The purpose of awareness is to draw attention to a desired focus. Let’s face it, the current compliance-based approach to security awareness isn’t just ineffective in creating positive change in employee behavior; it does the opposite of what a security awareness program is designed to do in that it repels.Companies continue to implement the latest and greatest technology and rely on the standard awareness program of monotonous videos and some phishing assessments that provide them with the false perception that compliant=secure.Luckily, for my end users – and for you if you attend my talk at BSidesLV – I have never been able to stay inside the box for long. My passion for fun and games crossed paths with the complaints of my end users, so security-focused games and challenges were the end result.From answering security trivia questions to earning pieces needed to assemble a bike for charity to building security escape rooms and the Security Bowl (a football-themed security board game), the security culture in my company has been significantly strengthened.Indeed, employees have become more comfortable in asking questions and reporting threats than when I started.Don’t just take my word for it. In my talk, I will address the psychological reasons of why people make voluntary decisions and how games meet basic human desires. Games not only act as a conduit to drive attention (awareness) towards security; the meeting of these basic needs generates positive emotions in the participant, ultimately acting as a reward in itself.These factors combine to go a great distance in building a positive security culture in an organization.You probably can recall pretty quickly your latest game craze or maybe your favorite game from childhood. Hold that thought! We will walk through the building blocks of creating a great game and how to incorporate security topics that are applicable to your organization.I will discuss how clever and unique features will not only create a memorable experience but drive viral interest in participation and ultimately success for your campaign. Now it’s time to turn that cherished childhood game into one of your greatest security culture influences and have a lot of fun while doing it!On July 26 at 14:30, I will be presenting my talk, “I got more games than Milton Bradley: Incentivize a positive change in your security culture” at BSidesLV. Hope to see you there!
About the Author: Drew Rose has a BS in Cybersecurity with a CISSP and a passion for building security programs and reducing risk. He has worked with institutions in the government, private, and public sector. His specialty lies in understanding human behaviors and how emotions impact everyday decisions and he uses this knowledge to help organizations craft security awareness programs with impact. Having spent 8 years in the military, Drew is a patriot and loves exploring his new home in Austin, Texas.Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.