Winning the Cybersecurity Game by Hiring Gamers

With cybercriminals becoming more and more sophisticated, there is increasing pressure on cybersecurity professionals to be at the top of their game. New research is now suggesting that the way to do this is to hire gamers!

In June 2014 cyber security company McAfee published a blog post called “Winning the Game at McAfee: How Gamers Become Cybersecurity Workers.” The blog post argued that gamers possess the necessary skills to have a good career in cybersecurity and that the industry welcomes them.

“Video games brought me into computers and more technical areas of interest,” says Conor Makinson, a quality assurance engineer in Cork, Ireland. “Personally being one of the ‘young cybersecurity workers,’ I think that some games can really help develop mindsets that are beneficial to working in security.”

McAfee conducted surveys that led them to conclude that cybersecurity would benefit from more gamification. Gamification is when a game or puzzle process is applied to a non-gaming task. Games are fun because they involve the player taking action to solve problems or complete tasks and then awarding the player for solving the problem or completing the task. This lights up the reward center in your brain, giving you a sense of accomplishment.

We’ve seen several gamification style apps rise to popularity in recent years. One app I use myself is called “forest”. You, the user, are given a virtual glade in which you can grow virtual trees. You grow the tree by focusing on a task and not interacting with your phone during the growing time. You can set the amount of time you want to focus and you just have to focus for that allotted time. If you go off the app at all, your tree will die. You get to see a visual representation of all of the time you have focused by looking at your forest full of trees. The concept sounds a little silly, but it works.

There are also exercise apps where you are encouraged to run because zombies are chasing you – if the zombies are getting close, you better speed up!

Essentially, the idea behind gamification is that it’ll make something you have to do, or want to do, more fun. McAfee is arguing that there is a place for gamification within Cybersecurity. After all, the industry is all about finding clever new ways to be one step ahead of the cybercriminals – its problem solving, and in some ways, it is a game. You lose the cybersecurity game if you are hacked; if you’re a victim of ransomware; if your data is breached; if you forget to secure your systems, and if you are taken offline.

Below is an excerpt from the blog post:

“In our recent report, Winning the Game, 950 cybersecurity managers and professionals in organizations with 500 or more employees were surveyed to gain insight into innovation, employee-satisfaction, and gamification.

• 92% of managers surveyed say gamers possess skills that make them suited for a career in cybersecurity
• 80% of extremely dissatisfied employees who report their organization does not use gamification say they wish they did.
• 77% of senior managers say their organization’s cybersecurity would be much safer if they implemented more gamification.”

There is currently a shortage of cybersecurity professionals in the field and with companies competing for the best talent, some companies are left vulnerable to attack. Welcoming gamers into the cybersecurity industry could be an excellent way to bridge that talent gap and hire people with the core skills necessary to perform in the role.

IT can be a somewhat daunting industry to enter; there are often so many qualifications that newcomers are unsure what qualifications they need or how to sell themselves. Cybersecurity tends to also have a shortage of younger people.

According to the Global Information Security Workforce Study conducted by nonprofit ISC(2), not enough Millenials are going into the field. Only 7% of cybersecurity workers that were surveyed were under the age of 29, 13% were between 30 and 34 years old, and the average age of a cyber professional is 42.

Wesley Simpson, COO of ISC(2) said:

Over the next 10 years, we will have a large population of cyber professionals starting to retire. We don’t have a good plan to backfill those large number of folks starting to leave the industry. We need to be able to educate and bring awareness to all facets of cybersecurity, and [send a message] that regardless of if you have a technical degree or not, it’s a great, diverse, lucrative career for folks to get into

There is something that is making cybersecurity not seem like an appealing job area for young people, and it’s not entirely clear what that is. Some believe it could be the confusion surrounding the job process, how do you get into the field? Do you need a degree? What is the career timeline?

Or maybe its a case of it not appearing like a good fit. We like to work with people like ourselves because we think “if that person likes it, I probably will too.” If there aren’t many young people in cybersecurity then other young people may be put off joining. The same is true for tender. Women make up only 20% of the cybersecurity workforce – this may lead some women to believe it won’t be a welcoming environment for them.

It is clear that if the industry can’t appeal to a wider demographic then they will be in trouble in the future. It’s important to have a wide variety of people with a variety of experience in a cybersecurity team because the bad actors also have a wide variety of backgrounds. Gamification is one way to encourage younger people into the industry.

There are already empty jobs within the industry, so we need to act now to stop the problem becoming even worse – we, the cybersecurity professionals, need to win this game and hire gamers.