About
The SECRIOUS project aims to cross several disciplines in order to put People at
the Heart of Software Engineering. Our academic team – from the School of
Mathematical and Computer Sciences (MACS) at Heriot-Watt University (HWU), the
School of Simulation and Visualisation (SimVis) at Glasgow School of Art (GSA) and
the Department of Social Anthropology at University of St Andrews (UStA) ‐
combines the necessary experience in human-computer interaction, software
engineering, serious games, anthropology and software security. It is complemented
by our partners with industrial and artistic expertise in secure software
engineering, public engagement and creative writing.
Security is an abstract concept which combined with the dematerialised world of
software systems is difficult to grasp, comprehend and experience. This project
aims to engage new code-citizens in making the security of software code tangible
through the design of serious games.


Research
The list of research papers (e.g. conferences and journals) that were published during the project.
Joint Conference on Serious Games (JCSG 2023)
View Paper
BibTeX
@inproceedings{ferguson2023model,
author = {Ferguson, Jamie and Abbott, Daisy and Louchart, Sandy},
title = {A Model for Mapping Serious Game Mechanics to Pedagogical Patterns},
year = {2023},
publisher = {Springer},
url = {https://doi.org/10.1007/978-3-031-44751-8_5},
doi = {10.1007/978-3-031-44751-8_5},
booktitle = {Proceedings of the Joint Conference on Serious Games (JCSG)},
keywords = {Pedagogical Patterns, Serious Games, Cybersecurity, Learning Mechanics, Game Mechanics, Game Based Learning},
}
International Conference on Game Jams, Hackathons, and Game Creation Events (ICGJ 2023)
View Paper
BibTeX
@inproceedings{abbott2023serious,
author = {Abbott, Daisy and Chatzifoti, Olga and Ferguson, Jamie and Louchart, Sandy and Stals, Shenando},
title = {Serious 'Slow' Game Jam - A Game Jam Model for Serious Game Design},
year = {2023},
isbn = {9798400708794},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3610602.3610604},
doi = {10.1145/3610602.3610604},
booktitle = {Proceedings of the 7th International Conference on Game Jams, Hackathons and Game Creation Events},
pages = {28–36},
numpages = {9},
keywords = {Serious Game Jams, Serious Game Jam Design, Game Design Methodology, Serious Games, Interdisciplinary Game Design},
location = {Virtual Event, Ukraine},
series = {ICGJ '23}
}
International Journal of Human-Computer Studies 2023
View Paper
BibTeX
@article{georgiou2023future,
author = {Georgiou, Theodoros and Baillie, Lynne and Chatzifoti, Olga and Chan, Sheung Chi},
title = {Future Forums: A Methodology for Exploring, Gamifying, and Raising Security Awareness of Code-Citizens},
journal = {International Journal of Human-Computer Studies},
volume = {169},
pages = {102930},
year = {2023},
url = {https://doi.org/10.1016/j.ijhcs.2022.102930},
doi = {10.1016/j.ijhcs.2022.102930},
publisher = {Elsevier},
}
ECGBL 2022 16th European Conference on Game-Based Learning
View Paper
BibTeX
@inproceedings{abbott2022provocative,
title={Provocative Games to Encourage Critical Reflection},
author={Abbott, Daisy and Chatzifoti, Olga and Louchart, Sandy},
booktitle={ECGBL 2022 16th European Conference on Game-Based Learning},
year={2022},
url = {https://doi.org/10.34190/ecgbl.16.1.486},
doi = {10.34190/ecgbl.16.1.486},
organization={Academic Conferences and publishing limited}
}
Video
1st European Workshop on Cyber Security Education and Practice (EURO CSEP 2022) Co-located with IEEE Euro S&P 2022
View Paper
BibTeX
@inproceedings{mcgregor2022aligning,
title={Aligning a Serious Game, Secure Programming and {CyBOK}-Linked Learning Outcomes},
author={McGregor, L{\'e}on and Chan, Sheung Chi and Wlodarczyk, Szymon and Maarek, Manuel},
booktitle={2022 IEEE European Symposium on Security and Privacy Workshops (EuroS\&PW)},
pages={486--495},
year={2022},
url = {https://doi.org/10.1109/EuroSPW55150.2022.00058},
doi = {10.1109/EuroSPW55150.2022.00058},
organization={IEEE}
}
International Conference on Software Engineering: Software Engineering Education and Training (SEET@ICSE 2024)
View Paper
BibTeX
@inproceedings{schauer2024integrating,
title = {Integrating {Canvas} and {GitLab} to Enrich Learning Processes},
author = {Schauer, Laura and Stewart, Robert J. and Maarek, Manuel},
year = {2024},
booktitle = {45th {IEEE/ACM} International Conference on Software Engineering: Software Engineering Education and Training, SEET@ICSE 2024, Lisbon, Portugal, April 14-20, 2024},
keywords = {Git, GitLab, Version Control Systems, Learning Management Systems, Programming Education},
url = {https://researchportal.hw.ac.uk/en/publications/integrating-canvas-and-gitlab-to-enrich-learning-processes}
}
International Conference on Human-Robot Interaction, HRI 2024
View Paper
BibTeX
@inproceedings{stals2024let,
author = {Stals, Shenando and Voysey, Isobel and Baillie, Lynne},
editor = {Grollman, Dan and Broadbent, Elizabeth and Ju, Wendy and Soh, Harold and Williams, Tom},
title = {Let's Make this Fun!: Activities to Motivate Children and Teens to Complete Questionnaires},
booktitle = {Companion of the 2024 {ACM/IEEE} International Conference on Human-Robot Interaction, {HRI} 2024, Boulder, CO, USA, March 11-15, 2024},
pages = {1008--1012},
publisher = {{ACM}},
year = {2024},
url = {https://doi.org/10.1145/3610978.3640675},
doi = {10.1145/3610978.3640675}
}
Suomen Antropologi: Journal of the Finnish Anthropological Society
View Paper
BibTeX
@article{reed2024games,
author = {Reed, Adam},
title = {Games of Collaboration: An Ethnographic Examination of Experts Acting Seriously},
journal = {Suomen Antropologi: Journal of the Finnish Anthropological Society},
volume = {48},
number = {2},
year = {2024},
doi = {10.30676/jfas.138367},
url = {https://journal.fi/suomenantropologi/article/view/138367},
issn = {1799-8972},
pages = {27--49},
}
Presented as part of the activity at the Deconstructing Gamified Approaches to Security and Privacy DGASP Workshop at SOUPS'23
View Paper
BibTeX
@article{shah2023introducing,
title={Introducing and Interfacing with Cybersecurity--A Cards Approach},
author={Shah, Ryan and Maarek, Manuel and Stals, Shenando and Baillie, Lynne and Chan, Sheung Chi and Stewart, Robert J. and Loidl, Hans-Wolfgang and Chatzifoti, Olga},
journal={arXiv preprint arXiv:2307.16535},
year={2023}
}
ACM Games: Research and Practice
View Paper
BibTeX
@article{stals2025evaluatinga,
author = {Stals, Shenando and Baillie, Lynne and Ferguson, Jamie and Abbott, Daisy and Maarek, Manuel and Shah, Ryan and Louchart, Sandy},
title = {Evaluating Serious Slow Game Jams as a Mechanism for Co-Designing Serious Games to Improve Understanding of Cybersecurity},
journal = {ACM Games: Research and Practice},
year = {2025},
doi = {https://doi.org/10.1145/3709745}
}
Computer Standards & Interfaces, Volume 92, March 2025
View Paper
BibTeX
@article{stals2025evaluatingb,
author = {Stals, Shenando and Baillie, Lynne and Shah, Ryan and Ferguson, Jamie Iona and Maarek, Manuel},
title = {Evaluating and validating the Serious Slow Game Jam methodology as a mechanism for co-designing serious games to improve understanding of cybersecurity for different demographics},
journal = {Computer Standards \& Interfaces},
volume = {92},
pages = {103924},
year = {2025},
issn = {0920-5489},
doi = {https://doi.org/10.1016/j.csi.2024.103924}
}
IEEE Security & Privacy, Special Issue on Secure Software Before Code/ing
To appear
Project Outputs
Future Forums
Future Forums are multiphase user centered design workshops, with the early phases aiming to initiate discussions, that then leads to the co-design of game elements centered around aspects of code security. The same procedure was followed for each of the three Future Forums, each focusing to a slightly different theme around cyber security. By engaging code-citizens in discussions on cyber security that are rooted in their personal experiences and individual viewpoints, several themes emerged, such as the role of coder practices and ethical behavior in security while coding.
Provoking Games
In this project, three provoking games were created which cover the Secrious project's three overarching topics: Code Security, Security Lifecycle and API Security. Provoking a lasting change in attitudes towards these themes requires dialogic or inquiry-based reflection that leads to transformative reflection. Our provoking games make use of reflective game design techniques to produce cognitive and affective challenge to player experience, emphasising a sense of purpose to change attitudes or practices related to cybersecurity.

Protection
A small, easy to play ‐ hard to master game about a "what" that is doing "what" in a "what"! Wondering what all those "what's" are about? Well, we are on purpose short on words, so you can provide us with your own!
Play
Collaboration
Collaboration is a short game that challenges participants to consider the importance of working together to build systems that create a safer, more sustainable, world. Bit by bit.
Play
The API-ary
The API-ary is a short game that challenges players to consider the importance of API security and how it can affect an entire software ecosystem.
PlayCard Decks

Cybersecurity Cards
The cybersecurity cards were developed to provide an accessible method for providing key cybersecurity information to non-technical (novice) individuals in the domain of secure coding.
View on Miro Download
Learning Mechanics (LM) Cards
The learning mechanics (LM) cards were developed to provide a framework to define the pedagogical aspects of a serious game.
View on Miro Download
Game Mechanics (GM) Cards
The game mechanics (GM) cards were developed to provide a framework to define the game mechanics of a serious game, meaning how the game is actually played.
View on Miro DownloadCode Snippets

Code Snippets
We created a series of vulnerable and secure snippets used to test knowledge of code security!
ViewToolkits
For viewing one of our toolkits, press the button to open up an embedded, interactive board.
Serious Games for Cybersecurity

scareCity
scareCity is a serious game for 2-4 players. As the mayor, you must expand the features of your city, managing its security and gaining the trust of your bitizens!
Rules Print-and-Play Miro Board

No-Entry
No-Entry is a card game for 2 players and a game master. Playing as either an attacker or a defender, players need to either defend or attack successfully to win the game. This game makes use of our cybersecurity cards.
Rules Cybersecurity CardsEngagement
Workshops & Beaconing Events

Secrious Beaconing Event (Abertay University, Scotland)
Beaconing EventThis beaconing event brings together those interested in cybersecurity and games to play our serious games, understand our methodology and project artefacts, providing us with feedback on what we have achieved in this project.

Deconstructing Gamified Approaches to Security and Privacy (DGASP)
WorkshopThis workshop aims to develop and stimulate discussions around how gamified approaches can be used in the fields of security and privacy. It consists of workshop paper sessions and a workshop activity using cybersecurity cards to deconstruct one of our provoking games.
Workshop hosted at SOUPS'2023

Secrious Beaconing Event (Co-Located With SOUPS'23, Anaheim, USA)
Beaconing EventThis beaconing event brings together experts in cybersecurity and usable security and privacy to play our serious games, understand our methodology and project artefacts, providing us with feedback on what we have achieved in this project.

Provocative Approaches to Serious Game Design and Analysis
WorkshopThis workshop intends to contribute to DIGRA by: disseminating notion and design of small provoking games; discussing interdisciplinary aspects on ontology, methodology and pedagogy; and establishing a community and avenues of research in this domain.
Workshop hosted at DIGRA'2023

Playtest Serious Games for Cybersecurity
Beaconing EventThis beaconing event will involve the playtesting of a co-designed serious game about an aspect of cybersecurity, observe interactions and reflect on the results gained. They will use the SGJ methdology we developed and understand how it can be applied in their own research.
Event hosted at Playful Learning 2023
Want to Run Your Own Event?
We've created a protocol that you can also follow using everything available on our website to test and improve the cybersecurity knowledge of others!
Learn More!Videos
People

Prof. Lynne Baillie

Dr. Manuel Maarek

Sandy Louchart

Dr. Hans-Wolfgang Loidl

Daisy Abbott

Dr. Robert Stewart

Dr. Adam Reed

Dr. Theodoros Georgiou

Dr. Ryan Shah

Dr. Shenando Stals

Dr. Jamie Ferguson

Olga Chatzifoti

Dr. Sheung Chi Chan

Dr. Laura Whyte

Lauren Hockenhull
Contact
For enquiries, feel free to mail us at secrious [at] gmail [dot] com
, or
tweet us @SecriousProject!