Skinner’s Gamification vs. CBT, etc.:
Gamification as it stands presently-defined treats people like children – and often worse: like rats who are effectively controlled via shocks and pellets. It represents an attitude both sinister and egregious; that of superiority. An attitude of control and further – a belief that that control is warranted and appropriate.
Setting aside the emotions that therapy and sobriety raise, let’s think about information security and the “game-ification” of security training in the workplace.
Here we bump into another of Seth’s take – Get Your Memo Read: (About which I already posted)
Consider a memo that was left outside my door at a hotel recently. The management distributed 1000 of them and perhaps ten people read it and took action.
Here’s what to keep in mind:
- Pattern interrupt. When was the last time you listened to the seat belt announcement on an airplane? We ignore it because we’ve been trained to ignore it. When you show up in a place, at a time, with a format that we’ve been trained to ignore, we’ll ignore you.
- Write a story. You seek engagement. Talk about me. About you, about yesterday, today and tomorrow. If you earn the first sentence, you’ll need to sell me on reading the second sentence.
- Frame the story. Help me compare it to something. Create urgency. Make it about me, my status, my needs.
- Chunk the message. How many things are you trying to say? (Hint: two might be too many). Let me scan instead of study.
- Include a call to action. Right here, right now.
Game-ification, at least as it relates to security education, rarely includes any of these points. In my experience, most security education programs embrace the airline safety video approach while slapping “game-ification” on the benefits. Giving away badges for doing the bare minimum isn’t helping anyone.