Thinking Outside the Box: Using Escape Room Games to Increase Interest in Cyber Security

  • Suzanne Mello-StarkEmail author
  • Mary Ann VanValkenburg
  • Emily Hao


It is no secret that there is a shortfall in cybersecurity teachers, students, and professionals across the globe. And to make matters worse, the interest level among diverse populations is very low. For this reason, it is necessary to find innovative ways to interest students as well as teachers in cybersecurity at the K–12 level. The prominent teaching tool has been the Capture the Flag (CTF) game. Although it may be an effective learning tool, the game is very competitive and can be intimidating and often frustrating for beginners to try and join in.

Developing exciting and innovative teaching pedagogy at the entry point may attract new talent and begin to help fill the cyber security gap. It will take a diverse workforce, with many interests and backgrounds, to meet the current demand for cyber security professionals. We need pedagogy that assures beginners that a cybersecurity career is not just for self-identified hackers. The necessary skill set also includes problem-solving, effective communication, working in groups, and creative thinking. Individuals with these competencies are needed at every level of the organization and in all occupations.

The cybersecurity-based escape room challenges participants to interact with their surroundings to uncover clues. It is an effective project-based learning tool and has the potential of being a go-to assessment of the future. As each new puzzle is discovered, players must either learn on-the-fly or demonstrate that they have previously acquired a cyber security skill. Additionally, the puzzles are designed in such a way that participants must work together to find the solution.

In this chapter, we describe how our game emerged as a standout among many other games. We then discuss our escape room mutations. Why and how we changed the game, and the teaching strategies implemented. We then give the full details of each puzzle, how to set up the game, hide the clues, and play the game. Finally, we discuss our successes, user experiences, and our future goals.


Cyber security Escape rooms K–12 education Cyber security education Cyber security competitions Games Puzzles Game-based learning Puzzle-based learning Cryptography Board games Card games 



Work described in this chapter was partially supported by NSA/NSF grant H98230-19-1-0166 and Rhode Island College Committee on Faculty Scholarship (CFS) Reassigned Time (RT) grant Spring 2020. The authors would also like to thank Dr. Aberdeen Siraj of Tennessee Tech University, Professor Emeritus Shelly Heller from The George Washington University, and Dr. Ashley Podhradsky from North Dakota State University for all their support on the project.


  1. 1.
    GenCyber. Accessed Feb 2020
  2. 2.
    Teach, Learn, and Make with Raspberry Pi—Raspberry Pi. Accessed Feb 2020
  3. 3.
    Welcome to! Oracle VM VirtualBox. Accessed Feb 2020
  4. 4.
    Our Most Advanced Penetration Testing Distribution, Ever. Kali Linux, 1 Apr 2020. Accessed Feb 2020
  5. 5.
    Workshop 4.4. 2018 WiCyS Workshop—WiCyS—Women in Cybersecurity. WiCyS. Accessed Feb 2020
  6. 6.
    ASE ’18. USENIX, 10 Nov 2018. Accessed Feb 2020
  7. 7.
    Escape the Room. Accessed Feb 2020
  8. 8.
    S. Mello-Stark, Thinking Outside the Box—Using Escape Room Games to Interest Teachers and Students in Cybersecurity. 2019 Innovations in Cybersecurity Education, National CyberWatch Center. Innovations in Cybersecurity Education Award-Winning Submission in Instruction for 2019, 2019. Accessed Feb 2020Google Scholar
  9. 9.
    S. Singh, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography (Anchor Books, New York, 1999). ISBN: 0-385-49532-3. Accessed Feb 2020Google Scholar
  10. 10.
    T. Barr, Invitation to Cryptology (Prentice Hall, Upper Saddle River, NJ). ISBN: 0-13-088976-8. Accessed Feb 2020Google Scholar
  11. 11.
    M. Bishop, Computer Security: Art and Science (Addison-Wesley, Boston, MA, 2003), pp. 343–344. Accessed Feb 2020Google Scholar
  12. 12.
    T.M. Jones-Wilson, Teaching problem-solving skills without sacrificing course content: marrying traditional lecture and active learning in an organic chemistry course. J. Coll. Sci. Teach. 35(1), 42–46 (2005). Accessed Feb 2020Google Scholar
  13. 13.
    L. B. Nilson, (2010) Teaching as Its Best, A Researched-Based Resource for College Instructors, 3rd edn. Jossey-Bass, A Wiley Imprint, San Francisco, CA. Accessed Feb 2020Google Scholar
  14. 14.
    G. Kress, C. Jewett, J. Ogborn, T. Charalampos, Multimodal Teaching and Learning: The Rhetoric of the Science Classroom (Continuum, London, 2006). Accessed Feb 2020Google Scholar
  15. 15.
    M. Gondree, Z.N.J. Peterson, T. Denning, Security through play. IEEE Secur. Priv. 11(3), 64–67 (2013). Accessed Feb 2020CrossRefGoogle Scholar
  16. 16.
    G. Jin, M. Tu, T. Kim, J. Heffron, J. White, Game-based cybersecurity training for high school students, in SIGCSE ’18: 49th ACM Technical Symposium on Computer Science Education, 21–24 Feb 2018, Baltimore, MD, USA. ACM, New York, NY, USA, 6 pages., Accessed Feb 2020
  17. 17.
    M. Bashir A. Lambert, J.M.C. Wee, B. Guo, N. Memon, An examination of the vocational and psychological characteristics of cybersecurity competition participants. 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15). Accessed Feb 2020
  18. 18.
    R. Picheta, The most commonly hacked passwords, revealed. CNN, Cable News Network, 23 Apr 2019. Accessed Feb 2020

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Suzanne Mello-Stark
    • 1
    Email author
  • Mary Ann VanValkenburg
    • 2
  • Emily Hao
    • 2
  1. 1.Rhode Island CollegeProvidenceUSA
  2. 2.Worcester Polytechnic InstituteWorcesterUSA

Personalised recommendations