Rethinking Cybersecurity Education

The world is becoming increasingly interconnected, and with it comes a growing need for robust cybersecurity measures. As Malaysia accelerates its digital transformation through national initiatives such as MyDIGITAL and the newly enacted Cyber Security Act 2024, the need for a skilled cybersecurity workforce has never been more pressing.

With substantial investments in digital infrastructure outlined in Budget 2025, adopting innovative learning approaches in cybersecurity education is crucial to developing a future-ready, cyber-aware generation. Traditional methods, often heavily theoretical and text-based, are no longer sufficient to engage today's learners or equip them with the practical skills needed to navigate an increasingly complex threat landscape.

Malaysian educators must rethink how cybersecurity is taught to keep pace with these changing demands. Innovative pedagogical strategies, notably gamification, can help achieve this goal. Gamification transforms passive learning into immersive experiences by incorporating game design principles such as competition, achievement-based rewards, and problem-solving challenges.

When applied to cybersecurity, gamification enables students to explore realistic cyberattack and defense scenarios within a safe and controlled environment. Simulations, virtual labs, and "Capture the Flag" (CTF) competitions can help build critical thinking, technical confidence, and strategic decision-making – skills essential in today's digital landscape.

These gamified experiences also boost learner engagement and motivation by making lessons feel like real missions. For example, CTF Malaysia challenges university students to apply their theoretical knowledge to real-time cybersecurity problems, effectively bridging the gap between theory and practice.

The Cyber Heroes programme by the National Cyber Security Agency is another notable initiative that uses interactive workshops and game-based modules to raise cybersecurity awareness among school students. Students who participate in these modules often demonstrate improved recall and deeper understanding of digital safety practices compared to those taught using conventional methods.

At the tertiary level, competitions such as CTF Malaysia continue to challenge university students to apply their theoretical knowledge to real-time cybersecurity problems. These efforts align with national education priorities outlined in the Malaysia Education Blueprint for both school and higher education, which emphasizes digital competency, experiential learning, and industry-relevant skills.

Gamification supports these goals by providing students with dynamic, hands-on learning experiences that mirror the demands of the modern workforce. Furthermore, it serves as a promising strategy to help close the widening talent gap in the cybersecurity sector.

Educators can begin incorporating gamified elements into their curricula through accessible platforms such as Hack The Box and TryHackMe, which offer structured challenges in areas like ethical hacking, malware analysis, and network defense. Even modest interventions, such as gamifying assessments with leaderboards or designing role-based scenarios, can significantly boost student engagement and learning outcomes.

Importantly, gamification also promotes inclusivity by making cybersecurity education more accessible. It enables students from diverse academic backgrounds, including those with limited technical experience, to build foundational skills and confidence.

This inclusive approach is particularly valuable in Malaysia's effort to increase nationwide cybersecurity literacy and resilience. While gamification should not replace foundational theoretical instruction, it is a powerful complementary tool that bridges the gap between knowledge and real-world application.

As Malaysia advances towards becoming a regional digital hub, it is essential that our educational strategies evolve alongside these ambitions. By gamifying cybersecurity education, we can inspire and equip the next generation of digital defenders who are skilled, curious, and ready to protect us against the challenges of an increasingly connected world.

About the Author

Dr Siti Zainab Ibrahim is a senior lecturer at the School of Computer Science, Faculty of Innovation & Technology, at Taylor's University. She champions innovative, gamified approaches to cybersecurity education that bridge theory and practice, preparing students to thrive in the digital age.

The views expressed here are the writer's own.