Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Gamification of your Global Information Security Operations Center - RSA 2015

0 views

Published on

This presentation shows how the Whirlpool Corporation and Morphick, Inc. are using gamification to keep their ISOC analyst and incident response team members enthusiastically engaged while at work.

Published in: Leadership & Management
  • Be the first to comment

Gamification of your Global Information Security Operations Center - RSA 2015

  1. 1. #RSAC SESSION ID: Kevin McLaughlin Kody McLaughlin Gamification of your Global Information Security Operations Center HUM-R03 SOC Team Lead Morphick @InfoMoogle Global Information Security Leader Whirlpool @mclaugkl
  2. 2. #RSAC What is Gamification? 2  Using game mechanics and rewards in a non-game setting to increase engagement and drive desired behaviors
  3. 3. #RSAC What Does it Take?  Understanding of Gamification Methodology  The Strategy  Resource Time  Budget  Buy In 3
  4. 4. #RSAC ISST Aces 4 Doug “Shiny” W. Ben “Goose” O. Kevin “Keystone” M. Philip “Badger” B.
  5. 5. #RSAC Benefits to an ISOC  Speed up the analysis process  Encourage knowledge sharing  Accelerate the adoption of new technologies  Improve training and education programs  Raise morale  Make it fun! 5
  6. 6. #RSAC Goals of the Gamification Program Goals Define desirable behaviors Encourage the performance of those behaviors Measure that performance Reward excellence 6
  7. 7. #RSAC 2014 Malware on Workstations Remediation 7
  8. 8. #RSAC Desired Behaviors  Quick initial response to a case  Quick resolution of a case  Accurate resolution of a case  Quality documentation of a case  Continued growth and learning of team 8
  9. 9. #RSAC The Game Shall NOT:  Be tied to a bonus or promotion in any way  Be subject to performance reviews  Add stress or pressure 9
  10. 10. #RSAC The Game Shall  Allow players to be creative  Allow players to set their own pace  Offer rewards that represent an achieved status  Motivate growth and mastery  Be designed specifically for your unique culture  Have clearly defined progression and rewards  Be fun! 10
  11. 11. #RSAC How to be Creative  Player personal identity  Self expression  Autonomy 11 Awesome ninja avatar Awesome ninja name Awesome ninja color
  12. 12. #RSAC Zero Day Malware Wanted Posters 12
  13. 13. #RSAC Reward Positive Behavior  Titles  Badges  Knick-knacks  Challenge Coin  Plaque  Levels  Privilege 13 The sheriff of incident response
  14. 14. #RSAC Motivate Growth and Mastery 14 Frequent victories Relevance Reputation Recognition
  15. 15. #RSAC Progression and Rewards 15
  16. 16. #RSAC Game Types 16 Cooperative Competitive Blended Solo
  17. 17. #RSAC Game Mechanics Points Leaderboards Achievements Missions Contests Levels 17
  18. 18. #RSAC Apply Slide  Next week you should:  Define business goals  Define the behaviors that will meet those goals  In the first three months following this presentation you should:  Select your game type and mechanic  Select your prizes  Deploy  Within six months you should:  Evaluate program effectiveness  Tweak and redesign as necessary 18
  19. 19. #RSAC Thank You Don’t Forget Your Coin 19

×