Increasing cyber resilience to a potential audience of over 100,000 education professionals at over 2,500 schools across New Zealand.
Teachers rated it highest at 8.73. Across all roles, participants found the game easy to follow (4.54/5) and said it prompted new thinking about their school's cyber readiness (4.32/5).
The first cybersecurity tabletop exercise designed specifically for New Zealand schools — bringing an industry-standard format to the education sector for the first time.
The most valued aspects of the session were discussion and collaboration — with 30+ participants specifically calling out the conversations it sparked across different school roles.
In a nutshell
Glitch! is a cybersecurity tabletop game created for the Ministry of Education to help school staff across New Zealand prepare for cyber incidents.
Rather than delivering guidance through static policy or training, the project explored how a physical, discussion-led game could build shared understanding, clarify roles, and give non-technical staff confidence to participate meaningfully in a cyber response.
Ministry of Education
Lead researcher, UX and content designer
2025
The challenge
Designing for every school.
Translating cyber-speak.
A new kind of learning experience.
The approach
This project was a two-person collaboration with a visual designer.
I led the research, content design, and UX: designing the core function of the game, testing and iterating on digital and physical prototypes, and authoring and refining the majority of game content through multiple iterations to ensure the experience was engaging, understandable, and practical for staff at all levels.
The concept
Ideation: The first concept
Our initial ideation explored a traditional game format with points, tokens, and layered mechanics like specific roles with specific skillsets.
We also considered the physicality of the game: what makes board games fun?
Having a tactile card element was important to our game for engagement. We started with two types of handheld cards: one for characters, who could represent different roles and skillsets, and a set of Chance cards, which could introduce an element of unpredictability that’s common in cybersecurity incidents.
Desktop research: What the industry told us
Unfortunately, desktop research into existing cybersecurity tabletop exercises revealed that industry-standard formats were dry, text-heavy, and assumed significant technical knowledge…a clear signal that directly transposing this format for a non-technical school audience wouldn't work.
Our client also flagged that our initial concept didn't align with the industry standard they'd expected — which, combined with our research findings, prompted us to reconsider the concept entirely.
Refining the concept: Stripping it back
With a much clearer idea of the cybersecurity industry’s standard for this kind of activity, we pulled back the complex mechanics of our original idea and redeveloped our concept into a simple, step-by-step, discussion-led game.
This led us to a flippable tent-card format, which supported the discussion and pacing of the game by allowing groups to gather around a shared artefact and focus on one scenario step at a time.
To keep the exercise engaging, we retained an element of unpredictability through Inject Cards, introducing realistic curveballs without overwhelming beginners.
The research
1:1 usability sessions: Testing with real school staff
I ran remote 1:1 sessions using a high-fidelity digital prototype with principals, teachers, and IT leads. This surfaced where content felt overly technical, scenarios lacked realism, and the flow and timing of the exercise broke down.
🤔 Why digital? — We were designing for every school in New Zealand. In-person testing would have been expensive, and skewed heavily towards larger schools with strong IT capability who needed this game the least. Remote sessions over Zoom let us hear from rural schools, non-technical staff, and roles I wouldn't have accessed otherwise. The decision to go remote was pragmatic, but it made the research better.
Our digital prototype in action.
Observational research: Live conference testing
I then observed gameplay with the physical prototype during two live workshops at an education conference, with over 70 people in groups of 4–5 people.
I learned how different roles engaged in discussion, how a strong facilitator (or lackthereof) could affect momentum, and where ambiguity stalled decision-making. A short paper survey captured perceptions of clarity, value, and ideas for improvements.
