Michael at OWASP: Why interactive learning sticks in cybersecurity
Why are we big fans of using games as a learning tool? Michael makes the case for experience-driven learning.
By Michael Novack, AI Security & Safety Engineer at Cranium
Most cybersecurity training asks you to sit, absorb, and hope the information surfaces when you actually need it. The problem is that security is a decision-making discipline. You develop real judgment by working through scenarios, making calls, and understanding the consequences. Passive learning gets you familiar with concepts. Interactive learning builds the instincts that matter when something goes wrong.
That's the case for experience-driven training: not that it's more fun, but that it's more effective. When people engage with material actively, they retain it longer, apply it more confidently, and connect new concepts to things they already understand.
Hands-on learning in practice
The most effective training puts people inside the problem. Tabletop exercises, simulations, and collaborative scenarios all work on the same principle: you encounter a situation, reason through it, and learn from the outcome in real time. In cybersecurity, where threats are evolving and context matters enormously, that kind of active engagement closes the gap between knowing something and being able to use it.
This is especially true for complex topics like AI security and threat modeling. The concepts aren't always intuitive, and reading about them doesn't build the mental models that make them actionable. Working through them in a structured, interactive format does.
FuzzNet Labs and the Threat Modeling AI Systems course
FuzzNet Labs is a board game where players build an analogue AI model by hand. It served as the opening experience when the Threat Modeling AI Systems course ran for the first time in Washington, D.C., and it's there for a reason. Before participants engage with the technical depth of the course, they work through the fundamentals of how an AI model is constructed, by doing it themselves with physical components.
Starting a course this way matters. Participants arrive with different backgrounds and comfort levels. An interactive experience at the start establishes shared context without relying on prior knowledge. What makes it especially effective is that FuzzNet Labs doesn't just set the stage and step aside. The game is regularly referenced throughout the course content and exercises, giving participants a tangible, familiar setting to anchor new concepts as the material gets more complex. Rather than introducing abstract ideas in isolation, the course builds from something everyone in the room has already worked through together.
Threat Modeling AI Systems covers how to identify, assess, and address threats specific to AI systems. If you're building or securing AI systems, it's a worthwhile investment.
Keep an eye out for future sessions on our upcoming open courses list or use the form at the bottom of the page to inquire about running a closed session for your organization.
Experience it at OWASP EU Vienna
If you want to see this approach in action, stop by the Cybersec Games booth at OWASP Global AppSec EU Vienna. I'll be hosting interactive sessions there. Spots are limited and first come, first served, so schedule your time at the booth before they fill up.
As a side note, the Elevation of Privilege threat modeling card game is currently 13% off at Cybersec Games.
Byte Club at the OWASP Pod Sessions
I'll also be running two sessions of Byte Club at the OWASP Pod. Byte Club is a cybersecurity awareness card game that puts players in the middle of real-world security decisions. It's a good example of how interactive formats can make dense security concepts accessible and memorable for a wide audience.
Two sessions are available. Add whichever fits your schedule:
Michael Novack is an AI Security & Safety Engineer at Cranium. His work focuses on making AI systems safer, more accountable, and easier to understand for the people who build them and the people affected by them. Michael is also an course designer and instructor at Shostack + Associates.
Image by midjourney: A photograph of a diverse group of people around a table playing a strategic board game. The mood is one of friendly competition. Colours are warm and bright.