A video game to improve the hiring process
A video game to improve the hiring process
![](https://cdn.prod.website-files.com/5fec9210c1841a6c20c6ce81/6022b76e192a134965040775_5fb34f0f23e3f036f37d5ca0_DonkyKong.webp)
![](https://cdn.prod.website-files.com/5fec9210c1841a6c20c6ce81/6022b76e192a134965040775_5fb34f0f23e3f036f37d5ca0_DonkyKong.webp)
It's no secret that we believe strongly in the power of gamification at Secure Code Warrior to engage developers to code securely. It's what we do, and the results have been amazing so far. But what about using an actual video game to assess potential new hires? Is that going a step too far, or could it possibly be an effective practice?
That's what the startup Scoutible is doing, and I have to say I'm intrigued by their approach. Scoutible assesses potential hires using a video game - not gamified assessments, but an actual video game experience - and checks how the person behaves in certain situations. The game captures "millions of data points used to measure a candidate's various attributes" during just 20 minutes of gameplay, and uses those data points to rate how the candidate would do for the job in question.
There's a lot to like here, and a lot to learn from as well. The product is flexible to meet their customers'needs, and it targets a problem that many people responsible for hiring have known for a long time. Self-reported assessment, like Myers-Briggs, just aren't reliable. They allow you to "game" the system, or at least try to, by not being entirely honest. In a game, you have an objective and must adapt and problem solve to meet that objective. It's quite simple, and ingenious if it works as Scoutible claims. I can't wait to hear more about it.
Gaming versus gamification
Scoutible's approach makes sense for their target audience and use case. At one point in Secure Code Warrior's journey, we considered the value of a full gaming platform, or mini games built into the training, but in the end that angle didn't really add enough value for our purposes. The end users who take our security training know they are supposed to be learning.
Within our Secure Code Warrior platform, we measure the secure coding skills of a software developer while using game-based elements to keep them engaged. That means keeping these questions in mind:
- Do they understand the most common software security weaknesses?
- Can they fix common security bugs using framework specific security functions?
- Are they confident about their software security skills?
- What are their strengths and skills gaps in terms of secure code?
Caring by design
There's another reason I can relate strongly with Scoutible's product. Not only is it a benefit to the hiring company, but also to the candidate. Not all strong candidates you'll encounter are good at interviewing. For some, it's just not in their personalities. For others, they might never have been taught the fine art of interviewing, or maybe they're new to the workforce and this is their first interview.
This is where I see a similarity with software developers. Sadly, there just isn't a focus on security in many university programs. Aspiring developers are told "You'll learn it on the job." They leave school knowing how to make their code work, but they unknowingly perpetuate all of the same vulnerabilities that we've been fighting against for 20 or more years.
When developers do get that job and ask to learn about security, they have even less time than when they were in school. They're paid to produce functional, effective software, and many of the developer security training courses ... well, they're boring. Let's be honest.
What if you could get your developers, new and old, to care about security without really thinking about it? How do you make training interesting, engaging, and even fun, while also still being effective?
That's our challenge, and just like Scoutible's, it's a very real one. Just because the problem is incredibly serious doesn't mean the solution has to be mundane and boring. We've tried that already. We prefer to inject a little fun, excitement, competition, and engagement into our solution. So far, it's worked very, very well.
I thought if we could build a tool that felt like a game, and incorporated tests for the appropriate personality and cognitive attributes, we could address many of the problems I'd been studying.
https://www.inc.com/kevin-j-ryan/scoutible-video-game-reinventing-the-hiring-process.html
Resources to get you started
Trust Agent by Secure Code Warrior
Discover SCW Trust Agent, an innovative solution designed to enhance security by aligning developer secure code knowledge and skills with the work they commit. It provides comprehensive visibility and controls across an organization's entire code repository, analyzing each commit against developers' secure code profiles. With SCW Trust Agent, organizations can strengthen their security posture, optimize development lifecycles, and scale developer-driven security.
Resources to get you started
Women in Security are Winning: How the AWSN is Setting Up a New Generation of Security Superwomen
Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.
Women in Security are Winning: How the AWSN is Setting Up a New Generation of Security Superwomen
Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.
SCW Trust Agent - Visibility and Control to Scale Developer Driven Security
SCW Trust Agent, introduced by Secure Code Warrior, offers security leaders the visibility and control needed to scale developer-driven security within organizations. By connecting to code repositories, it assesses code commit metadata, inspects developers, programming languages used, and shipment timestamps to determine developers' security knowledge.
A video game to improve the hiring process
![](https://cdn.prod.website-files.com/5fec9210c1841a6c20c6ce81/6022b76e192a134965040775_5fb34f0f23e3f036f37d5ca0_DonkyKong.webp)
It's no secret that we believe strongly in the power of gamification at Secure Code Warrior to engage developers to code securely. It's what we do, and the results have been amazing so far. But what about using an actual video game to assess potential new hires? Is that going a step too far, or could it possibly be an effective practice?
That's what the startup Scoutible is doing, and I have to say I'm intrigued by their approach. Scoutible assesses potential hires using a video game - not gamified assessments, but an actual video game experience - and checks how the person behaves in certain situations. The game captures "millions of data points used to measure a candidate's various attributes" during just 20 minutes of gameplay, and uses those data points to rate how the candidate would do for the job in question.
There's a lot to like here, and a lot to learn from as well. The product is flexible to meet their customers'needs, and it targets a problem that many people responsible for hiring have known for a long time. Self-reported assessment, like Myers-Briggs, just aren't reliable. They allow you to "game" the system, or at least try to, by not being entirely honest. In a game, you have an objective and must adapt and problem solve to meet that objective. It's quite simple, and ingenious if it works as Scoutible claims. I can't wait to hear more about it.
Gaming versus gamification
Scoutible's approach makes sense for their target audience and use case. At one point in Secure Code Warrior's journey, we considered the value of a full gaming platform, or mini games built into the training, but in the end that angle didn't really add enough value for our purposes. The end users who take our security training know they are supposed to be learning.
Within our Secure Code Warrior platform, we measure the secure coding skills of a software developer while using game-based elements to keep them engaged. That means keeping these questions in mind:
- Do they understand the most common software security weaknesses?
- Can they fix common security bugs using framework specific security functions?
- Are they confident about their software security skills?
- What are their strengths and skills gaps in terms of secure code?
Caring by design
There's another reason I can relate strongly with Scoutible's product. Not only is it a benefit to the hiring company, but also to the candidate. Not all strong candidates you'll encounter are good at interviewing. For some, it's just not in their personalities. For others, they might never have been taught the fine art of interviewing, or maybe they're new to the workforce and this is their first interview.
This is where I see a similarity with software developers. Sadly, there just isn't a focus on security in many university programs. Aspiring developers are told "You'll learn it on the job." They leave school knowing how to make their code work, but they unknowingly perpetuate all of the same vulnerabilities that we've been fighting against for 20 or more years.
When developers do get that job and ask to learn about security, they have even less time than when they were in school. They're paid to produce functional, effective software, and many of the developer security training courses ... well, they're boring. Let's be honest.
What if you could get your developers, new and old, to care about security without really thinking about it? How do you make training interesting, engaging, and even fun, while also still being effective?
That's our challenge, and just like Scoutible's, it's a very real one. Just because the problem is incredibly serious doesn't mean the solution has to be mundane and boring. We've tried that already. We prefer to inject a little fun, excitement, competition, and engagement into our solution. So far, it's worked very, very well.
I thought if we could build a tool that felt like a game, and incorporated tests for the appropriate personality and cognitive attributes, we could address many of the problems I'd been studying.
https://www.inc.com/kevin-j-ryan/scoutible-video-game-reinventing-the-hiring-process.html
Resources to get you started
Women in Security are Winning: How the AWSN is Setting Up a New Generation of Security Superwomen
Secure-by-Design is the latest initiative on everyone’s lips, and the Australian government, collaborating with CISA at the highest levels of global governance, is guiding a higher standard of software quality and security from vendors.
SCW Trust Agent - Visibility and Control to Scale Developer Driven Security
SCW Trust Agent, introduced by Secure Code Warrior, offers security leaders the visibility and control needed to scale developer-driven security within organizations. By connecting to code repositories, it assesses code commit metadata, inspects developers, programming languages used, and shipment timestamps to determine developers' security knowledge.
Trust Agent by Secure Code Warrior
Discover SCW Trust Agent, an innovative solution designed to enhance security by aligning developer secure code knowledge and skills with the work they commit. It provides comprehensive visibility and controls across an organization's entire code repository, analyzing each commit against developers' secure code profiles. With SCW Trust Agent, organizations can strengthen their security posture, optimize development lifecycles, and scale developer-driven security.