Companies around the world are pumping hundreds of billions of dollars into cybersecurity programs, yet the number of breaches keeps going up. According to “Gamification in Cybersecurity: How to Implement Security Awareness Training That Actually Works,” a new book authored by Hacker Rangers CEO Vinicius Perallis, the problem stems from the approach.
“This book was inspired by a pattern we’ve observed across many companies,” Perallis says. “They often struggle — or even fail — when trying to implement cybersecurity awareness programs largely because they rely on outdated, traditional approaches.”
Perallis is a cybersecurity expert passionate about leveraging gamification to improve training outcomes. He is the visionary behind Hacker Rangers, a company based in Brazil that has successfully introduced training programs to over 500 companies worldwide. Perallis’s work at IBM and other leading technology firms has shaped his knowledge of the industry and given him valuable insights on how to effectively implement cybersecurity training.
“Many organizations still run phishing simulations as part of their cybersecurity training, which leaves users feeling fearful of punishment,” Perallis explains. “Others require employees to sit through long, boring presentations or to complete tedious courses. But none of these approaches truly change behavior. At Hacker Rangers, we don’t believe this is the right way to fight cybercrime. We believe users need to be seen as the main actors in this story. We need to empower them. That’s where gamification comes in.”
Inspiring a shift to next-level cybersecurity awareness
Perallis believes it’s time for a shift in the cybersecurity space. Companies that want to keep their data secure need to move from a checkbox mentality to a more meaningful and practical approach. His new book provides a playbook to guide companies through that shift. It shows how to implement effective programs using gamification and how to measure real behavioral change.
“It’s not about whether users finish their training,” Perallis says. “It’s about whether they’re reporting threats, engaging with the program, and changing their habits. What I present in the book is backed up with research that shows gamification works, especially in non-bureaucratic environments where traditional methods fall short.”
A playbook for more effective cybersecurity
Perallis’s book is the first of its kind in the cybersecurity space. While other books may present gamification as a component of security training, none specifically focus on combining gamification with cybersecurity awareness programs. The book provides a fresh framework that builds the entire cybersecurity awareness approach around gamification.
“Gamification creates engagement,” Perallis says. “It helps users feel like part of the solution. Instead of saying, ‘You need to do this,’ gamified programs say, ‘We need you. You can be the protagonist of our company’s safety.’ That shift in mindset makes all the difference.”
The book empowers companies to make the mindset shift by showing how to leverage the key elements of gamification, including rewards, badges, leaderboards, challenges, levels, and progression. By sharing the findings of real-world cases, it shows how those proven behavioral motivators inspire employees to engage, learn, and participate. The strategies presented in the book get employees excited about helping to protect their organization from cyberattacks.
“This book goes beyond theory,” Perallis explains. “It’s a practical guide backed by real-world experience we’ve gained from implementing our methodology in over 500 companies of various sizes in various industries. Whether you’re starting from scratch or looking to improve an existing initiative, this book is a hands-on resource that gives you the tools, examples, and mindset needed to make real, lasting change.”
Empowering organizations of all sizes
The book was designed primarily for those who are typically responsible for designing and running cybersecurity awareness programs within their organizations — Chief Information Security Officers, Data Protection Officers, Cybersecurity Awareness Officers, and HR professionals. However, Perallis feels it can help anyone who believes the human element is the most important element in cybersecurity.
“If you have recognized that traditional methods aren’t enough and you’re looking for innovative strategies to engage people and change behavior, this book is for you,” Perallis says. “Its practical tools, real-world insights, and proven methods will help anyone, from the novice to those well on their way to becoming a cybersecurity awareness specialist.”
Today’s companies need effective cybersecurity solutions more than ever. Scams are evolving fast, now using AI, deepfakes, and advanced manipulation techniques to target users directly. Regardless of its size or industry, every company faces a wave of sophisticated social engineering attacks.
“While cybersecurity technologies have made great progress in protecting systems and networks, the main target today is no longer the machine, but the human,” Perallis states. “Consequently, people are your strongest defense, but only when they’re empowered. And with gamification as the core of your cybersecurity awareness strategy, you can turn your entire workforce into active defenders of your company.”
“Gamification in Cybersecurity: How to Implement Security Awareness Training That Actually Works” is expected to be released in the third quarter of 2025.
