CSCUK

Cyber Security Stories

Why games are a crucial tool for teaching young people about cybersecurity

Videogames can help young people to learn the basics of cybersecurity, says Zayd Dawood, university lecturer and game designer for Cyber Security Challenge UK.

Computing lecturer Zayd designed a game to teach young people the pitfalls of cybersecurity in a vivid, exciting way in partnership with Cyber Security Challenge UK. Zayd and his colleagues had brainstormed ideas including escape rooms and 3D puzzles – but eventually settled on a Mario-style platform game set in a futuristic landscape.

The idea is to teach young people the basics of Britain’s Computer Misuse Act – via the antics of a robot character, Astro the Android, in a two-dimensional cyberpunk world filled with chatty NPCs (non-player characters). The game is playable free on both PC and smartphones here.

‘The Cyber Security Challenge UK is trying to make people who have access to the digital world realise that not everything there is safe. Hopefully we show that even some of the things that young people might have a go at doing themselves, might actually get them into trouble.’

It’s important that young people immerse themselves in technology so that they can understand both the good side and the ‘dark side’ of technology, Zayd believes. Part of that is to learn about and understand the ‘dark secrets’ of the cybersecurity world. Young people need to be able to make informed decisions, Zayd believes.

‘It’s important that they delve into the information around cybercrime as much as possible – to avoid being in a position where they’ve caused an offence. It can be a grey area, because nowadays being a hacker isn’t always a wrong thing to do: the world is looking for hackers who do the right thing.’

The Cyber Security Challenge is no stranger to using games to spread its message to technically able young people, with web games on its site such as Cyberland, which offers 16 immersive activities that teach important safety lessons about staying safe online, and introduce key cyber concepts such as firewalls and phishing.

Astro the Android is a more in-depth experience teaching the ins and outs of the Computer Misuse Act, which was brought in in 1990 just before the dawn of the World Wide Web to cover then-emerging offences such as hacking. The act governs issues such as hacking into computer systems, computer fraud, blackmail and viruses. Failing to comply with the Computer Misuse Act can lead to fines or prison sentences.

The game is a full-fledged action title, where Astro has to collect items and avoid enemies, as well as collecting the game’s currency (called ‘crypto coins’). Throughout the levels, there are also NPCs who ask questions (themed around what is and isn’t illegal under the Computer Misuse Act). Answering the questions correctly scores the player points – and helps them rise up a global leaderboard.

‘They can see their score on a leaderboard, which is globally active – so every player can see where they are compared to other players around the world. I have really enjoyed the challenge of working out how games get made. ‘What do you need to do to tell the computer to make your character jump? So I hope people enjoy it!’

Zayd believes that young people need to know more about cybersecurity because the field is growing in importance every year. Zayd points out that there are dozens of careers available for young people in the cybersecurity field, from lawyers that specialise in a cybercrime, or a programmer who designs apps to stop Trojan attacks.

‘Cybersecurity is a challenge in itself,’ he points out, ‘Because you’re up against people who are out to cause damage – and who want to prove they are better than you.’

The Cyber Security Challenge offers  games and activities themed around cyber security, including Astro the Android and ‘Cyber Land’ activities which offer fun ways to engage with the basics of security. Click here to visit and learn more about Cyber Security Challenge and its work with young people. Interested in taking part in a future blog? Email us here.

Alex Roxon on why ‘gamification’ is key to inspiring young people to work in cybersecurity

Games and puzzles are one of the best ways to ignite an interest in cybersecurity in young people, says Alex Roxon, Infosec and Cyber Consultant at Cortida Limited.

Alex became involved in the Cyber Security Challenge due to the Challenge’s use of ‘gamification’ as a way to reach out to young people – as it’s an approach he believes works. Alex previously produced his own cybersecurity playing card deck filled with cyber attacks and defences – and a pick-your-own-path novel about an attack by a sinister cyber threat group called Golden Slug.

Organisations can’t afford to have a boring message if they are going to get through to young people, Alex believes – it has to be something that grabs the attention. He says, ‘If it’s PowerPoint, or someone reading from a slide and it’s incredibly dull and not inspiring, it’s not going to capture anybody.’

Gamification helps to communicate an important message to young people: that cybersecurity offers well-paying jobs which they could be good at. The messaging has to be fun because young people sometimes need guide rails to ensure they use their talents, Alex believes. That’s why the Cyber Security Challenge’s work with young people is so important.

‘There’s a few very talented penetration testers who started off by being criminals,’ Alex says. ‘They are curious and have this energy and this enthusiasm about computers, but because they didn’t have any guide rails to work with, they strayed into the wrong territory.’

Alex is passionate about capturing that energy and persuading young people to go into cybersecurity jobs. He points out that there are great salaries on offer for technically astute young people. While young people can ‘change tack’ and become penetration testers after dabbling in crime, the picture is brighter for young people who go straight into cybersecurity.

Alex says, ‘If that positivity and that enthusiasm can be captured really early on, the sky’s the limit for those people.’

Alex hopes to speak at schools and give away copies of his cybersecurity card deck and book as part of his work with the Cybersecurity Challenge. The card deck is a normal set of playing cards, but with cybersecurity attacks and defences on them – each card depicting one cybersecurity concept. Hearts and diamonds are ‘red team’ activities (attacks) and clubs and spades offer defences.

Alex’s book, ‘Choose Your Infosec Path’ was inspired by the Give Yourself Goosebumps stories he read as a youngster – but here, readers pick what to do in a cybersecurity crisis.

‘You’re a CISO at a company,’ he says. ‘You get told by the boss that there’s a new threat actor on the loose called Golden Slug, and your choices will dictate whether it ends in disaster or triumph.’

With 50 or 60 endings, the book is designed to teach beginners the basics of cybersecurity – written in plain language and targeting youngsters without any background in the field, and capturing some of the excitement of the job.

Alex believes it’s important to keep growing the talent pool for cybersecurity – and that games and puzzles are a vital part of that.

The Cyber Security Challenge offers  games and activities themed around cyber security, with its ‘Cyber Land’ activities offering fun ways to engage with the basics of security. Click here to visit and learn more about Cyber Security Challenge and its work with young people. Looking for a guest speaker for cyber careers at schools or universities? Get in touch with Alex Roxon via alex@roxon.co.uk

 

 

 

Why there’s never been a better time for women to go into cyber security

There is more and more support for women hoping to break into the cyber security industry, according to Dasha Diaz, founder of cyber security training company itrainsec.

Joining the industry fresh out of maternity leave, Dasha was surprised by how much she found herself thriving in a techie environment.

Now, she’s encouraging as many others as possible to shift the gender imbalance and take their space in the spotlight as an increasingly recognised female founder.

Even from the start, her colleagues were supportive (she believes that cyber security is among the friendliest industries around) – but admits there was an element of, ‘You’re a girl, what are you doing here?’.

Dasha has since worked to put in place systems to help other young women break into the industry.

‘When I put cyber security conferences together, I thought, from the beginning, that we want more women on the stage. We talked about this at every edition of the conference, from the beginning: we wanted more women to be represented. That was a done deal.’

‘But when we tried to recruit more women, to begin with, some women were messaging me and asking, “Do you think I really need to participate?” They were very shy. I was like, “I am here, I want to help you. We have women on the programme committee. Don’t worry about it!”

At this year’s Barcelona Cyber Security Congress, itrainsec organised the Hacking Village, where CSC UK’s Bob Nowill gave a talk on education and winning the talent battle in cyber security.

itrainsec is also to offer CSC UK’s CyberAttack game as a tool for training in crisis management.

Dasha had the preconceived idea that cyber security was ‘boring and geeky’ before she started work for a large cyber security firm in Moscow, but then found herself increasingly fascinated by the topic.

She had started working in public relations, but then joined the research and analysis team. Dasha never considered herself a ‘techie’, or a mathematician, but became fascinated by the relationships within cyber security.

‘I learned everything about cyber security from zero. My head was blasting with everything I was learning. It was the best experience I ever had.’

She founded her own company, itrainsec in Barcelona in 2020, and now works with several foundations which are supporting women in cybersecurity. She believes that anyone can find their niche in cybersecurity.

‘You will always have an opportunity to learn. There is always something new, an opportunity to learn for yourself and to educate others. It won’t always be easy, but you’ll have a chance to learn and to share your knowledge.’

Dasha believes that cybersecurity has never been more important.

‘Every day in cybersecurity, you learn new things, and make your own discoveries. You don’t need to be techy to get into cybersecurity because there are a lot of opportunities. The industry is growing. It is basically the number one thing right now. Every company has to have its own cybersecurity department.’

That’s why Dasha believes the work of the Cyber Security Challenge UK is so important. Young people need to learn about all the threats they face, because cyber security is simply a part of everyday life. Every generation should be aware of the threats they face. She says, ‘You have to educate people. You have to educate your children. Cyber security is a part of our lives – and it will keep on growing.’

 

Coming soon