IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

CU Denver Gamifies Cybersecurity Education

One business professor at the University of Colorado Denver is trying to woo students outside of computer science to the field of cybersecurity with a video game intended to make the subject more engaging.

Two people working on designing a video game on a computer.
ISC2, a member association for cybersecurity professionals, estimated in November that the cybersecurity global workforce grew from 2.8 million in 2019 to 5.5 million in 2023, but it’s not growing fast enough. The organization estimated that demand still outpaces supply, and another 4 million jobs are needed to adequately protect organizations and their resources.

In response to this problem, Ersin Dincelli, an assistant professor at the University of Colorado Denver’s (CU Denver) Business School, is taking a novel approach to building interest in the field: converting cybersecurity education into a video game.

Explaining his work in an email to Government Technology, Dincelli said he noticed that cybersecurity education is often theoretical and lacks the sort of engagement and interactivity necessary to attract and retain students’ interest. He said many students also view cybersecurity as a highly technical field reserved for computer science students. Hoping to shake this perception among an untapped demographic of students, he applied for nearly $300,000 in grant funding from the National Science Foundation and used it to create a game with a dynamic, three-dimensional world map, story-driven quests and ethical decision-making components to make learning about cybersecurity more engaging and accessible.

“By making cybersecurity education more enjoyable and accessible, it encourages more students to pursue careers in this field,” he said. “Additionally, cybersecurity skills are best acquired with experiential learning techniques that use real-life examples. Students should also be encouraged to learn through trial and error in a safe and protected environment without the fear of damaging computer systems.”

In the game, players control a team of hackers. The group can intercept communications between individuals, governments, corporations and other hackers. Players progress by hacking different systems around the world, learning fundamental cybersecurity concepts along the way. At the end of each quest, players must decide what to do with the information they acquired. The decisions influence how the game measures each user’s “ethics level” and what rewards they receive for completing the quest.

For example, one quest prompts users to gather information on a fictional politician using social media, such as geolocation metadata from photos and network communications. Then, they can hand over the information to law enforcement, post the information on social media or use the information to bribe the politician.

“There is no right or wrong answer because each decision path is a learning opportunity,” Dincelli said in a public statement. “Students experience firsthand how using cybersecurity skills unethically can lead to legal consequences and ruined reputations within a safe virtual environment.”

According to Dincelli, other educators at CU Denver’s Business School can access the game and share their customized quests, exchange ideas, and provide feedback on the platform’s features to help him keep it up to date with always-changing cybersecurity concerns. He said this could help address a disconnect between cybersecurity defenders and attackers: that attackers can exploit vulnerabilities with ever-evolving tools and techniques, including artificial intelligence and innovative malware, while defenders and their workplaces often have limited resources and end up reacting to threats rather than proactively guarding against them.

“By making cybersecurity education more welcoming and engaging, we ultimately aim to attract a diverse student population, including underrepresented minorities,” Dincelli wrote in an email. “I believe our focus on inclusion will help address the global shortage of skilled and diverse cybersecurity professionals, contributing to a more robust and capable cybersecurity workforce.”