Skip to content

How To Use Implicit Gamification For AppSec Training

Implicit Gamification For AppSec Training

Published on

What drives your learners to complete their training lessons? Can you drive the same motivation that Duolingo users have to keep years-long learning streaks? 

In this episode of The Security Champions Podcast, Mike talks to Dustin Lehr, Sr. Director of Platform Security at Fivetran and Co-Founder/Chief Solutions Officer at Katilyst Security, about motivating learners throughout their AppSec training. 



Can Gamification Be Used to Motivate Learners? 

When people hear gamification, they think they are turning the training content into a game, and flashbacks from high school Jeopardy come to mind.  

However, gamification is more about understanding human motivations that drive us to play games to apply these techniques in other areas of life. 

One reason games are sought after for motivational elements is that we don't have to play them. So, what makes us addicted, motivated, and engaged when we play games? The idea is to examine the elements in games that motivate us to continually play games and determine how we can use those same elements in non-game situations. 

The games industry has successfully addressed the human motivation factor, and we can apply those same principles to our daily lives. 

Read More: [TechDetective] Why Duolingo Is So Addictive (7 Tactics They Use) 


Explicit vs. Implicit Gamification 

When considering how to incorporate gamification into your training program, knowing the difference between explicit and implicit gamification is essential. 

  • Explicit Gamification: Training that acts and functions like playing a game; an example of explicit gamification would be answering questions correctly to move your character to the next space on the board before other players. 
  • Implicit Gamification: Game elements but not playing an actual game; examples of implicit gamification are badges, earning titles once you reach certain training levels. 

In the workplace, explicit gamification can be seen as childish or inappropriate in a professional environment. Meanwhile, implicit gamification may be more accepted among leadership and learners alike. 


Using SAPS to Drive AppSec Training Motivation 

You can’t talk about gamification without talking about what kind of rewards you can offer your learners.  

Many Security Champions programs offer material items such as challenge coins and other things you can earn – but that is just stuff. It’s easy to go to a giveaway company and order 100 water bottles with your logo, but it’s more important to take a step back and think about what your learners ACTUALLY want. 

When it comes to rewards, Dustin Lehr introduced us to the term SAPS: 

  • Status 
  • Access 
  • Power 
  • Stuff 

Now, let’s break down what SAPS means and how you can use SAPS to motivate your learners. 



Status refers to the ability to publicly show your learners’ accomplishments and uplift them to a higher rank within the greater group based on their achievements. 

Some examples of ‘status’ incentives include: 

  • Job Title 
  • Status Within the Company 
  • Promotions 
  • LinkedIn Updates 



Access refers to giving your learners access to exclusive events or perks when they reach certain milestones within their training program.  

Some examples of ‘access’ incentives include: 

  • Invites To Networking Events 
  • Continued Education Opportunities 
  • Flexible Work Hours 
  • Career Paths 



Power refers to the ability to have influence and make decisions after a learner has demonstrated their contribution and dedication. 

Some examples of ‘power’ incentives include: 

  • Admin Access to Tools 
  • Seats On Steering Committees 
  • Input on Important Product Decisions 



Stuff refers to the typical prizes and giveaways that can come when completing different milestones of a training program. 

Some examples of ‘stuff’ incentives include: 

  • Tokens 
  • Giveaways 
  • Certificates 
  • Bonuses 


Are Your Learners Motivated? 

You can listen to the full episode to learn more about gamification in security champions programs.  

If you are interested in learning more about security champion programs and other AppSec topics, please subscribe to "The Security Champions Podcast," brought to you by Security Journey.