
Increasing cyber resilience to a potential audience of over 100,000 education professionals at over 2,500 schools across New Zealand.
Teachers rated it highest at 8.73. Across all roles, participants found the game easy to follow (4.54/5) and said it prompted new thinking about their school's cyber readiness (4.32/5).
The first cybersecurity tabletop exercise designed specifically for New Zealand schools — bringing an industry-standard format to the education sector for the first time.
The most valued aspects of the session were discussion and collaboration, with 30+ participants calling out the conversations it sparked across different school roles.
In a nutshell
Ministry of Education
Lead researcher, UX and content designer
2025
Glitch! is a cybersecurity tabletop game created for the Ministry of Education to help school staff across New Zealand prepare for cyber incidents.
Rather than delivering guidance through static policy or training, the project explored how a physical, discussion-led game could build shared understanding, clarify roles, and give non-technical staff confidence to participate meaningfully in a cyber response.
The challenge
Designing for every school.
Glitch! had to make cybersecurity feel relevant, valuable, and actionable for every school in New Zealand, from rural schools with limited infrastructure to large institutions with dedicated IT teams, regardless of technical capability, school size, or prior experience.
The approach
This project was a two-person collaboration with my Head of Creative, who handled the visual direction.
I led the research, content design, and UX: designing the core function of the game, testing and iterating on prototypes, and authoring and refining the majority of game content to ensure the experience was engaging, understandable, and practical for staff at all levels.
The concept
Ideation: The first concept
Our initial ideation explored a traditional game format with points, tokens, and layered mechanics like specific roles with specific skillsets. By making the game fun, education would be approachable.

We also considered the physicality of the game: what makes board games fun?
Having a tactile card element was important to our game for engagement. We started with two types of handheld cards: one for characters, who could represent different roles and skillsets, and a set of Chance cards, which could introduce an element of unpredictability that’s common in cybersecurity incidents.

Desktop research: What the industry told us
Unfortunately, desktop research into existing cybersecurity tabletop exercises revealed that industry-standard formats were dry, text-heavy, and assumed significant technical knowledge…but they were realistic, which made them effective for actually planning against a cyber incident.
Our client also flagged that our initial concept didn't align with the industry standard they'd expected — which, combined with our research findings, prompted us to reconsider the concept entirely.
Refining the concept: Stripping it back
With a much clearer idea of the cybersecurity industry’s standard for this kind of activity, we pulled back the complex mechanics of our original idea and redeveloped our concept into a simple, step-by-step, discussion-led game. I developed a structured content framework with discussion questions and best-practice answers.
This led us to a flippable tent-card format, which supported the discussion and pacing of the game by allowing groups to gather around a shared artefact and focus on one scenario step at a time.
To keep the exercise engaging, we kept our Chance Cards as an opportunity to introduce realistic curveballs without overwhelming beginners.
The research
1:1 usability sessions: Testing with real school staff
I ran remote 1:1 sessions using a high-fidelity digital prototype with principals, teachers, and IT leads. This surfaced where content felt overly technical, scenarios lacked realism, and the flow and timing of the exercise broke down.
🤔 Why digital? — With our budget, in-person testing would have skewed heavily towards large city schools with strong IT capability who needed this game the least. Remote sessions over Zoom let us hear from rural schools, non-technical staff, and roles I wouldn't have accessed otherwise.
Our digital prototype in action.
Observational research: Live conference testing
I then observed gameplay with the physical prototype during two live workshops at an education conference, with over 70 people in groups of 4–5 people.
I learned how different roles engaged in discussion, how a strong facilitator (or lackthereof) could affect momentum, and where ambiguity stalled decision-making. A short paper survey captured perceptions of clarity, value, and ideas for improvements.
The insights
Assumption: Good content design could carry the game
If we reduced technical language and made the content clear enough, participants would be able to engage meaningfully regardless of their cybersecurity confidence.
Analysis: No, it can't
The facilitator was doing the game's job. Groups with a strong facilitator thrived: they translated jargon, drew on real school experience, and kept discussion on track. Groups without one experienced flailing discussions and stalled pacing.
Still too much, too technical, too abstract. Starter questions were dense, recommended actions were bloated and too time-consuming to parse mid-game, and scenarios didn't always feel real enough to take seriously.
Synthesis: Build a game anyone can run
Supporting the facilitator role more explicitly — through clearer structure, defined roles, and simpler content — meant the game could work for any group, not just lucky ones.

Our paper surveys allowed us to capture quantitative data alongside qualitative observations.
The retrospective
The outcome: First-of-its-kind
Glitch! launched as a first-of-its-kind cybersecurity tabletop exercise designed specifically for the New Zealand education sector. 70 out of 72 participating schools rated the experience a 7/10 or higher, with users praising how the physical format sparked collaboration across school roles.
🔗 Try the digital version of Glitch yourself!
The takeaway: Research representation vs. realism tradeoffs
Designing a physical game rather than a digital product was a unique challenge, but the biggest learning applies to both: people hate reading. Simplifying the game content at the expense of creating additional supporting materials for the facilitator made it more engaging.
This was hard to catch in remote testing sessions, where we thought the tradeoff of a realistic scenario for audience reach and representation would be worth it. We were lucky to have the live conference testing lined up; even so, if I could do it again I'd pair it with at least one realistic in-person facilitation-focused session earlier in the process.
The impact: AI-assisted research workflows
This project served as the foundation for my featured presentation at UX Auckland (2026), where I demonstrated how leveraging Dovetail for synthesis allowed our two-person team to rapidly generate recommendations in a 4 hour (!) timeframe.
You can view that on this page, or on Youtube.














