Gamification for the Greater Good: Why We Need More Diverse Learning Approaches for the Workforce

“Gamification” is a term that has been popularized by the modern cultural and consumer demand of video games. It is the application of design elements (e.g. leaderboards, scoring, points) to an activity or set of activities, made popular by video games. Today, it has made its way into software programs as a way to increase engagement and productivity. Yet when we think about gamification today, we don’t generally think of its application in educational settings, let alone in the business world. After all, when was the last time Ubisoft had a press conference about how gamified Assassin’s Creed is? So what are we talking about? We’re talking about the challenge of engaging adults in professional training and development while being sensitive to their learning preferences. The reality is, it’s hard to get adult learners excited to go back to the classroom to learn something for their job. But there exists a potential for gamification to lower the barriers to learning for adults. Today’s professionals are a prime target for using gamification in a more meaningful way—to break through the “sheer fun and games” if you will, and leverage gamified elements for a greater, more significant purpose. Gamification is really all about education, and it’s alleviating the age-old struggle of how to teach effectively and remain relevant.

Before breaking down the benefits of gamification in learning, let’s review more common learning approaches. Less thrilling “cousins” of gamification often used in teaching and tasked-based activities include displays like tutorials, lectures, slide shows, watch-only videos, and text-based material. These are used in educational settings and are part of what researchers define as “passive learning,” techniques—a method of teaching where students receive information from a source to internalize and regurgitate. Studies show this approach is highly ineffective at helping learners retain information (and even worse when it comes to applying learned information to an actual experience or task). Gamification can help overcome these challenges—especially when we leverage it within the context of business training and professional employee development. The types of training professionals might undergo include trainings on customer engagement and retention, sales processes, use of specific software applications, etc. If professionals can conduct those trainings in gamified settings, their propensity for completing (and enjoying!) training increases. We’ll discuss “how” this actually happens later. As a result, they might be better collaborators among colleagues, drive more sales, or foster greater customer satisfaction.

Entertainment with a Social Benefit

We’re constantly on the hunt for the “perfect” way to teach, one that resonates and is impactful. The difficulty here is that people are unique, each with their own motivations, modes of learning, and literally the way our brains are wired to absorb information. Gamification isn’t the first attempt at a perfect solution, television and radio had their time as well. Before we dive deeper into how gamification enables professional, adult learning, let’s understand how history has taught communities.

Before video games entered the market in a big way, TV and radio held the spotlight as primary modes by which information was relayed and stories were told. What you might not know is that the channel’s reputation to deliver information to the masses (eventually ‘to entertain’ the masses) was actually grounded in socio-psychological theory. Miguel Sabido aptly named the “Sabido methodology” to define ways in which social attitudes and behaviors were positively changed due to information (aka: a stimulus) delivered from television and radio. Sabido pioneered the use of telenovelas to teach about social issues in the 1970s and 80s, when he was Vice President of Research at the Mexican television network Televisa.

His complex narratives allowed audiences to relate to his characters who were often positioned as positive, negative, and neutral role models. The characters addressed relevant social issues of the times (e.g. women’s status, child slavery, environmental protection, HIV/AIDS) and audiences became emotionally attached to them as they made good or bad decisions within the storyline. Why? Because the topics covered and the character behaviors resonated with viewers.

What Sabido uncovered in this narrative communication method (complete with relatable characters and compelling storyline) was a new way to teach people about important issues they otherwise might not care to educate themselves on. Over the next decade, Sabido produced six serial dramas that touched on issues of HIV/AIDS and safe sex practices—coincidentally (or not), Mexico experienced a 34% decline in population growth rate during that same time frame. Perhaps the way in which he addressed social issues that were important to his viewers, resonated after all.

We can learn a lot from Sabido’s efforts here. According to Population Media, “The major tenet of the Sabido methodology is that education can be compelling and that entertainment can be educational. Sabido originally termed his approach ‘entertainment with proven social benefit,’ and since then, many communication professionals and scholars have applied the term ‘entertainment-education’ to the Sabido approach.” Sabido helped pioneer a new kind of learning that adults were attracted to and interestingly enough, we see similar “entertaining education” strides made today when teaching is done using gamification.

Learning Styles, Information Overload, and Misconceptions of Gamification

It’s not shocking that the interactive media and gaming industry has followed this “entertainment-education” pathway. As technology evolves, we naturally find new ways of putting it to work for us in a way that is not only useful and functional but appealing. Sabido’s use of serialized dramas and engaging characters have shown to be extremely effective in igniting social change and shifting social attitudes among viewers/consumers of information—and as professionals in business, we should learn from his work and mission. Consider gamification the latest teaching approach we have at our fingertips. It offers a new way of learning that hasn’t been employed to its fullest potential in other media/education models.

There are three generally recognized learning styles: Visual, Auditory, and Kinesthetic. Kinesthetic learning (learning by doing), wasn’t really an option for Sabido (watching TV was passive information consumption, visual and auditory). However, gamification and interactive media is a reflection of that third learning category, kinesthetic. For the first time, we can take a student to Mars in a virtual environment, or have them interact with a neuron the size of a house leveraging Kinesthetic learning technology. The training and educational possibilities are endless (especially when we layer in elements of gamification) and we’re just scratching the surface.

But learning is only as effective as the approach we deploy to learn. When it comes to assessing the effectiveness of gamification in an educational application, learners tend to evaluate it from two lenses, asking: “How do I learn” and “How do I play?” To answer these questions, we can review various game mechanics and features that make up each of the three learning styles. More on that later. However, we’re missing a large piece of the purpose of gamification if we don’t also ask “Why do I play?” This is equally the most challenging question to answer when it comes to using gamification to teach today’s professionals.

If we are to truly leverage gamification as a learning mechanism for business in professional training and development, we first need to understand how adults process new information. Researchers note “…our problem as adults are that we want to take new knowledge and compare and contrast it to what we already have. Our brains natively know that they can only process so much at a time, so they try to analyze incoming input to identify key material that must be retained, and then immediately file that information alongside relevant contexts. That processing imposes a significant amount of overhead, and it’s why acquiring new knowledge and skills is so much harder for an adult.”

Compare that learning style against the physical act of teaching a child, and we see stark differences. When teaching a child a concept, it is relatively straightforward: preach at them, and they’ll absorb it. For the most part, author Don Jones notes, “they’ll believe it because they tend to lack the context to dispute it.”

Now apply how adults learn to their professional and personal environments. As adults, we’re constantly bombarded, now more than ever, with new information at every moment. Opening up your phone in the morning usually bears forth a host of notifications to sift through, between messages, news headlines, and advertisements. Our brains are constantly working to filter what we care about, and what we don’t. Adults do this natively and unintentionally, as much as we’d like to just absorb all the information we’re presented with… our brains just don’t function that way anymore. We’d be on overload!

Should businesses adopt gamification as a learning strategy to enable professionals in their day-to-day jobs, we must first be cognizant of their perception of “playing a game,” (especially now that we understand how they learn and filter information). Imagine an adult that’s being asked to learn something new on the job by using a gamified platform where they have to play a “video game” to do it. That adult learner may very well bemoan the thought of “going back to school” or “playing a game” to learn something about their job. Unfortunately, video games aren’t something adults take seriously (because up until recently, they haven’t been really applied to support business-like functions and serve a greater good). There’s a perception that playing games is all fun and not meaningful–but gamification has to overcome these misconceptions. When teaching adults, we must remember to communicate the “why”…

Jones also notes, “I often provide the ‘why do I care about this?’ answer upfront, in the form of a problem statement, where my key point becomes the solution. I then immediately illustrate or demonstrate how the key point solves the problem, providing reinforcement and confirmation to the students’ brains.”

Leaders interested in deploying gamified learning in professional training programs need to communicate the “Why do I play?” to their trainees. The answer isn’t merely to ensure the learner understands the point of the lesson, it’s much more about understanding what drives and engages their brain to interact with a gamified environment in the first place. There are driving motivational factors in gamification that make it a powerful tool for professional training and learning. Given that we all are wired differently, we must understand how to make gamification work best for us, as individual learners.

Making Gamification Work for All Learners

Yu-kai Chou created a framework for gamification and behavioral analysis that he calls “The Octalysis Gamification Framework.” Within he does a fantastic job breaking down driving factors and motivators for different types of gamers and learners—and we can use this model as a foundation to build out professional learning programs and activities in our own businesses. The Octalysis Framework is extremely deep, yet it’s easier to understand Chou’s eight Core Drivers in human behavior, in the circular graph.

When we consider Chou’s driving factors, through the lens of “How we Learn” and “How we Play,” in-game mechanics—with the understanding of the three learning styles, it becomes easier to see the potential for gamification as a mechanism to complement other learning styles. By examining the motivating factors that contribute to whether or not something is considered “gamified,” those doing the teaching can clearly see where kinesthetic learning fits within the overall game mechanics structure in relation to auditory/visual representations found in the mechanics.

Figure 2

Notice in figure 2, game mechanics prioritize competitive drivers over collaborative efforts, community over exploration (as indicated by the quantity of learning style icons).

As much as we celebrate the experiential elements of kinesthetic learning in educational literature… there’s much work to be done in gamification to ensure hands-on learning styles are better represented on this model so that more inclusive learning can be had.

Further, game components like “Levels” and “Missions” are incredibly broad terms and they can be as varied as the subjects they attempt to illustrate, yet I would argue that these mechanics determine if a product truly feels like a game more than features like the ability to share accomplishments socially or obtaining a badge.

The reality is, we’ve had a much longer history teaching to auditory and visual learning pillars, more so than teaching and training staff with gamification. If anything, this may illustrate that it’s easier to develop products and software that align with the visual and auditory-based learners versus developing products to meet the needs of those who want more hands-on experiences in a game-like setting. This is why we mostly hear about digital badging, leaderboards, and “leveling up” in the context of video games instead of in training programs for business professionals.

While incorporating gamification elements into a professional development training program can be done, do we need to check off all these game mechanic boxes in order for a product to be considered “Gamified?” Arguably no. It’s all about your demographics and what will drive them to learn most effectively.

We have reflected upon the history of “engaging educational learning” in the context of telenovela programming, deepened our understanding how we process and retain learned material in an overly interconnected culture, and sought new ways for learning to “stick,” one thing becomes clear: gamification is an untapped learning resource for today’s professionals. Dare I say, the diamond in the rough we’ve been searching for in business training and professional development. If your professional demographic is at all varied (I bet it is), then your teaching strategies will likely have to be as well. It’s time businesses think beyond the passive learning styles of yesteryear, and embrace a new gamified approach to adult training and development—something that better fosters driving factors like collaboration and exploration equally to that of competition, community, and achievement. Only then, will we really have a learning approach that meets everyone where they are.

Why Cybersecurity is Important for Higher Education Institutions

It might surprise you to know that the education industry is a prime target for malicious hackers. While threats in this sector are on the rise, many education institutions are not prepared for a cyber attack nor do they know how to recover from one. In fact, there were 122 cyber attacks last year at 119 K-12 public education institutions, averaging out to an attack every three days. A 2018 Education Cyber Security Report published by SecurityScorecard also found that of 17 industries, the education sector ranked dead last in total cyber security safety. Schools are leaving themselves open to student and faculty identity theft, stolen intellectual property, and extremely high cost data breach reconciliation. In fact, a study done by the Ponemon Institute shows the average cost of a data breach in the education sector is $141 per record leaked.

This industry faces some unique cyber security challenges:

  • Historically, this industry is based on the free exchange of information, i.e the philosophy that information should be readily available to all. The use of computers and internet in education has allowed information to be stored and accessed in many different ways, creating vulnerabilities in storage, network security, and user error which leaves systems susceptible to hacks.
  • Students and staff may have limited technical skills and prowess to know how to stay safe online.
  • Online education systems are highly distributed across multiple schools in a district or across state lines, making it easier to infect one system to gain access to all.
  • Computer systems used by schools often lack a single application, or “source of truth” to safely manage student and employee identities.
  • There’s a significant change in the user population every year due to students graduating and new students enrolling, making it difficult to track who is using certain resources and who has access to them.
  • Remote access is often required, with students and parents accessing systems from home computers and smartphones. When you access an online resource repeatedly from potentially vulnerable or unsecure networks, it creates more opportunity for hacks.

So how can educational institutions better protect themselves against looming cyber threats?

  • Shift the focus to prevention instead of mitigation – by making the focus on securing data before an attack happens rather than after, organizations will be better prepared to protect students and staff against a breach.
    • IT directors and security operators within educational institutions would be wise to consider persistent training solutions for their teams to optimize existing cyber skills so they don’t go “stale” after a period of time.
    • Likewise, perform a security audit and work across departments to understand all the digital systems in place (financial, teacher, student portals, etc.) and where vulnerabilities might exist.
    • HR departments of institutions should consider updating or adopting employee security awareness training to ensure every education-employed professional working on a computer understands the basics of cyber security and how to stay safe online.
  • Minimize internal threats – Verizon’s 2019 Data Breach Investigations Report found that nearly 32% of breaches involved phishing and that human error was the causation in 21% of breaches. Proper and continued training and awareness around security issues is key in preventing possible attacks.
  • Make cyber security a priority in IT budgeting – Schools and other educational institutions need to recognize the growing cyber threatscape and prioritize allocating funds to training tools, IT teams, and continued education for internal staff.

Circadence is here to help. Cybersecurity in the education sector is more important than ever, and our immersive, gamified cyber learning platform, Project Ares, can help ensure that your cyber team is ready to defend against malicious attacks. Our inCyt product (coming soon!) will keep everyone else in your organization up to snuff on cyber defense and offense. We pair gamification with prolonged learning methods to make learning and retaining cyber security tactics simple and fun for all. Don’t let your institution and students be next in line for a breach–think inCyt, and Project Ares when you think cyber security for the education sector!

If you’re still looking for more information on education and cyber security, check out these handy references:

DOWNLOAD WHITEPAPER

Photo by Vasily Koloda on Unsplash

Why Alternatives to Traditional Cyber Training Are Needed Immediately

Are you looking for a more effective, cost-conscious cyber training tool that actually teaches competencies and cyber skills? We’ve been there. Let us share our perspective on the top cyber training alternatives to complement or supplement your organization’s current training efforts.

Cyber training has evolved over the years but not at pace with the rapid persistence of cybercrime. Cyberattacks impact businesses of all sizes and it’s only a matter of time before your business is next in line. Traditional cyber training has been comprised of individuals sitting in a classroom environment, off-site, reading static materials, listening to lectures, and if you’re lucky, performing step-by-step, prescriptive tasks to “upskill” and “learn.” Unfortunately, this model isn’t working anymore. Learners are not retaining concepts and are disengaged from the learning process. This means by the time they make it back to your company to defend your networks, they’ve likely forgotten most of the new concepts that you sent them to learn about in the first place. Read more on the disadvantages of passive cyber training here.

So, what cyber training alternatives are available for building competency and skill among professionals? More importantly, why do you need a better way to train professionals? We hope this blog helps answer these questions.

Cyber Range Training

Cyber ranges provide trainees with simulated (highly scalable, small number of servers) or emulated (high fidelity testing using real computers, OS, and application) environments to practice skills such as defending networks, hardening critical infrastructure (ICS/SCADA) and responding to attacks. They simulate realistic technical settings for professionals to practice network configurations and detect abnormalities and anomalies in computer systems. While simulated ranges are considered more affordable than emulated ranges, several academic papers question whether test results from a simulation reflect a cyber pro’s workplace reality.

Traditional Cyber Security Training

Courses can be taken in a classroom setting from certified instructors (like a SANS course), self-paced over the Internet, or in mentored settings in cities around the world. Several organizations offer online classes too, for professionals looking to hone their skills in their specific work role (e.g. incident response analyst, ethical hacker). Online or in-classroom training environments are almost exclusively built to cater to offensive-type cyber security practices and are highly prescriptive when it comes to the learning and the process for submitting “answers”/ scoring.

However, as cyber security proves to be largely a “learn by doing” skillset, where outside-of-the-box thinking, real-world, high fidelity virtual environments, and on-going training are crucially important, attendees of traditional course trainings are often left searching for more cross-disciplined opportunities to hone their craft over the long term. Nevertheless, online trainings prove a good first step for professionals who want foundational learnings from which they can build upon with more sophisticated tools and technologies.

Gamified, Cyber Range, Cloud-Based Training

It wouldn’t be our blog if we didn’t mention Project Ares as a recommended, next generation alternative to traditional cyber training for professionals because it uses gamified backstories to engage learners in activities.  And, it combines the benefits and convenience of online, cyber range training with the power of AI and machine learning to automate and augment trainee’s cyber competencies.

Our goal is to create a learning experience that is engaging, immersive, fun, and challenges trainee thinking in ways most authentic to cyber scenarios they’d experience in their actual jobs.

Project Ares was built with an active-learning approach to teaching, which studies show increase information retention among learners to 75% compared to passive-learning models.

Check out the comparison table below for details on the differences between traditional training models and what Project Ares delivers.

Traditional Training
(classroom and online delivery of lectured based material)
Project Ares
(immersive environment for hands on, experiential learning)
Curriculum Design

  • Instructors are generally experts in their field and exceptional classroom facilitators.
  • Often hired to develop a specific course.
  • It can take up to a year to build a course and it might be used for as long as 5 years, with updates.
  • Instructors are challenged to keep pace with evolving threats and to update course material frequently enough to reflect today’s attack surface in real time.
  • It is taught the same way every time.
Curriculum Design

  • Cyber subject matter experts partner with instructional design specialists to reengineer real-world threat scenarios into immersive, learning-based exercises.
  • An in-game advisor serves as a resource for players to guide them through activities, minimizing the need for physical instructors and subsequent overhead.
  • Project Ares is drawn from real-world threats and attacks, so content is always relevant and updated to meet user’s needs.
Learning Delivery

  • Courses are often concept-specific going deep on a narrow subject. And it can take multiple courses to cover a whole subject area.
  • Students take the whole course or watch the whole video – for example, if a student knows 70%, they sit through that to get to the 30% that is new to them.
  • On Demand materials are available for reference (sometimes for an additional fee) and are helpful for review of complex concepts.   But this does not help student put the concepts into practice.
  • Most courses teach offensive concepts….from the viewpoint that it is easier to teach how to break the network and then assumes that students will figure out how to ‘re-engineer’ defense. This approach can build a deep foundational understanding of concepts but it is not tempered by practical ‘application’ until students are back home facing real defensive challenges.
Learning  Delivery

  • Wherever a user is in his/her cyber security career path, Project Ares meets them at their level and provides a curriculum pathway.
  • From skills to strategy:   Students / Players can use the Project Ares platform to refresh skills, learn new skills, test their capabilities on their own and, most critically, collaborate with teammates to combine techniques and critical thinking to successfully reach the end of a mission.
  • It takes a village to defend a network, sensitive data, executive leaders, finances, and an enterprises reputation:  This approach teaches and enables experience of the many and multiple skills and job roles that come together in the real-world to detect and respond to threats and attacks….
  • Project Ares creates challenging environments that demand the kind of problem solving and strategic thinking necessary to create an effective and evolving defensive posture
  • Project Ares Battle Rooms and Missions present real-world problems that need to be solved, not just answered. It is a higher-level learning approach.

If you want to learn more about Project Ares and how it stacks up to other training options out there, watch our on-demand webinar “Get Gamified: Why Cyber Learning Happens Better With Games” featuring our VP of Global Partnerships, Keenan Skelly.

  You can also contact our experts at info@circadence.com or schedule a demo to see it in action!

Photo by Helloquence on Unsplash

Living Our Mission: Embracing the Art of Gamification with Hector Robles, Lead Game Designer at Circadence

If there’s anyone who truly embodies the art of gamification, Hector Robles name just might top that list. As a lead game designer at Circadence, Hector works closely with the company’s content and curriculum departments to take complex cyber concepts and learning paths and artistically weaving them into fun cyber games that make learning desirable.

Hector has more than nine years of professional experience in the game design and cyber security/tech space, but his career wasn’t always rooted in making games for companies. In fact, after graduating from high school, Hector proudly served in the U.S. Army, as a military police officer. It was there he gained an understanding of and appreciation for the importance of security as a whole. Hector saw firsthand how proliferating technology impacted both civilian security and military security operations. After his service, Hector followed his interest and passion for game design by attending the Miami International University of Art and Design and graduating with a degree in game design. Then, he began working with media conglomerates and startup companies as a designer, producer, and artist.

But something was missing. While Hector was accumulating an impressive portfolio of entertainment game design work, he sought something more meaningful—a way to apply his skills in game design to help others. It was then he learned about Circadence and joined the game development team alongside colleagues Kari Sershon, Ronaldo Periera and Jose Velazquez.

Hector has worked on Circadence’s flagship platform Project Ares, specifically the cyber learning games embedded within it. The cyber learning games that Hector has designed will also soon become a part of the CyberBridge Essentials learning hub for wider customer access. Hector’s work can be seen most poignantly in Circadence’s new 2019 game, RegExile, which teaches players how to do regular expression coding work. RegExile helps players learn the syntax of regular expressions so they can efficiently parse through the data in search of evidence of a breach. It is a fast-paced pattern-recognition game that teaches the concepts of regular expression while exercising player’s muscle memory and reaction time. The game challenges players to form the correct expression to select or exclude data while immersing them in a futuristic “save the world” scenario filled with human-destroying robots. Players must recognize patterns in the names and type proper RegEx techniques to eliminate robots before they destroy the colony.

For Hector, designing games like this is fulfilling. “It’s a completely different beast from entertainment game design. It’s meaningful to take complex cyber concepts and turn them into fun, interactive, easily-digestible material for players—whether it’s people just starting out in cyber security or seasoned professionals looking to brush up on skills,” Hector says.

Hector typically approaches new game development by first thinking about how to make a certain concept or task in cyber “fun.” He does a lot of game research to come up with ideas of new game play designs and layouts. The research, which may include playing a game of Dungeons and Dragons to get the cognitive juices flowing, playing an arcade style game to think of narrative storylines and actions, or even breaking out a board game with friends, sparks Hector’s imagination and creativity. Once he has an idea of what kind of game he wants to create to teach the cyber concept that the Circadence Curriculum team has outlined, he develops a one-page pitch for stakeholders that presents his ideas cohesively, including details on game objectives, purpose, and technical specifications. After approval, the fun begins! Hector and his team start prototyping features and components of the game to make the ideas on paper become reality. For RegExile, he planned out the movement of the robots in the game by moving game board pieces around to capture an authentic “in game” feeling for the player.

“I try to always think about what games are out there and how we can make our games truly unique,” says Hector. “We’re constantly thinking about things like accessibility, narrative, and pacing to ensure our games aren’t just entertaining, but that people are really learning from them,” he adds.

Hector is also working on augmented reality and virtual reality card games where players can learn cyber security concepts in industry-specific settings like oil rigs and power plants to further engage one’s understanding of different cyber threats and defense tactics in the cyber kill chain. Users will eventually be able to use physical playing cards to learn things like ports and protocols too. Stay tuned for more on that!

While some may view Hector’s work as all fun and games, it does have a meaningful component that many end-users don’t think about at first. When someone logs onto a game, they are presented with audio/visual and text-based cues to inspire their behavior or ignite an action. Those cues are what allow a player to understand how to engage and act in a game setting, so they are not confused as to what to do or how to do something. Hector’s work takes the guessing out of game play for Circadence’s products. Players who engage with a cyber learning game like RegExile know immediately how to play the game and what the objective is without having to jump through hurdles or be confused at where to start. Thank Hector and his team for that!

“When they get to the platform, they know what to do, the basics of the tool, and more of the narrative and understanding of how they’ll engage with it,” said Hector. “It’s the components we build into the game that allow them to feel empowered when they hit “play” to start,” he adds.

It’s Hector’s team’s expertise behind the coding work, gamification elements, and user interface that comes together to create the best user experience for the player. The art of gamification not only engages and entertains, but it inspires, teaches, and instills cyber knowledge in the minds of players who want to grow in cyber competency and skill.

“Seeing someone’s face light up when they play our games brings a smile to my face,” says Hector. “At first they’re hesitant but then they start playing and there is a moment of clarity that washes over their face that makes the time and energy put into our games all worth it.”

Hector believes the best way to learn is by playing games. That’s what ‘living our mission’ at Circadence is all about. The power of games can cement cyber concepts and we look forward to seeing what Hector and his team whip up next to keep professionals and first-time cyber learners coming back for more knowledge and skill building.

Living Our Mission Blog Series: Building Hyper-Scalable Cyber Training Experiences with Randy Thornton, Enterprise Architect at Circadence

A newly minted Engineering Fellow, Randy Thornton has dedicated his craft to software development for over 30 years. His passion for learning and using new technologies is evident in Circadence’s cyber range platform, Project AresÒ.

Randy joined Circadence in 2005 when the company was selling its WAN Optimization product, MVOÔ. His background in scientific computing software for CAD/CAM, telecom, and seismology have all been brought to bear to transform Project Ares from a mere cool idea that met unique market demands, to now, a full-fidelity, hyper-scalable range training tool for cyber security professionals used worldwide.

Randy and Circadence: Then and Now

In the beginning, there were about four Circadence employees working on the Project Ares prototype, which was eventually adopted by government and military agencies who were looking for better ways to train their cyber operators. Fast forward to today, Randy is leading the Project Ares team to redesign the architecture to scale within Microsoft Azure.  The goal is to provide private sector enterprises the same cutting-edge opportunity to train their cyber teams of any size and location on a gamified range—persistently, authentically, with flexibility and relevant to their specific cyber readiness needs. And Randy has been there through it all!

Today Randy mentors the engineering team at Circadence and helps them identify and collate standards around how the company’s products’ code is written and tested. He also helps identify what technologies to use and evaluates the technical feasibility of using new tech in the products themselves.

“Researching and learning new technology and staying on the cutting-edge is one of the most exciting parts of my job,” said Randy. “I see so much potential for Project Ares…so much promise…and being able to build out complicated networks in the cloud is a welcomed challenge for me.” he added.

Fellow Designation Reflected in Technical Capabilities within Project Ares

Randy’s contributions have been celebrated with a promotion to an Engineering Fellow, a significant career milestone that honors his achievements, expertise, and technical leadership to Project Ares, Circadence, and the cyber security industry as a whole.  The well-deserved recognition clearly stems from the fact that Randy never stops learning! He recently completed his Azure architecture certification exam, which helps him contribute to transitioning Project Ares to run on Microsoft Azure intelligent cloud.

“Project Ares’ ability to scale across regions is even more prevalent now thanks to Microsoft Azure,” said Randy. “The usability, the functionality, and its capability to connect across multiple locations and look like one single installation will be very beneficial to enterprise and government entities looking to scale their cyber training efforts effectively.”

A professional motto that drives Randy’s belief in continuous innovation in Project Ares is “Every time we change code, we should improve it.” It is this technical philosophy that has kept Randy and the Circadence engineering team on their toes and moving at pace to meeting market demands for scalable cyber training experiences.

Evolving Cyber Training to Scale for Customers

Randy’s current project lies in Project Ares.Next, an evolution of Project Ares from an on-premise application to a true cloud native SaaS platform that fully exploits the advantages of the cloud computing model.  Many of the cloud native improvements for Project Ares will be “under the covers”.  But customers will see performance improvements in mission virtual machines and new cyber curriculum will be able to be added to the platform more expeditiously. Project Ares users who want to train their teams from anywhere in the world will be able to do so persistently, without compromising user experience and impacting mission load times, etc.

As Project Ares evolves, we start to adapt to Go and Google standards and Kubernetes standards,” said Randy. “We’ve been working closely with Microsoft engineering teams on how we use the Azure Cloud most effectively and efficiently,” he adds.

The work of Randy and his teams is technical in nature and we greatly appreciate the level of knowledge and expertise they have to ensure Project Ares stays on the cusp of cyber training market demands using the latest technology to automate and augment the cyber workforces of tomorrow. We are grateful for their work to make Project Ares better every day as they use their talents to inform what our customers experience in the platform.

Learn Project Ares, including recent mission and battle room updates!

Photo by Markus Spiske on Unsplash
Photo by John Schnobrich on Unsplash

How Cyber Security Can Be Improved

Every day we get more interconnected and that naturally widens the threat surface for cybercriminals. In order to protect vulnerabilities and keep pace with hacker methods, security – and non-security professionals must understand how to protect themselves (and their companies). And that involves looking for new ways to improve cyber security. To start, we believe cyber security can be improved by focusing on three areas: enterprise-wide cyber awareness programs, within cyber teams via persistent training, and in communication between the C-suite and the CISO. Check out our recommendations below and if you have a strategy that worked to improve cyber security in your company or organization, we’d love to hear about it.

Company-Wide Security Awareness Programs

Regardless of company size or budget, every person employed at a business should understand fundamental cyber concepts so they can protect themselves from malicious hackers. Failure to do so places the employee and the company at risk of being attacked and could result in significant monetary and reputation damages.

Simple knowledge of what a phishing email looks like, what an unsecured website looks like, and implications of sharing personal information on social media are all topics that can be addressed in a company-wide security program. Further, staff should understand how hackers work and what kinds of tactics they use to get information on a victim to exploit. Reports vary but a most recent article from ThreatPost notes that phishing attempts have doubled in 2018 with new scams on the rise every day.

But where and how should companies start building a security awareness program—not to mention a program that staff will actually take seriously and participate in?

We believe in the power of gamified learning to engage employees in cyber security best practices.

Our mobile app inCyt helps novice and non-technical professionals learn the ins and outs of cyber security from hacking methods to understanding cyber definitions. The game allows employees to play against one another in a healthy, yet competitive, manner. Players have digital “hackables” they have to protect in the game while trying to steal other player’s assets for vulnerabilities to exploit. The back and forth game play teaches learners how and why attacks occur in the first place and where vulnerabilities exist on a variety of digital networks.

By making the learning fun, it shifts the preconceived attitude of “have to do” to “want to do.” When an employee learns the fundamentals of cyber security not only are they empowering themselves to protect their own data, which translates into improved personal data cyber hygiene, but it also adds value for them as professionals. Companies are more confident when employees work with vigilance and security at the forefront.

Benefits of company-wide security awareness training

  • Lowers risk – Prevents an internal employee cyber mishap with proper education and training to inform daily activities.
  • Strengthens workforce – Existing security protocols are hardened to keep the entire staff aware of daily vulnerabilities and prevention.
  • Improved practices – Cultivate good cyber hygiene by growing cyber aptitude in a safe, virtual environment, instead of trial and error on workplace networks.

For more information about company-wide cyber learning, read about our award-winning mobile app inCyt.

Persistent (Not Periodic) Cyber Training

For cyber security professionals like network analysts, IT directors, CISOs, and incident responders, knowledge of the latest hacker methods and ways to protect and defend, govern, and mitigate threats is key. Today’s periodic training conducted at off-site training courses has and continues to be the option of choice—but the financial costs and time away from the frontlines makes it a less-than-fruitful ROI for leaders looking to harden their posture productively and efficiently.

Further, periodic cyber security training classes are often dull, static, PowerPoint-driven or prescriptive, step-by-step instructor-driven—meaning the material is often too outdates to be relevant to today’s threats—and the learning is passive. There’s minimal opportunity for hands-on learning to apply learned concepts in a virtualized, safe setting. These roadblocks make periodic learning ineffective and unfortunately companies are spending thousands of dollars every quarter or month to upskill professionals without knowing if it’s money well spent. That’s frustrating!

What if companies could track cyber team performance to identify gaps in security skills—and do so on emulated networks to enrich the learning experience?

We believe persistent training on a cyber range is the modern response for companies to better align with today’s evolving threats. Cyber ranges allow cyber teams to engage in skill building in a “safe” environment. Sophisticated ranges should be able to scale as companies grow in security posture too. Our Project Ares cyber learning platform helps professionals develop frontier learning capabilities on mirrored networks for a more authentic training experience. Running on Microsoft Azure, enterprise, government and academic IT teams can persistently training on their own networks safely using their own tools to “train as they would fight.”

Browser-based, Project Ares also allows professionals to train on their terms – wherever they are. Artificial intelligence via natural language processing and machine learning support players on the platform by acting as both automated adversaries to challenge trainees in skill, and as an in-game advisor to support trainee progression through a cyber exercise.

The gamified element of cyber training keeps professionals engaged while building skill. Digital badges, leaderboards, levels, and team-based mission scenarios build communicative skills, technical skills, and increase information retention in this active-learning model of training.

Benefits of persistent cyber training

Gamifying cyber training is the next evolution of learning for professionals who are either already in the field or curious to start a career in cyber security. The benefits are noteworthy:

  • Increased engagement, sense of control and self-efficacy
  • Adoption of new initiatives
  • Increased satisfaction with internal communication
  • Development of personal and organizational capabilities and resources
  • Increased personal satisfaction and employee retention
  • Enhanced productivity, monitoring and decision making

For more information about gamified cyber training, read about our award-winning platform Project Ares.

CISO Involvement in C-Suite Decision-Making

Communication processes between the C-suite and CISO need to be more transparent and frequent to achieve better alignment between cyber risk and business risk.

Many CISOs are currently challenged in reporting to the C-suite because of the very technical nature and reputation of cyber security. It’s often perceived as “too technical” for laymen, non-cyber professionals. However, it doesn’t have to be that way.

C-suite execs can understand their business’ cyber risks in the context of business risk to see how the two are inter-related and impact each other.

A CISO is typically concerned about the security of the business as a whole and if a breach occurs at the sake of a new product launch, service addition, or employee productivity, it’s his or her reputation on the line.

The CISO perspective is, if ever a company is deploying a new product or service, security should be involved from the get-go. Having CISOs brought into discussions about business initiatives early on is key to ensuring there are not security “add ons” brought in too late in the game. Also, actualizing the cost of a breach on the company in terms of dollar amounts can also capture the attention of the C-suite.

Furthermore, CISOs are measuring risk severity and breaking it down for the C-suite to help them understand the business value of cyber.  To achieve this alignment, CISOs are finding unique ways to do remediation or cyber security monitoring to reduce their workloads enough so they can prioritize communications with execs and keep all facets of the company safe from the employees it employs to the technologies it adopts to function.

Improving Cyber Security for the Future

Better communications between execs and security leaders, continual cyber training for teams, and company-wide cyber learning are a few suggestions we’ve talked about today to help companies reduce their cyber risk and harden their posture. We’ve said it before and we will say it again: cyber security is everyone’s responsibility. And evolving threats in the age of digital transformation mean that we are always susceptible to attacks regardless of how many firewalls we put up or encryption codes we embed.

If we have a computer, a phone, an electronic device that can exchange information in some way to other parties, we are vulnerable to cyber attacks. Every bit and byte of information exchanged on a company network is up for grabs for hackers and the more technical, business, and non-technical professionals come together to educate and empower themselves to improve cyber hygiene practices, the more prepared they and their company assets will be when a hacker comes knocking on their digital door.

Photo of computer by rawpixel.com from Pexels

Computer Fraud and Security – Gamification as a Winning Strategy

In this “game of protection’ to balance defensive and offensive security techniques, now is the time for CISOs and business leaders to reach for a new cyber security manual – one that leverages gamification.

A New Perspective: Changing How We Think About Cybersecurity Training

What if someone told you that there was a new way to commute to work in the morning? A way that was more efficient than taking the highways or backroads to avoid traffic – a way that would allow you to save time, headaches and the dangers of driving altogether…you’d be interested, right? Maybe a little skeptical, certainly, but interested. So would we! Changing the way we think about a process or an act does not happen at the flip of a switch. We know that.  However, the speed at which technology advances and new products and services hit the market with attempts to make our daily lives easier, faster, better requires us to be open to new ways of thinking about traditional approaches. In this blog, it’s about changing how we think about “cybersecurity training.”

While we can’t help you teleport to your office or lend you a flying car, the concept behind the “better way to commute” scenario is exactly what we at Circadence are advocating for—A new way to think about cybersecurity training and skills development. Now, we realize that might not be as “cool” as teleportation but hear us out.

When it comes to cybersecurity, we believe wholeheartedly that there is a better way to train cyber professionals on the latest tactics and techniques. Why? Current ways of developing professionals with “one-and-done” trainings in classroom settings aren’t working. How do we know this? Because businesses are still getting hacked every day. In 2018 alone, we saw a 350% increase in ransomware attacks and 250% in spoofing or business email compromise. If lecture-based, classroom setting, PowerPoint-driven training courses were working, we wouldn’t still be reading about breaches in our local and national news. Something new, something different has to be done.

Talk to your teams

People develop, use and control the technologies we have available to us. People are the mechanisms by which we execute certain security methods and procedures. People are the reason there are actual tools to help us stop threats. Talking to your team can help gain perspective on how they are feeling with their current workloads and where they want to improve professionally.

Without well-trained individuals who persistently learn new skills and find better (more efficient) ways to operationalize cyber processes and techniques, our businesses and our personal information will be exploited—it’s only a matter of time. While you may be thinking “I send my team to an off-site course and they learn new stuff every time” then great! We invite you to take the next step and talk to those teams about how they’re using what they’ve learned in everyday cyber practice. Sometimes the first step in adopting a new way of thinking about a process (in this case, cyber training), we need to talk to the people who actually experienced it (those with boots on the ground).

Talk to your teams about:

  • their experience on-site at the training
  • what their main takeaways were
  • how they are applying learned concepts to daily tasks
  • where they see gaps or “opportunities for improvement”

Listening to teams and asking objective questions like this can shed light on what’s working in your cyber readiness strategy and what’s not.

Reframe negative thoughts

Things that are new and different are disruptive and that can be scary for leaders looking for concrete ROI to tie to cyber readiness solutions. Forbes suggests reframing negative thoughts as well. In thinking about a new way to do cyber training, instead of “gamified cyber learning will never work,” come from a place of inquiry and curiosity instead. Reflect on what feelings or experiences are causing you to think negatively about a new way of doing something.

Ask objective questions like:

Understanding how something works or could work for your specific situation is the foundation for evaluating the merit of any new process or approach presented to you.

Know Today’s Cyber Training Options

How cyber training has been conducted hasn’t changed much in the past several years. Participation in courses require professionals to travel off-site to facilities/classrooms where they gather together to listen to lectures, view PowerPoint presentations and videos, and maybe engage in some online lab work to “bring concepts to life.”

Travel costs incur, time away from the frontlines occurs, and learners often disengage with material that is passively delivered to them (only 5% of information is retained with passive-learning delivery).

One of the biggest gaps in cyber training is that there isn’t a way to effectively measure cyber competencies in this traditional method. The proof is in the performance when professionals return to their desks and attempt to identify incoming threats and stop them. That absolute, black and white, way of measuring performance is too risky for businesses to stake their reputation and assets on.

Leaders who send their teams to these trainings need to know the following:

1) what new skills cyber teams have acquired

2) how their performance compares to their colleagues

3) what current skills they have improved

4) what cyber activities have they completed to demonstrate improvement/progression

Today’s off-site trainings don’t answer those questions until it’s too late and a threat has taken over a network. Professionals can “see” really quick when a learned skill doesn’t translate to real life.

Embrace the journey of learning

There is a better way to train professionals and it can happen with gamification. But don’t let us be your only source of truth. Talk to people. Listen to their experiences training traditionally and hear firsthand what they want out of a skill building opportunity. Read the latest research on gamification in the corporate workplace. Then, make connections based on the intel you’ve gathered to evaluate if gamification is right for your organization’s professional development approach.

We’ll be here when you’re ready to dive deeper into specific solutions.

Photo by sergio souza on Unsplash

Guest Blog: Embracing Immersive, Gamified Cybersecurity Learning, Featuring Divergence Academy

What is immersive, gamified cybersecurity learning? The term was originally coined in 2002 by a British computer programmer named Nick Pelling. The term hit the mainstream when a location-sharing service called Foursquare emerged in 2009, employing gamification elements like points, badges, and “mayorships” to motivate people to use their mobile app to “check in” to places they visited.  The term hit buzzword fame in 2011 when Gartner officially added it to its “Hype Cycle” list. But gamification is more than a buzz word. Companies have seen gamification work for them in cyber team training—so we thought it wise to take what is working and apply it at the earlier stages of career development—in the classroom.

At Divergence Academy, we are proud to offer a curriculum that embraces blended cyber learning to cultivate students and transitioning professionals who are ready to enter the workforce and stop today’s cyber threats.

We offer data science, cybersecurity, and cloud computing immersive learning programs that enable students to gain the knowledge and skills needed to work in any of those fields. Many of our courses offer a mix of concept-driven learning and application-driven learning so that students understand new knowledge and, in turn, apply that knowledge in skill building, project-based activities. Through working with messy, real-world data and scenarios, students gain experience across the entire technology spectrum.

Studies find when learners engage in active learning, hands-on activities, their information retention rates increase from 5% (with traditional, lecture-based methods) to 75%. The millennial generation presents radically different learning preferences than previous generations. Thus, educational institutions across the country should consider gamification as a pedagogical technique in the classroom. A study from the University of Limerick notes:

Gamified learning activities could become an integral part of flipped teaching environments. Their social, asynchronous nature can be used to prompt students to engage with pre-prepared content, while gamified learning activities can be used in the classroom to prompt student interaction and participation.

In watching our students engage with gamified activities, we see team-building blossom before our eyes. We see instant collaboration and problem-solving and critical thinking emerge. Those kinds of soft skills can’t always be taught in a traditional lecture-based setting and because of that, it is critical that we continue to offer a healthy mix of concept-driven learning with gamified learning opportunities to our students so that they can enter the workforce with a more holistic understanding of the industry.

Cybersecurity has become a captivating and engaging subject matter for students, which is fantastic as those words aren’t typically associated with the technical field.

“Wow, today we were introduced to Project Ares. Captivating is the best description I can think of. It is like ‘Call of Duty’ for cybersecurity.”
~ Divergence Academy Student, 24 years old

Fellow professors and instructors are looking for ways to make cybersecurity more interesting and attractive to students and we believe at Divergence, the gamified learning approach can help. It is an approachable way for students to engage with a field they may be completely unfamiliar with and it supports instructors by offering a course that students WANT to take.

“We notice an increase in student engagement in the classroom with the introduction of Project Ares. Gamification brings an element of intrigue and satisfaction to the learning experience.”
~ Beth Lahaie, Program Director

We hope our adoption and proven success of a blended learning approach is the nudge other institutions around the globe need to consider its power in building the next generation of cybersecurity professionals.

 

 

CISOs, Strengthen Your Cybersecurity Posture with These Resources

There is a hacker attack every 39 seconds. The average cost of a data breach in 2020 is expected to exceed $150 million. And by 2021, there will be more than 3.5 million unfilled cybersecurity jobs worldwide. No enterprise is safe from an attack.  

Because of that, CISOs realize as they evolve business operations to better serve customers, such progression has unintended security consequences and compromises. With strapped resources (both human and financial), how can CISOs in commercial sectors DO MORE to up their cybersecurity posture WITH LESS? The answer lies in the human-power to control systems, processes, and technologies.   

CISOs in every industry realize technologies and “one-and-done traditional training” cannot keep companies safe—but with the properly skilled individuals taking the reins to leverage those technologies optimally, the human-side of cybersecurity can minimize the skills gap and frequent attacks.  

Resource Roundup 

We’ve taken the liberty of publishing several articles to help CISOs “do more with less” to strengthen their cybersecurity posture. We understand you’ve spent lots of time and resources developing your teams. And they’re doing the best they can with the resources they have. Still, to amplify their success, ongoing training can help—and we hope these articles help, too.   

  1. Help wanted: Combatting the Cybersecurity Skills Shortage 
  2. Modernizing Cyber Ranges for Professional Learning 
  3. How to Tell if your Cyber Posture is Prone to an Attack
  4. Cybercrime Incidents in the Financial Services Sector 
  5. Why We Can’t Keep Ignoring Cyber Fatigue 
  6. How Continuous Learning Can Help Upskill Cyber Teams 
  7. Why Gamification is the Answer You’ve Been Looking For 
  8. The Benefits of Active Learning in Cyber Training  

Growing Cybersecurity Challenges  

CISOs and their teams are challenged to keep pace with evolving cyber threats due to staffing shortages, resource constraints, strategy misalignment. Not to mention the continuous threat of attacks on industries with interconnected technologies. In fact, 70% of cybersecurity professionals claim their organization is impacted by the skills shortage; With spending expected to exceed $1 trillion between 2017 and 2021 and 74% of C-suite executives failing to involve CISOs the leadership table, this makes the job of the CISO incredibly difficult. That is why Circadence is dedicated to helping CISOs DO MORE WITH LESS—because we understand the arduous uphill climb they face (and will continue to face) if something is not done.   

 

Hungry for more help? Download our 3 A’s INFOGRAPHIC to learn more ways to support your cyber team against imminent threats.

 

There’s Still Time to Up Your Cybersecurity Posture 

If cyber teams cannot upskill and keep pace with evolving threats, commercial sectors will continue to be hacked. Customers will not only lose trust in these institutions that aim to protect them and make their daily lives functional, but they simply won’t be able to operate efficiently, economies will suffer, and more.   

However, for enterprises that have experienced an attack, it’s not too late to invest in cyber training to prevent another. Doing nothing after an attack is the worst possible response. With failure comes opportunity to enhance resiliency on both a company-wide level, as well as at an employee-specific level. Investing in training tells hackers the attack attempt stops at its people first.  

For enterprises that have not experienced an attack, it’s not a matter of “if” but “when” it will occur. Digitalization and limited human resources make company’s front lines vulnerable and appealing to hackers. Now is the time to be proactive and empower cyber teams to train against hackers in a way that doesn’t require time-consuming travel, expenses, and other resources—simply a willingness to learn, grow, and upskill to better the company and themselves.   

Circadence wants to change how cyber professionals prepare for, protect, and defend against evolving cyber threats. We hope these, and future resources will help CISOs and cybersecurity leaders take proactive steps to strengthen their cybersecurity posture by training their teams and their entire organization, without the costly burden of traditional training courses.