Gamification is the process of designing something with game-like elements. A practice that has been used to drive engagement and motivation with features such as point systems, feedback loops, leaderboards, badges, and so on.

游戏化是用游戏元素设计事物的过程。 一种用于通过点系统，反馈循环，排行榜，徽章等功能来提高参与度和动力的实践。

You soon start to realize that gamification is a play on dopamine release and is in every facet of our lives from the depths of social media, games (of course), business, and even life itself. Think of it.

您很快就会开始意识到，游戏化是多巴胺释放的一种游戏，它在社交媒体，游戏(当然)，商业乃至生活本身的各个方面都存在于我们生活的方方面面。 想想看。

Forbes Top 100? Real-life leaderboard.

福布斯百强榜？ 现实生活中的排行榜。

Born with certain traits and characteristics? Genetic Random Number Generator (RNG).

天生具有某些特征？ 遗传随机数生成器(RNG)。

Credit score? Point system.

信用评分？ 点制。

College Degree? Merit system.

大专学历？ 功绩体系。

Coffee in the morning? A consumable that buffs your stats.

早上喝咖啡？ 消耗您统计数据的消耗品。

An article published by The Pew Research Center, predicted (with 53% of surveyed in agreement):

皮尤研究中心 ( The Pew Research Center)发表的一篇文章预测(接受调查的人中有53％同意)：

By 2020, there will have been significant advances in the adoption and use of gamification. It will be making waves on the communications scene and will have been implemented in many new ways for education, health, work, and other aspects of human connection and it will play a role in the everyday activities of many of the people who are actively using communications networks in their daily lives.

到2020年，游戏化的采用和使用将取得重大进展。 它将在交流领域引起轰动，并将以许多新的方式在教育，健康，工作和人际关系的其他方面得到实现，并将在许多积极使用信息的人们的日常活动中发挥作用日常生活中的通讯网络。

Although it hasn’t permeated as much as the research suggested, there has been one industry in which gamification has been making significant advances: Cybersecurity.

尽管它的普及程度还不如研究表明的那么高，但是在游戏产业化中已经有一个重要的进步： 网络安全 。

Working in the industry, I’ve had the opportunity to interface with a multitude of software vendors and companies who have used gamification in products and in enterprise. First we need to uncover why cybersecurity has such deep roots in gamifying.

在行业中工作，我有机会与在产品和企业中使用游戏化的众多软件供应商和公司进行交互。 首先，我们需要揭示为什么网络安全在游戏化中如此深厚的根源。

教育和电子学习 (Education and eLearning)

A Capture The Flag (CTF) is this idea of a competition where teams compete for a flag to win a game. A popular film among the hacking community is a film known as WarGames (1983). It was a film that legitimized the culture and cemented this idea of gamified hacking games once used for military exercises.

夺旗(CTF)是比赛的一种思想，团队争夺旗帜以赢得比赛。 在黑客社区中最受欢迎的电影是称为WarGames (1983)的电影。 这部电影使文化合法化，并巩固了曾经用于军事演习的游戏化黑客游戏的思想。

Today, the applications of wargames are endless but most follow three distinct types: Jeopardy, Attack-Defense, or a hybrid between the two.

如今，战争游戏的应用层出不穷，但大多数遵循三种不同的类型：“危险”，“攻防”或两者的混合体。

危险 (Jeopardy)

In jeopardy-style CTFs, teams will answer questions across a multitude of categories including web, cryptography, packet analysis, and so on. The team with the most points at the end will win the competition. An example of a flag is seen below.

在危险的CTF中，团队将回答许多类别的问题，包括Web，密码学，数据包分析等。 最后得分最高的团队将赢得比赛。 标志的示例如下所示。

flag{l0tuSFru1t_is_b3st_pUbl1c@t1on}

Teams can only progress after they have answered the previous questions. A popular jeopardy-style CTF is the DEFCON CTF created and hosted by the Order Of The Overflow.

团队只有在回答了先前的问题后才能进步。 DEFCON CTF是一种流行的危险式CTF，它由The Order Of The Overflow创建和托管。

攻防 (Attack-Defense)

In attack and defense CTFs, teams will compete with one another with a set of machines provided by the game master. These machines will host services that are vulnerable and it’s the teams job to fix their vulnerabilities and secure their flags before the other team hacks into their system to get a flag and vice versa. The teams with the most flags at the end are the winners.

在攻击和防御CTF中，团队将使用游戏主管提供的一组机器相互竞争。 这些机器将托管易受攻击的服务，这是团队的工作，旨在修复漏洞并保护其标志，然后其他团队入侵他们的系统以获取标志，反之亦然。 最终获胜最多的球队是获胜者。

While CTFs have been traditionally hosted in a physical environment, the diaspora of cloud technology and hosted computing has allowed online CTF platforms to proliferate.

传统上，CTF托管在物理环境中，而散布的云技术和托管计算使在线CTF平台激增。

An example of an attack and defense CTF hosted by DARPA every year is known as the Cyber Grand Challenge an all-machine hacking tournament with prizes up to $2 Million. One of the most popular CTF platforms to practice penetration testing is HackTheBox.

DARPA每年举办的一次攻击与防御CTF的示例被称为“ 网络大挑战”，这是一种全机黑客锦标赛，奖金高达200万美元。 进行渗透测试的最受欢迎的CTF平台之一是HackTheBox。

哈克盒子 (HackTheBox)

In information security, the elements in CTFs are used to help professionals learn and collaborate with one another. HackTheBox is a platform used to host jeopardy-style CTFs to help individuals brush up on their penetration testing skills. It’s a commonly used platform to help prepare for the Offensive Security Certified Professional (OSCP) exam.

在信息安全中，CTF中的元素用于帮助专业人员相互学习和协作。 HackTheBox是一个平台，用于托管危害性样式的CTF，以帮助个人提高其渗透测试技能。 这是一个常用的平台，可帮助您准备进攻性安全认证专家( OSCP )考试。

Even signing up requires the user to find a flag and can only sign up when the flag is found on the login page. HackTheBox has a leaderboard and personal profile badges you can use on your resume to show recruiters your skillset.

甚至注册也要求用户找到一个标志，并且只能在登录页面上找到该标志时进行注册。 HackTheBox具有排行榜和个人资料徽章，您可以在简历上使用这些徽章，以向招聘人员显示您的技能。

While gamified CTFs are brought online, so have learning platforms tackling the skill shortage in cybersecurity.

游戏化的CTF上线后，学习平台也可以解决网络安全方面的技能短缺问题。

图书馆 (Cybrary)

Cybrary, an e-learning platform with free cybersecurity and IT training uses the idea of paths. Depending on the path chosen, a set of learning material and objectives are presented to the user. Examples of paths include:

Cybrary是一个提供免费网络安全和IT培训的在线学习平台，它使用路径的概念。 根据选择的路径，向用户呈现一组学习材料和目标。 路径示例包括：

• Become A SOC Analyst成为SOC分析师
• Become A Penetration Tester成为渗透测试员
• Become A Network Engineer成为网络工程师

The gamified elements used in Cybrary is the ability to choose a path and gain experience while completing objectives on their journey. From a psychological sense, the ability to visualize progress gives the learners a sense of personal development and growth. Once a path is finished, the student will receive a badge of completion that can be used on their resume.

Cybrary中使用的游戏化元素是选择路径并获得经验的能力，同时完成他们的旅程目标。 从心理意义上讲，可视化进度的能力使学习者具有个人发展和成长的感觉。 路径完成后，学生将获得结业徽章，可在简历中使用。

沉浸式实验室 (ImmersiveLabs)

ImmersiveLabs took a gamification-first approach to their platform. I was able to speak to the team at DEFCON 2019 and gamification was always a core pillar to their vision.

ImmersiveLabs在其平台上采用了游戏化优先的方法。 我能够在DEFCON 2019上与团队交谈，而游戏化始终是他们愿景的核心Struts。

ImmersiveLabs uses jeopardy-style format, similar to many of the others, and was initially targeted to college students. Compared to Cybrary, instead of career paths, ImmersiveLabs organizes labs in the form of objectives, and completing each will let you gain points to rank on their leaderboards.

ImmersiveLabs使用危险形式的格式，与许多其他格式相似，最初是针对大学生的。 与Cybrary相比，ImmersiveLabs代替了职业发展道路，而是以目标的形式组织实验室，并且完成每个目标都可以使您获得积分，从而在其排行榜上排名。

TryHackMe (TryHackMe)

TryHackMe takes an interesting approach, their labs are also organized in a jeopardy format, but they take it a step further, developing an attack and defense platform known as Cyber Games.

TryHackMe采取了一种有趣的方法，他们的实验室也以危险的形式组织起来，但是他们又走了一步，开发了一个名为Cyber​​ Games的攻击和防御平台。

Cyber games puts 10 hackers and researchers against one another each with random operating systems assigned, all with a different set of vulnerabilities. The participants are responsible for securing their systems and restricting access from others. The points are gained depending on the amount of time someone has had access to their machines.

网络游戏使10位黑客和研究人员彼此相对，他们分配了随机的操作系统，而这些操作系统都具有一系列不同的漏洞。 参与者有责任保护自己的系统并限制他人访问。 根据某人可以访问其计算机的时间来获得积分。

漏洞赏金平台 (Bug Bounty Platforms)

While these capture the flag platforms are a means to address the skill shortage. There are platforms that allow researchers to earn money on the vulnerabilities they find on applications. The platforms that sit between them are bug bounty platforms, the brokers who connect companies to security researchers in a trusted and safe environment.

尽管这些捕获标志平台是解决技能短缺的一种手段。 有一些平台可以使研究人员从他们在应用程序中发现的漏洞中获利。 它们之间的平台是漏洞赏金平台 ，即在可信赖和安全的环境中将公司与安全研究人员联系起来的经纪人。

Two of the most popular bug bounty platforms are known as BugCrowd and HackerOne. The elements of gamification on these platforms are similar to the previous examples with leaderboards, merit system, point system and so on. The difference is that researchers can get invited to exclusive events hosted by these platforms to onboard a new company or an existing company with a newly expanded scope.

两个最受欢迎的漏洞赏金平台称为BugCrowd和HackerOne 。 这些平台上的游戏化元素与之前的示例相似，包括排行榜，绩效系统，积分系统等。 不同之处在于，研究人员可以被邀请参加由这些平台主办的独家活动，以加入新公司或新扩展范围的现有公司。

Gamification in cybersecurity is an integral part of the culture and community along with paving the way for new and emerging business models within the field. Gamified platforms are disrupting industries in ways never seen before. Not only do these platforms disrupt education and enterprise, but serve as a baseline and poster child to build a resilient value chain reinforced by these game-like elements.

网络安全游戏化是文化和社区不可或缺的一部分，同时也为该领域内新兴的商业模式铺平了道路。 游戏化平台以前所未有的方式破坏着行业。 这些平台不仅扰乱了教育和企业发展，而且还充当了基准和榜样，建立了由这些类似游戏的元素加强的弹性价值链。