So, we are incorporating gamification elements, such as quests, storytelling, and progression, to turn cybersecurity training into a narrative journey that fully engages students.”
Dincelli’s project, titled “A Gamified Education Platform for Story-Driven Educational Hacking Games to Attract Generation Z to the Cyber Workforce,” received $299,962 in federal funding from the National Science Foundation’s (NSF) Early-concept Grants for Exploratory Research (EAGER) program. In Dincelli’s educational video game, students are not just passive recipients of information. They become the protagonists gathering intelligence and, most importantly – choosing what to do with those findings. Do you report the corrupt politician to the authorities and emerge as a “white hat” hero? Or exploit the situation for personal gain as a “black hat” criminal? Or disclose the information publicly and become a “hacktivist”? The gamified approach not only counts for an immersive experience for students but also allows students to explore various consequences in cyberspace based on the situation they plunge into and the outcomes derived from it.
“There is no right or wrong answer because each decision path is a learning opportunity,” explains Dincelli. “Students experience first-hand how using cybersecurity skills unethically can lead to legal consequences and ruined reputations within a safe virtual environment. This experiential learning method not only highlights the importance of ethical behaviour but also equips students with the skills to effectively handle real-world scenarios using actual cybersecurity tools.”
Beyond being fun and immersive, this gamified approach debates the stereotype that cybersecurity is a highly technical field only for coding wizards and tech prodigies. From visual arts to self-taught coders, Dincelli is confident that cybersecurity is accessible to anyone willing to learn, regardless of their demographic or educational background.
“Millions of cybersecurity professionals are needed globally to close the workforce gap. Factors such as gender, race, ethnicity, socioeconomic status, and educational attainment deter young people from pursuing cybersecurity careers. Current perceptions and the lack of diversity in the field suggest an under-tapped demographic for recruitment,” he says. “By using innovative pedagogical methods to overcome stereotypes and make cybersecurity education more enjoyable and accessible, we show people of all backgrounds that they have what it takes to become the cyber defenders of the future.”
Looking toward the future, it is evident that innovations such as gamification will likely overshadow traditional educational strategies. In doing so, subjects such as cybersecurity that have been gatekept and reserved for a select few can now be accessed by a wide range of people eager to break into their industry of choice.