In October, we acknowledged several worthwhile events and causes including Breast Cancer Awareness month, ADHD Awareness Month, and Socktober. But more importantly for organizations, it was Cybersecurity Awareness Month!

Why is cybersecurity awareness important?

Data is the new oil. Data breaches can cost more than just money. An attack can damage an organization's reputation and its entire business operations. Safeguarding data is the No. 1 priority of any organization.

An organization's cybersecurity responsibility is frequently placed solely on the security operations center (SOC) team, but it is important to recognize that the first level of security starts with every employee.

To tackle the security-related knowledge deficit between SOC teams and other employees, let's gamify the learning process! Here are four creative games to share with your employees in November as a follow up to Cybersecurity Awareness Month.

Project: Cybersec(you)rity

I'm gonna call this "Project: Cybersec(you)rity" because the aim is to convey to employees: Security begins with YOU! This can be an initiative by the SOC team and hosted by SOC managers. You can play each game throughout the month, before we wrap up on November 30, Computer Security Day.

NOTE: This blog provides guidance and a framework for the games. You can customize them according to your orgaization's needs.

How to organize teams for the games

You can go about it in either of two ways so you can frame the questions appropriately:

  1. Divide teams based on departments or,

  2. Divide teams based on the individuals' risk scores as shown by your UEBA-powered SIEM solution.

Without any further delay, here are the games:

1. Escape Room

There is no better way to convey the idea of a cybersecurity trap than through the Escape Room.

Teams: Create as many groups as required, each comprised of up to five employees. These are the employees who will undergo this awareness training.

Game Plan: Each group will be asked to enter a room and answer questions, or complete the tasks assigned to them. If, as a team, they successfully answer all the questions, they will progress to the next room. There will be five rooms in total. Draft a set of five questions with varying themes for each room. For example, Room 1 could focus on phishing, Room 2 on malware, Room 3 on data privacy, Room 4 on supply chain attacks, Room 5 on insider threats, and so on.

The question could either be in task format or MCQ format. See below for examples of both formats. Either way, a designated leader of the games, the Facilitator, should be available to confirm that the players are not breaking any game rules.


  • For most tasks, the Facilitator will not have much to do beyond overseeing the challenge; but for MCQs, the Facilitator is expected to score answers and decide if the team qualifies to move to the next room or not.
  • Only the team which performs the task correctly or chooses the right answer gets to go forward; otherwise, they lose this specific game.
  • Teams cannot seek help from any electronic devices.

Some examples of tasks and questions:

  • Task: Provide a report from ManageEngine Log360 with mock data that shows user logons and ask them to identify the user with suspicious logon activity (for example, a report that contains multiple user names from the same IP address). If they perform the task correctly, they move to the next room.
  • MCQ: Create questions that test the employees' knowledge about passwords or multi-factor authentication. If they answer 75% or more of the questions correctly, they move to the next room.

2. SIEM and hacker

This game is the cybersecurity version of Snakes and Ladders.

Teams: This is a game for individuals with higher risk scores. In this game, you'll be drafting questions based on the activities that contribute to high risk scores, as indicated by your SIEM solution. One team will have two players: the one with the higher risk score will be on the board, and the other, with the lower risk score, will be the "friend" and will stay off the board.

Game Plan: The player on the board moves with the roll of a die. Every time they land on a snake's head or the foot of a ladder, a question is asked by the Facilitator. If the player answers correctly, they escape the snake bite or get to go up the ladder. If they don't, they either move to the tail of the snake or stay at the foot of the ladder. The player can be assisted by the "friend" outside the board up to twice during this entire game.

Every time the player rolls a "6" on the die, they may earn an extra turn, provided they answer the question correctly.


  • The player can enter the board whenever "1" or "6" falls on the dice, and it receives an extra turn every time the dice lands on a "6" (provided they answer the question correctly).
  • Players cannot seek help from any electronic devices.
  • The friend also must not consult any electronic devices when providing a response to a question.


  • Show them a phishing email and ask them to identify the red flags. (Ideally, the phishing email example should feature at least three suspicious components in its text and graphics.)
  • Ask the players which of the following qualifies as a strong password. (This could include four options, such as "mike123", "dsfgjhfljskd", "nsGGjdbdh8", and "dbYbdf@75".)

3. Strongest password first

Teams: This game can be played by anyone as it teaches what a good password is. To make the best use of the game, identify users with weak passwords in your Active Directory using our free tool. This game can be played with multiple people (50-75 if there are no space constrains). All the participants stand in a straight line horizontally and will take one step forward if their answer is a "yes", and one step backward if their answer is a "no".

Game Plan: Create a set of criteria that features at least three of the four good password parameters that includes: a minimum of 12 characters, uppercase and lowercase letters, numbers, and symbols. Each time a user has a password that contains the parameter the facilitator announces, the individual steps forward, if their password does not, they step backward. You can ask general or specific questions like:

  • Do you have a password with at least one special character?
  • Do you have a dollar symbol in your password?

By the end of the game, the individual(s) with the worst password should be located towards the back of the room, and the individual(s) with the best password have moved to the front.

At the end of the game, as part of the SOC team, you can list the names of individuals who have weak passwords, and ensure they become more aware of password best practices. You can also decide if you want to set password policies for your entire organization to reinforce the use of strong passwords in the organization.

Rule: Ensure that everyone can take a movement for every question (either forward or backward). As the Facilitator, try to come up with at least 10 questions to make this game more fun!

4. Imposter

Teams: Using ManageEngine Data Security Plus, identify individuals who own sensitive files. These would be those with high risk scores, as identified by the tool. This might be the majority of players in this game. Before the game begins, the SOC team should discreetly contact one player and ask them to be the Imposter in the clan. Enlist the help of a IT security professional or your organization's red team to create a mock malicious attachment with a double extension to be utilized by the Imposter during the game.

Game Plan: Every participant sends an email with an attachment to every other participant in the game. For example, if there are 10 players, each player will send an email with an attachment to the nine other players. One attachment will be the "malicious file" (from the Imposter) and the player who identifies the Imposter first is the winner.

An example of how this could be executed is: The Facilitator can ask the group a set of questions and request that players of the game record their responses in email, but not send the email until directed. One of these questions will involve having players in the game send an attachment with their email, such as a picture of their favorite or recently visited place, to all other players. The Imposter will secretly add the faux malicious attachment in the email sent to the others in the group. After the emails from all game participants have been sent, the Facilitator will announce that one task in this game is to identify who sent a "malicious" attachment. The participants will assess the emails and note the answer with the explanation on a paper which will then be collected and reviewed by the Facilitator.

Rules: For determining who the Imposter is, each player should make their guesses on a piece of paper, and not announce it out loud. They will also need to explain why they made the choice that they did. The Facilitator will collect these paper sheets to review these responses and eventually announce who detected the Imposter's "malicious" email and how they determined this.

To receive vital information about cyberthreats and security, visit our SIEM Experts Talks website. Stay up to date with the latest trends by signing up to receive notifications in email. It's your best source of information on cybersecurity that impacts your organization. Here, too, you can also watch our popular “Threats in three minutes” videos that address current cyberthreats and provides helpful details about how they spread, and how to contain and mitigate them.

You can also learn more about ManageEngine Log360, our one-stop solution for all your SIEM needs. Explore on your own through a free, fully functional 30-day trial, or schedule a free personalized demo with one of our solution experts to receive answers to your product related questions.

  • Please enter a business email id
  • By clicking 'Read the ebook', you agree to processing of personal data according to the Privacy Policy

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.