Executive Snapshot
This self-initiated project explores how cybersecurity awareness can be redesigned from a compliance exercise into a behavior-shaping experience. I created an interactive, cinematic simulation to demonstrate how everyday workplace decisions—often made for convenience—compound into real security risk. The prototype showcases my approach to Action Mapping, consequence-based learning, and AI-assisted production within Articulate Storyline.
Business Context & Performance Problem
This project reframes cybersecurity as a behavioral discipline, not a technical one. Most cybersecurity training fails because it treats security as:
A knowledge problem
An IT responsibility
A checklist to complete annually
In reality, breaches are caused by normal people making reasonable decisions under pressure:
Using free tools to save time
Trusting familiar names and interfaces
Choosing convenience over caution
The performance problem is not “lack of awareness,” but misjudgment in everyday moments.
Experience the solution
Six cinematic scenarios forming a single workday
Persistent Security Meter tracking cumulative decisions
Immediate and delayed feedback
Multiple endings based on learner behavior
Action Mapping (Diagnostic Backbone)
Although this was a portfolio prototype, it was designed using a full Action Mapping mindset.
Business Goal
Reduce human-driven cybersecurity incidents by improving everyday decision-making under ambiguity.
Critical On-the-Job Behaviors
Employees must:
Recognize subtle digital, physical, and social vulnerabilities
Pause before convenience-driven decisions
Evaluate risk when signals are incomplete
Choose safer alternatives without perfect information
Key Barriers Identified
False Sense of Normality
Risk is embedded in ordinary workflows.
Low Emotional Salience
Traditional training lacks consequences that feel real.
Binary Thinking
Employees expect clear “right answers,” which rarely exist.
What Was Intentionally Excluded
Policy recitation
Threat taxonomies
Tool-specific instructions
The focus is judgment, not memorization.
Constraints & Friction
Even as a prototype, the design intentionally mirrors real organizational constraints:
Learners have limited time and attention
Decisions are made quickly, not analytically
Signals are ambiguous, not explicit
Consequences are delayed and indirect
These constraints informed the narrative pacing, feedback design, and scoring logic.
Options Considered & Rejected
Several conventional approaches were deliberately rejected:
Slide-based awareness modules
Too passive; no behavioral transfer.
Single-scenario branching
Insufficient to show cumulative risk.
Knowledge checks after each scene
Would shift focus from judgment to recall.
Instead, I chose a single-day narrative arc with persistent variables and consequence-driven outcomes.
Design Strategy & Key Decisions
Key design decisions included:
Framing the experience as a Cyber Defense Simulation, not training
→ Increased emotional engagement and ownership.
Using a Security Meter instead of pass/fail scoring
→ Reinforced that security is probabilistic, not binary.
Designing convenience vs security tradeoffs
→ Mirrored real workplace tensions.
Ending with cinematic outcomes
→ Created emotional contrast and accountability.
Learning Science
The project applies evidence-based design principles from learning science, behavioral psychology, and experiential learning.
CCAF Model (Context–Challenge–Activity–Feedback): Each scenario places the learner in a credible setting with realistic decisions and immediate as well as delayed consequences.
Action Mapping: Every choice links directly to a real workplace behavior or decision.
Consequence-based learning: Learners experience emotional feedback—safe decisions strengthen the Security Meter, unsafe ones crack the digital shield and trigger glitch effects.
Retrieval & reflection: Learners rely on their existing knowledge of security best practices rather than memorizing facts.
Emotional engagement: Cinematic visuals, tension music, and narrative pacing keep attention high and reinforce memory through emotion.
Replay value: Multiple endings encourage retrying and self-correction, which strengthens retention.
Context, Challenge, Gamification, Consequences
Context
The module simulates a single day in the life of an IT-company employee, where ordinary actions turn into potential cybersecurity threats.
Across six cinematic scenarios, learners navigate diverse challenges:
Free online PDF converter – data leakage through unverified tools.
Branded USB drive at a trade show – hidden malware.
Smart speaker at work – IoT privacy and data exposure.
Message from the “CEO” on Teams – social engineering and deepfake awareness.
QR code on an office poster – phishing via physical media.
Office hotspot hunt – physical vulnerabilities left behind by coworkers.
Each scene exposes a different attack vector, connecting human behavior, technology, and organizational culture under one narrative arc: “Cybersecurity begins with everyday choices.”
Challenge
The learner’s mission is to maintain the company’s Security Meter while making quick, informed decisions under pressure. Every scenario adds to or subtracts from the meter, representing the overall health of the organization’s defenses. The challenge is not just to find the “right answer,” but to weigh convenience against security—mirroring real-world tensions employees face daily.
Gamification
The entire course functions as a Cyber Defense Simulation that rewards vigilance and penalizes negligence.
Security Meter: dynamic progress bar reflecting organization’s safety level.
Cinematic storytelling: all scenarios connect into one cohesive day, blending realism with suspense.
Animated shields: visual feedback that celebrates correct actions.
Persistent variables: performance carries across scenarios, influencing final outcomes.
Immersive audio: ambient office sounds, warning tones, and music transitions enhance engagement.
Replay value: players can restart to achieve a perfect security score.
Consequences
All decisions culminate in one of three cinematic endings, each with distinct visuals, tone, and soundtrack:
🟥 Major Breach – Chaos in the System
Multiple unsafe choices led to a successful attack. Sensitive data is leaked, and the company faces severe consequences.
🟧 Minor Breach – Contained but Costly
Most threats were neutralized, but one vulnerability slipped through. The company recovers, but not without losses.
🟩 Company Secured – Cyber Guardian Victory
You anticipated every threat and protected your digital environment. You’re officially the Cyber Guardian.
The emotional contrast between endings reinforces accountability and the real-world stakes of cyber hygiene.
Implementation & Delivery
The prototype was built in Articulate Storyline and visual/sound assets in Synthesia IO. It includes:
Variable-driven branching logic
Multi-layered feedback (visual, audio, narrative)
Gamified scoring system
Replayable structure with multiple endings
The entire experience is self-contained and scalable.
What This Project Demonstrates About Me
I design learning for judgment under uncertainty
I treat cybersecurity as a behavioral problem
I balance realism, engagement, and instructional intent
I leverage AI to accelerate production—not replace thinking