Gamification of Tabletop Exercises
Download as PPTX, PDF0 likes384 views
This document discusses using tabletop roleplaying games (TTRPGs) to improve traditional tabletop exercises (TTXs) for security training. TTRPGs are more engaging than TTXs as they encourage creative problem-solving and novel solutions through an immersive fictional scenario. Examples show how TTRPG mechanics like character classes and crisis scenarios can address common issues in TTXs like lack of participation and engagement. The document argues TTRPGs promote better information retention than stressful compliance-focused TTXs and provides resources for incorporating TTRPG elements into security exercises.
![tabletop exercise [ˈteɪbəlˌtɑpˈɛksɚˌsaɪz]
(noun)
A discussion-based session where team members meet in an informal,
classroom setting to discuss their roles during an emergency and their
responses to a particular emergency situation.1
tabletop game [ˈteɪbəlˌtɑpˈɡeɪm]
(noun)
A group experience designed to get participants to solve problems by
together in an immersive setting.
1 https://www.ready.gov/exercises. Last accessed 7July 2021.](https://image.slidesharecdn.com/gamificationoftabletopexercises7-210729231407/85/Gamification-of-Tabletop-Exercises-4-320.jpg)
Gamification of Tabletop Exercises
- 1. GAMIFICATION OF TABLETOP EXERCISES Playing D&D For Fun And Security Kelly Ohlert @gwyddia
- 2. WHAT IS A KELLY OHLERT? • Risk Advisor at Leviathan Security Group • Tabletop Roleplayer and Scenario Designer • Lawyer (Nacho Lawyer) since 2005 • @gwyddia
- 3. WHAT IS THIS TALK ABOUT? • What is a traditional tabletop exercise (TTX?) • What is a tabletop game (TTRPG?) • How do they compare? • Why are TTRPGs more interesting? • How can we use TTRPGs to improve information retention and security?
- 4. tabletop exercise [ˈteɪbəlˌtɑpˈɛksɚˌsaɪz] (noun) A discussion-based session where team members meet in an informal, classroom setting to discuss their roles during an emergency and their responses to a particular emergency situation.1 tabletop game [ˈteɪbəlˌtɑpˈɡeɪm] (noun) A group experience designed to get participants to solve problems by together in an immersive setting. 1 https://www.ready.gov/exercises. Last accessed 7July 2021.
- 5. Traditional tabletop exercises (TTX) have serious flaws. Tabletop roleplaying games (TTRPG) are fun. Why are TTRPGs fun? Why do we care? How can you use this information to improve your existence?
- 6. EXERCISES ARE KIND OF A BIG DEAL • Traditional exercises are designed to test people or processes before the worst happens • Widely used to meet compliance requirements • Can be extremely detailed simulations
- 7. BUT THEY’RE NOT THAT GREAT ACTUALLY • Often more about checking off boxes than exploring possibilities • Can be stressful for the players because they fear “failing” • Rarely use dice
- 9. TABLETOP GAMES ARE PRETTY GREAT • Designed to entertain by making people work together to solve problems • Encourage novel solutions and welcome failure • Are more suspenseful than stressful • Often use dice
- 11. Almost all creativity involves purposeful play. – Abraham Maslow
- 12. WELCOME TO FUZZBUTS V. FUZZBUTTS1 • Fuzzbuts.com is an up-and-coming cat picture aggregator site. Their Deep Purring algorithm harnesses the ability of real cats to hate each other to allow for excellent feline sorting. • Security budget of yes. • CEO who likes to go rogue. 1 Not a typo.
- 13. COMMON ISSUE#1: NONE OF THESE PEOPLE HAVE EVER BEEN IN THE SAME ROOM
- 14. SOLUTION: CHARACTER CLASSES Billie Kottur Class: C-suite Abilities: Budget of Yes Social Media Credentials Minotaur Security Class: Security Team Abilities: Eager Pentesters License to Kill Fuzzbutts.com Class: Direct Competitor Abilities: Trade Secrets I Just Hate You So Much!
- 15. COMMON ISSUE#2: ONE PERSON IS DOING ALL THE TALKING
- 16. SOLUTION: KILL OFF THEIR CHARACTER
- 17. COMMON ISSUE #3: EVERYONE IS HALF ASLEEP
- 18. SOLUTION: ARIZONA BAY SCENARIO
- 19. Learning needs to have taken place at the conclusion of a learning journey. - Rudland, J.R., Golding, C., & Wilkinson, T.J. (2019).
- 20. • If you like this, what can you do? • If you’re in charge of running these things, steal a few ideas and spice it up. • If you have to do these things, and you can, rock the boat during the exercise.
- 22. RESOURCES • Backdoors and Breaches (BHIS) https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/ • Oh Noes! (Bruce and Robert Potter – expel) https://info.expel.io/oh-noes • Adam Shostack https://adam.shostack.org/games.html • Me @gwyddia on Twitter
- 23. REFERENCES • Operation CyberStorm https://www.cisa.gov/cyber-storm-2020 • Department of Homeland Security https://www.ready.gov/exercises • Maslow, A. H. (1943). A theory of human motivation. Psychological Review, 50(4), 370–396. https://doi.org/10.1037/h0054346 • Rudland, J.R., Golding, C., & Wilkinson, T.J. (2019). The stress paradox: how stress can be good for learning. Medical Education, 54(1), 41-45. https://onlinelibrary.wiley.com/doi/full/10.1111/medu.13830 • Wallace, Jennifer. “Why It’s Good for Grownups to Go Play” The Washington Post 20 May 2017: n. pag. Washingtonpost.com. Web. 23 June 2021 https://www.washingtonpost.com/national/health- science/why-its-good-for-grown-ups-to-go-play/2017/05/19/99810292-fd1f-11e6-8ebe- 6e0dbe4f2bca_story.html