Enhancing Cybersecurity Awareness Through Gamification; We All Have A Part To Play In The World Of Cybersecurity 2 views

While cybersecurity is taken seriously across almost every industry there is a disconnect between security teams and users regarding the distribution of responsibility and sense of importance for security breaches and attacker strategies. This problem matters because we currently live in a security industry that sometimes struggles to achieve its goals due to various factors such as lack of interest towards standard education which is mainly caused due to cybersecurity’s sometimes repetitive and unrelatable reputation. In an overarching sense, this can be related to both my STS and technical research because the STS research explores the nature of the struggle between security experts and users while the technical research explores making an applied solution to the explored problem by creating a newer gamified approach. My sociotechnical research focused on utilizing the SCOT framework to analyze the trends of interactions between several social groups with those being users, cybersecurity professionals and attackers. This analysis was done to examine the disconnect that sometimes exists between security teams and users about the necessity to follow security practices. Following the analysis of several studies the conclusion was that users and security professionals are in a kind of conflict with one another in terms of creating a level of understanding about the importance and distribution of responsibility for security actions. It’s also important to note that there is also a lack of understanding for the role attackers play in security breaches as their motivations and tactics can vary depending on the specific environment being targeted. My technical research focused on making a gamified cybersecurity learning web app we called Cybersec Learning which was created with the goal of forming a more fun and relatable method of cybersecurity training. The app consists of four mini-games focusing on helping users create secure passwords, identify phishing emails, malicious links, and OSINT techniques attackers utilize. After the app was created we launched a beta test on over ten separate testers from different backgrounds and we found that there was a universally large level of engagement towards the gamified aspect and leaderboard placement across all games. The results of my technical research’s limited scope beta test suggests that a more interactive approach greatly increases interest in cybersecurity learning. This increased interest would serve to address the goal of creating a more collective approach to cybersecurity as it allows users to gain a better understanding of security needs in a more relatable way. The results gathered from my sociotechnical research warrant some further investigation into the relationships between the three outlined groups from earlier as I believe a better understanding of their relationships may allow us to better understand the needs of users and security experts to defend against attackers. Going forward I believe researchers should conduct a much wider beta test of a similar gamified approach to see if my initial results are consistent across a much larger scale. This mixed with a better understanding of relationships between security experts, users, and attackers could be a crucial breakthrough as it would change the general conception of security training and make our organizations and consumers safer. I would like to take the time to thank several key contributors who assisted with the construction of this thesis. First, I want to recognize my app’s beta testers and my technical project teammates Andy Li, Andy Wang, and Iuri Vintonyak. My teammate’s efforts in working alongside me to construct our Cybersec Learning web application were critical to the technical project’s success. I would also like to thank Caitlin Wylie for serving as my STS advisor and Mark Sherriff for serving as my technical advisor. Your words of encouragement and advice provided great assistance in shaping both projects into a spectacular final product. I would also like to give one last thank you to Peter Wettergreen who gave me my first job in professional level cybersecurity and inspired me to pursue this thesis topic.

BS (Bachelor of Science)

cybersecurity; education; social engineering

School of Engineering and Applied Science Bachelor of Science in Computer Science Technical Advisor: Mark Sherriff STS Advisor: Caitlin Wylie Technical Team Members: Iuri Vintonyak, Andy Li, Andy Wang

English

2026-05-06