On the Requirements for Serious Games geared towards Software Developers in the Industry

TL;DR

This paper explores the specific requirements for designing effective cybersecurity serious games aimed at software developers in industrial settings, emphasizing industry constraints and educational effectiveness.

Contribution

It provides a systematic approach to identifying design requirements for industrial cybersecurity training challenges through literature review, expert interviews, and participant feedback analysis.

Findings

Identified key industry-specific constraints for cybersecurity training

Developed a set of design requirements for industrial cybersecurity challenges

Gained insights from real-world industrial cybersecurity training experiences

Abstract

Teaching industry staff on cybersecurity issues is a fundamental activity that must be undertaken in order to guarantee the delivery of successful and robust products to market. Much research attention has been devoted to this topic over the last years. However, the research which has been done has not focused on developing secure code in industrial environments. In this paper we take a look at the constraints and requirements for delivering a training, by means of cybersecurity challenges, that covers secure coding topics from an industry perspective. Using requirements engineering, we aim at understanding the design requirements for such challenges. Along the way, we give details on our experience of delivering cybersecurity challenges in an industrial setting and show the outcome and lessons learned. The proposed requirements for cybersecurity challenges geared towards software developers in an industrial environment are based on systematic literature review, interviews with security experts from the industry and semi-structured evaluation of participant feedback.