The League of Legends game and human psychology are two things we don’t often associate with cybersecurity – but as an avid gamer, I encountered and observed many parallels between the tactics used to win games like League of Legends and the mentality that guides human behavior in general. Thus, when I began teaching security awareness and being a part of “the weakest link” conversation, I started to think about how we could address cybersecurity challenges in ways similar to how challenges are addressed in a game. When I want to win a particular game I put all my energy into: 1) focusing on myself and 2) supporting other players. The hardest thing for me and others to do effectively is to support other players. It’s easier to see their mistakes more than our own, so we tend to fixate on their every erroneous move. It’s frustrating when someone repeatedly makes the wrong play or does something “stupid.” Consequently, we tend to stop what we’re doing and spend our time typing or saying not-so-great things to the other player in hopes that they’ll see how wrong they were. And this generally has one or more of the following effects on that player:
- They get upset and thus become disoriented and distracted, thereby making more mistakes
- They become defensive (especially when they weren’t aware of the mistake)
- They feel bad and play worse (especially when they were aware of the mistake already)
- They “fight back” with an equal amount of aggression and toxicity
- They ignore you due to pride and ego
Yes, sometimes you encounter a “national gamer treasure” who responds like a gem: humble, grateful and motivated to do better. However, these treasures are rare, and though the world definitely needs more of them, we cannot build these treasures through fixating on people’s faults. Here’s what I learned through gaming that I now implement when teaching cybersecurity awareness:
No matter what someone doesn't know, what mistakes they’ve made, or what they’ve forgotten or overlooked, they’re still worthy of being seen as intelligent and capable in their own right.
We so often dehumanize the end-user experience and forget that we weren’t born with security knowledge. And for those of us that were, there are many subjects and skills in the world that we aren’t privy to, and perhaps never will be. The job of people who are privy to important knowledge is to think and teach it in a way that is empathetic. This is because the thoughts we utter translate into the words we speak and then the actions we take. No matter how micro or macro the actions are, they are felt and often become reality. Low expectation breeds low output. Garbage in, garbage out. And when we think the user is our weakest link, we start to say it often, and then we behave as if this is and will always be true. The question becomes: Do you think that the thoughts you have in your head could influence how someone moves through space? This question was taken from NPR’s How to Become Batman episode, and I believe we have in this very question a key to increasing cybersecurity awareness and implementation. These realizations allowed me to connect League of Legends, human behavior, and cybersecurity in a way that could make us think twice about how we approach the “end-user problem.” Want to hear more? I will be going deeper into this topic in my BSides Knoxville keynote speech on May 3rd at 1 pm. Learn more about the event here. A recording will be available here.
About the Author: Fareedah Shaheed is the founder and CEO of Sekuva, a cybersecurity coaching business, where she helps small business owners and families implement cybersecurity fundamentals in their businesses and lives. In her free time, she enjoys meeting new people, learning new things, and gaming. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
