Evaluating and validating the Serious Slow Game Jam methodology as a mechanism for co-designing serious games to improve understanding of cybersecurity for different demographics

We present an evaluation of a Serious Slow Game Jam (SSGJ) methodology as a mechanism for co-designing serious games in the application domain of cybersecurity, to evaluate how the SSGJ methodology contributed to improving the understanding of cybersecurity for different demographics. The aim of this study was to evaluate how the SSGJ contributed to improving the understanding of cybersecurity for young persons between the ages of 11 and 16 years old who had no formal training or education in cybersecurity, and to validate and compare these results to previous work where the same SSGJ methodology was used with a different target demographic (i.e.,M.Sc. students with no formal training or education in secure coding). To this end, we engaged 23 participants between the ages of 11 and 16 years old for 5 consecutive days over a one-week period, in a multidisciplinary SSGJ involving domain-specific, pedagogical, and game design knowledge, and encouraged engagement in-between scheduled events of the SSGJ. Findings show improved confidence of participants in their knowledge of cybersecurity, for both demographics, after undertaking the Serious Slow Game Jam (from 41.2% to 76.5% for young persons, and from 12.5% to 62.5% for M.Sc. students). Free-text answers specifically indicate an improved understanding of cybersecurity in general, and one specific security vulnerability, attack or defence for a quarter of young persons, and the trichotomy of security vulnerabilities, attacks, and defences for three quarters of the M.Sc. students. Also, confidence in knowledge of game design improved for both demographics (from 47.1% to 82.4% for young persons and from 12.5% to 75% for M.Sc. students). The SSGJ methodology also successfully engaged both demographics of participants in-between scheduled days. Finally, two serious games in the application domain of cybersecurity are presented that were co-designed during the SSGJ with participants and produced as an output of the SSGJs.