Gamification in Cybersecurity was very fashionable in the press in 2016.
As a deeply unfashionable person I waited the year for a discount, and took my username from the bribe in badge form that ISC2 paid me to join the community. I felt that this was a suitably ironic, even as I coveted the little graphic...
Do others have experiences, or amusing anecdotes to share on gamification?
Should we charge manically through the maze ringing bells for Cheese? Or stand firm collectively with simple human dignity and refuse as one to be labeled by the badge givers? More importantly is it usfeful?
I think that some badges are useful. If I am seeking advice, it is useful to know a respondent's credentials. It is also useful to know how active the respondent has been in the community. Other badges, such as the first reply, or first image badge, IMO, are just clutter. These types of badges, however, do encourage users to explore a site and learn its functionality.
Thanks for the reply.
I also wonder about it's general applicability in security, for example in running a SOC should there be a leaderboard fro Analysts? Or should we stack rank the most productive bug hunters - and beyond the 'drive traffic' angle is it helpful, neutral or harmful?
Some actual research ...
Interesting, though the use of ‘Gamifying’ in the article is misleading as this is a serious game used for teaching with user behaviour capture rather than gamification, game versus elements of games.
The article links to the paper though it’s buried in the text along with a Lastpass marketing report, the presentation, paper and recording can be found here: