Whether you’re a hard core information security professional or someone in a large corp who has to be hit with the “security awareness” stick, learning new security concepts can be difficult. Conventional training and awareness education can be tedious and boring, oftentimes leaving the trainee disengaged and confused. Positive reinforcement in an important concept in education. As it turns out, it’s also an important concept in gaming as well. By marrying gaming with security education, we can create conditions where people actually WANT to learn more, are able to explore advanced concepts in novel ways, and ultimately become more engaged in this industry. There’s a long history of gaming in information security, especially in the form of Capture the Flag contests that have become commonplace at conferences. This talk will explore the history of CTF contests and how they have evolved over the years. It will also examine other games that have become valuable to hardcore infosec professionals such as Hack Fortress and various physical security security challenges. We will pick apart these games to see what makes them successful, engaging, and educational. This talk will also explore games that can be used to engage non-security pros to help educate users about core security concerns and concepts.
Bruce Potter is jack of many trades and master of none… well, maybe public speaking, but that’s about it. Bruce has been doing security related things for nearly 20 years, which makes him feel old. Bruce is the founder of The Shmoo Group, helps out with ShmooCon, and has more Shmoo-branded shwag in his basement that he’ll publicly admit. He is the co-founder and CTO of Ponte Technologies, a research and engineering company based in Ellicott City Maryland.