As Malaysia accelerates its digital transformation through national initiatives such as MyDIGITAL and the newly enacted Cyber Security Act 2024, the need for a robust and skilled cybersecurity workforce has become more urgent than ever.

With substantial investments in digital infrastructure outlined in Budget 2025, adopting innovative learning approaches in cybersecurity education plays a vital role in developing a future-ready, cyber-aware generation.

Traditional methods – often heavily theoretical and text-based – are no longer sufficient to engage today’s learners or equip them with the practical skills needed to navigate an increasingly complex threat landscape.

To address this gap, Malaysian educators must rethink how cybersecurity is taught. Innovative pedagogical strategies, notably gamification, incorporate game design principles – such as competition, achievement-based rewards and problem-solving challenges – into educational contexts to drive engagement and active learning.

When applied to cybersecurity, gamification transforms passive learning into immersive experiences. Through simulations, virtual labs, and “Capture the Flag” (CTF) competitions, students can explore realistic cyberattack and defence scenarios within a safe and controlled environment.

This experiential approach not only enhances conceptual understanding but also builds critical thinking, technical confidence and strategic decision-making – skills essential in today’s digital landscape.

These gamified experiences also boost learner engagement and motivation by making lessons feel like real missions.

For example, in CTF Malaysia, university students compete in time-bound challenges that reward both speed and accuracy, creating a sense of excitement and achievement often missing in traditional classrooms.

The good news is that Malaysia is already making strides in gamified cybersecurity learning. The Cyber Heroes programme by the National Cyber Security Agency uses interactive workshops and game-based modules to raise cybersecurity awareness among school students.

Because gamified environments are interactive and feedback-driven, students who participate in these modules often demonstrate improved recall and deeper understanding of digital safety practices compared to those taught using conventional methods.

At the tertiary level, competitions such as CTF Malaysia challenge university students to apply their theoretical knowledge to real-time cybersecurity problems, effectively bridging the gap between theory and practice.

These efforts align with national education priorities outlined in the Malaysia Education Blueprint for both school and higher education, which emphasises digital competency, experiential learning and industry-relevant skills.

Gamification supports these goals by providing students with dynamic, hands-on learning experiences that mirror the demands of the modern workforce.

Furthermore, it serves as a promising strategy to help close the widening talent gap in the cybersecurity sector.

Educators can begin incorporating gamified elements into their curricula through accessible platforms such as Hack The Box and TryHackMe, which offer structured challenges in areas like ethical hacking, malware analysis and network defence.

Even modest interventions such as gamifying assessments with leaderboards or designing role-based scenarios can significantly boost student engagement and learning outcomes.

Importantly, gamification also promotes inclusivity by making cybersecurity education more accessible. It enables students from diverse academic backgrounds, including those with limited technical experience, to build foundational skills and confidence.

This inclusive approach is particularly valuable in Malaysia’s effort to increase nationwide cybersecurity literacy and resilience.

While gamification should not replace foundational theoretical instruction, it is a powerful complementary tool. When thoughtfully integrated, it bridges the gap between knowledge and real-world application, helping to prepare learners for the evolving demands of the digital age.

As Malaysia advances towards becoming a regional digital hub, it is essential that our educational strategies evolve alongside these ambitions. By gamifying cybersecurity education, we can inspire and equip the next generation of digital defenders who are skilled, curious, and ready to protect us against the challenges of an increasingly connected world.

Dr Siti Zainab Ibrahim is a senior lecturer at the School of Computer Science, Faculty of Innovation & Technology, at Taylor’s University. She champions innovative, ­gamified approaches to cybersecurity ­education that bridge theory and practice, preparing students to thrive in the digital age. The views expressed here are the ­writer’s own.