Ten years ago, in recession-hit Ireland, John Clarke was trying to make ends meet for his young family as a laborer and driver. But the money from working on building sites and driving a van just wasn’t enough — and John felt he was too old and unskilled to find something else. His wife encouraged him to go back to school, but that wasn’t simple either.

John had never finished high school, and he wasn’t sure moving to a single income was the right choice for the couple to make in the midst of a recession.

Still, he persisted. He returned to high school, wowed his teachers and was encouraged to study further. He then went to university, skipped years and worked as an intern at IBM. “I swear I was one of the oldest interns in history!” John said. When he discovered cybersecurity, John knew his academic and career development efforts had all been worthwhile.

An affable, hard-working and lively Dublin lad, John is now neck-deep in efforts to gamify incident response (IR) and security awareness training through IBM’s Cyber Ranges. He works as a cybersecurity and gamification strategist at the IBM X-Force Command Center, where he builds and develops scenarios to help train people in IR. His goal is to use gamification to engage with people outside of the classroom — and away from boring presentations and false learning environments.

Incident Response Training Is All Fun and Games

Gamification of security trades on the idea that sometimes you have to be dropped into the deep end to really learn. John and his colleagues dream up weird and wonderful games based around security ideology to educate participants about IR. They design the game, code it, build the infrastructure and set players loose.

“We build some wacky stuff,” John said. “Once, we built a mind-controlled Hungry Hungry Hippos game, all based around security.”

John’s team is behind IBM’s capture the flag (CTF) events, which gathers teams and pits them against each other to see who can solve a security breach first. The competitors are divided into two groups: The first group is tasked with attacking and compromising a system. The second group must try to protect that system from the other group. Then, they switch. Both teams get a shot at being the attackers and the defenders. This allows the groups to work creatively and share knowledge about what they learned during the simulation.

John must be one step ahead of both teams during the build stage — so he tries to guess what they’ll do and how they’ll react to ensure that the scenario is robust and bulletproof.

“These simulations offer a way to find out what people are really made of in the heat of the moment,” John said.

The Human Side of Cybersecurity

John comes to work every day and builds scenarios in which all hell breaks loose to teach people about the importance of IR and what to do when a breach inevitably occurs.

“I love what I do,” he said. “For a long time, security was an afterthought — get the tech up and running, get it so the customer loves it, then we’ll put the security in. I’ve seen a massive shift from my early days. The rate of defects that teams find now is really low, and security architects are right there at the beginning, which limits the amount of bugs the security teams find.”

John said he sees his role (and that of his fellow IR professionals) as crucial in the ongoing effort to drive cybersecurity awareness among students.

“Some colleges don’t even teach security until the final year,” John said. “It needs to start early on — and that’s why, as professionals, we go in and teach.”

For his part, John takes tools into junior schools, runs cybersecurity boot camps in the summer and makes sure the people he works with understand security before they get out into the real world.

“The problem is there’s a human aspect to it,” John said. “The human is making mistakes, opening doors for hackers. If you set up a server and leave it in default configuration, they now have access to your system. We need much more awareness much earlier.”

Giving Back to the IT Community

Cybersecurity is not just a day job for John — it’s his passion. He’s community-minded, people-centric and future-focused. He’s also passionate about giving something back and regularly speaks in schools about application security and online safety.

Why is this so important to him? “Because people invested in me at a time when I needed it,” John said.

One of those people was his mentor, Jason Flood, the chief technical officer (CTO) of security gamification and modelling at IBM, who got him involved with the Honeynet Project while John was on IBM’s Ethical Hacking Team (EHT). The Honeynet Project is a not-for-profit security research organization dedicated to investigating the latest attacks and developing open source security tools to improve internet security.

“That’s where my passion for building gamified scenarios comes from,” John said. “It was just a bunch of us lads hanging around, eating pizza and coding and chilling at 3 a.m. Most people go to clubs — we sat around, had beer and built challenges.”

“The good thing is it’s my day job now — this gamification stuff. IBM backs what we’re doing, they have a belief and see the value in terms of future hires,” John said. “When we ran an event in Boston, there were four or five people we would’ve hired instantly. As a tool to get people in a room and put them through their paces to see their technical ability, get a gauge for personality and how they respond, these gamified events are amazing. You get a feel a bit more for people as opposed to sitting in a suit in a chair at an interview and hoping you don’t mess up.”

Luckily for the next generation of cybersecurity professionals looking to get their shot at a new career track, John gave up driving a van to serve as a mentor and invent wacky cybersecurity games for the rest of us to learn from and enjoy.

Meet Cloud Security Architect Andi Hudson

More from Incident Response

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

People, Process and Technology: The Incident Response Trifecta

Let's say you are the CISO or IT security lead of your organization, and your incident response program needs an uplift. After making a compelling business case to management for investment, your budget has been approved and expanded. With your newfound wealth, you focus on acquiring technology that will improve your monitoring, detection and analysis of data traffic. Has the incident program really improved by the technology acquisition, or is the uplift merely cosmetic? If no other changes have been…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…