The recent explosion of cybersecurity games not only reflects a growing interest in the discipline broadly, but a recognition that these types of games can be entertaining as well as useful tools for outreach and education. However, cybersecurity game terminology—those terms used to describe or communicate a game’s format, goals, and intended audience—can be confusing or, at worst, misleading. The result being a potential to disappoint some players, or worse, misrepresent the discipline and discourage the same populations we intend to attract. The year 2015 marked the second USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE), co-located again with the USENIX Security Symposium. At the event, we invited a community conversation about terminology for cybersecurity games. The conversation was the seed of a draft vocabulary report to be presented to the Cybersecurity Competition Federation for comment and possible adoption. In this article, we summarize some of the issues arising from that discussion.
