← Back to Schedule
Diverse campus staff enjoying a fun cybersecurity awareness program
Session 22

Putting the Fun in Cybersecurity: Designing Awareness Programs People Actually Remember

Thursday, June 11, 2026 1:30 PM – 2:30 PM Pitzer · Bernard 111

About This Session

Cybersecurity awareness programs often fail not because the content is wrong, but because the delivery never connects. This session explores how intentionally designed fun can be a serious tool for improving security outcomes — demonstrating how creativity, humor, and storytelling can drive engagement without minimizing risk or compliance requirements.

Drawing on real-world experience building campus-wide cybersecurity awareness programs, the speaker shows how to reframe cybersecurity from a purely technical obligation into a shared responsibility that people actually understand, remember, and act on.

Why Traditional Approaches Fail

  • Fear-based or checkbox-driven approaches backfire — they produce anxiety or avoidance, not behavior change
  • One-size-fits-all training ignores how different audiences process risk
  • Annual compliance exercises are forgotten within days — novelty for novelty's sake doesn't stick either
  • The real goal is engagement, relatability, and reinforcement — not just completion rates

What Works Instead

Themed Events

Campus-wide awareness campaigns built around engaging themes that make security memorable — connecting concepts to real institutional culture.

Phishing Simulations

Designed as learning opportunities, not gotcha moments — using real examples and immediate feedback to build genuine recognition skills.

Interactive Challenges

Gamified activities that connect directly back to data privacy and policy readiness — making compliance feel like an achievement, not a burden.

Storytelling

Narratives that make abstract threats concrete and relatable — using real examples from higher education environments to build institutional memory.

Learning Outcomes

  • Identify why traditional cybersecurity awareness approaches often fail to change behavior — and what engagement and enjoyment do differently.
  • Apply a simple framework for designing fun but effective security awareness activities that align creative efforts with data privacy, policy adoption, and compliance goals.
  • Evaluate which types of interactive approaches are appropriate for your organizational culture, regardless of size, maturity level, or budget.