Arcades and Audits: What Gaming Can Do for Your Security Posture

Presented at BSidesSF 2019, March 3, 2019, 1:30 p.m. (30 minutes)

There are a number of audits related to business operations in the event of a catastrophic disaster, and they can be dull to prepare. How can an organization make preparation of these artifacts more tolerable and increase the participation of operations, engineering, and security teams? Gamify it! This talk will combine research demonstrating the long-lasting positive effects of arcade games (perception, attention, memory, and decision-making) and experience organizing these events at a company with a mature security program. Moreover, the psychology and benefits of gamifying these events can be used for red and blue teams alike. We'll touch on helpful NIST standards, as well as how to make the exercise immersive with simple controls (just like an arcade game). This talk will provide participants with best practices to create their own effective roadmaps for operational resiliency audits, while participants create mental maps for an actual catastrophic event and have fun.

Presenters:

• Miranda Fullerton - Duo Security
  Miranda is a SE on the Production Engineering (CloudSecOps) team at Duo Security. She exists online at https://twitter.com/0hh1miranda

Links:

• https://bsidessf2019.sched.com/event/JddW/arcades-and-audits-what-gaming-can-do-for-your-security-posture

Similar Presentations:

• Black Hat USA 2019 / Lessons From Two Years of Crypto Audits