What are your plans for Cybersecurity Awareness Month: changing your passwords, attending a few webinars, upgrading your firewall? How about spending the month playing games in a virtual Cyber Carnival?
Starting tomorrow (Tuesday, Oct. 6) anyone is welcome to do just that, courtesy of Katzcy. The security consulting firm -- which describes itself as focused on growth hacking and "cyber as a sport" -- is kicking off a month-long program of cyber games for people to play that are grounded in lessons about security. The games are geared toward the general public, with levels for IT security professionals as well as those with no security background.
The overall goal of the event is to demonstrate the critical role of gaming in building a smart cyber workforce and to help people increase their own security awareness, while giving them something fun to do.
"Security training has gotten kind of dry for a lot of employees. Webinars are getting tiresome," said Jessica Gulick, CEO of Katzcy. "Cyber is a unique market where competition not only breeds the best security professionals but gaming teaches the masses hands-on how to spot an attack."
The Cyber Carnival Games and events are free to play and attend, courtesy of sponsors including SANS Institute, EC-Council, Women's Society of Cyberjutsu, and others.
Games were developed for the Carnival by six security gaming platforms: LivingSecurity, SANS Tomahawque, PacketWars, ShyftED, and US Cyber Range. They include capture-the-flag games such as The Hacker Harvest (US Cyber Range), card games like What Do the Cards Hold for You? (ShyftED), escape rooms like The Cyber Escape (Living Security), and more. Most are listed as open to "newbie to expert"-level security gamers, with basic challenges at the start of the games that ramp up as players advance.
The games all have security lessons and implications. With ShyftED's card game, for example, each player gets five cards. From there they can choose to attack their opponent with their cards or decide instead to apply security controls to their organization.
"It helps the player learn about different things like, what are certain attacks? And what are certain policies? And it brings a higher level of awareness that there is an impact to every decision you make," said Gulick.
Gulick, who is also the president of the board at the Women’s Society of Cyberjutsu (WSC), believes games are a key part of building more diverse cyber security workforces as well.
"From a diversity standpoint, we need fun ways that aren't expensive trainings or expensive certifications that require, you know, four-to-six years of education. We've got to get past those barriers that make it hard for some of the diverse poolsets to really enter the market. And that's where games and tournaments can help."
In addition to letting people play games, the Cyber Carnival will also host watch parties. Gulick acknowledges that "watching" gamers has become a huge thing culturally speaking (see: Twitch and its 140 million monthly users), so the Cyber Carnival will host watch parties for "fans and spectators" who want to get involved in the fun but don't necessarily want to play.
"People care about actually watching other people play now," said Gulick. "So the beauty of that with cybersecurity games is that we can bring high-end players who are best in their field to do some really cool stuff, and people want to watch them hack."
Not only is this fun, but Gulick sees the framing of gaming as a positive for the cyber community as a whole, as it's a way of recognizing "cyber athletes."
"We talk about hackers and the bad guys all the time. We give them too much attention," she said. "This is our way of giving good guys some well-earned attention. Hopefully this is the first of many years of the cyber games bringing everybody together.
By the way, just because it's a cyber carnival you're attending from home doesn't mean you'll leave empty-handed: Players will have the chance to enter raffles and win prizes, including an Apple Watch, Nintendo Switch, and others.
Cyber Carnival Games kicks off Tuesday, Oct. 6, with an introduction of all the games and a keynote from Kelvin Coleman, executive director of the National Cyber Security Alliance (NCSA). The events run through October 29. You can sign up to play (and watch) at cybercarnivalgames.com.