GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

By Zac Amos

Augmented reality (AR) and virtual reality (VR) technologies provide intriguing opportunities for immersive and interactive experiences in cybersecurity training.

Related: GenAI’ impact on DevSecOps

Here’s  how these technologies can bridge learning gaps in cybersecurity awareness and enhance the overall training experience.

AR and VR technologies can create distinct immersive experiences by merging digital reality with the physical world. Augmented reality lets users experience the world around them with digital images and audio-visual elements layered on top. This integration offers innovative ways for people to interact with their environment, enhancing their overall experience. Common examples of AR applications include the Pokemon Go mobile game and Snapchat filters.

Virtual reality also utilizes interactive audio-visual elements but within a computer-generated environment. These virtual worlds appear genuine, giving users a more immersive and holistic experience in their surroundings.

These industries are growing in popularity and demand. Research suggests there will be over 1.7 billion AR devices worldwide by 2024 — nearly three times the figure from 2020. The market has also grown by 1,600% since 2018, displaying an interest that shows no signs of slowing.

Improving best practices

Cybersecurity training entails teaching the procedures for mitigating and addressing risks to computer systems. Organizations conduct these sessions to bring participants up to speed on the cybersecurity threat landscape and develop their knowledge of best practices to secure sensitive data, assess risk levels, and report incidents.


In addition to providing essential knowledge, cybersecurity training encourages individual and team accountability. Everyone in the company is responsible for maintaining information security and applying protective measures in line with established policies.

The immersive nature of AR and VR technologies presents a number of opportunities to improve how people learn about and enforce cybersecurity.

Hands-on training

Incorporating AR and VR into learning creates an environment where participants can enjoy a hands-on experience, which is a great way to retain knowledge and develop skills. For example, security professionals can build cyberattack scenarios, designing the system to provide realistic feedback so participants better understand what to do if they encounter real-life threats.

AR and VR facilitate gamified learning — or using game elements to make learning more enjoyable. This approach encourages deeper engagement since participants interact with various features like leaderboards, achievement badges and actual games as part of their cybersecurity training.

PwC sets an excellent example of gamification in cybersecurity with its Game of Threats. It simulates real-world cyber breaches so participants can gain experience in making critical decisions to protect their companies.Personalized Learning

People are complex, with different learning preferences and aptitudes. Cybersecurity experts can utilize AR and VR  to tailor lessons based on individual learning needs.

For example, they can create and deploy customized projects using AR apps or VR headsets. Each participant will have a specific learning plan built around what they need to know and how they prefer to learn. This is not a new concept — 2021 research on using VR for personalized learning showed a strong positive correlation, resulting in improved student motivation and performance.

Potential drawbacks

While AR and VR have their advantages, there are also disadvantages. The most notable include:

•Technological issues: The risk of technical glitches, power outages, internet disruptions and the like are a huge challenge to successfully adopting immersive technology in cybersecurity training.

•Eye strain and discomfort: Using AR or VR devices for extended periods may cause eye strain and related symptoms.

•Potential for increased distraction: With so many interactive features at their disposal, it’s easy for participants to get distracted.

•Accessibility issues: Developing countries might encounter limited access to AR and VR equipment, making it considerably difficult to explore immersive learning.

Keeping these potential issues in mind when launching AR and VR cybersecurity training will provide trainees with the best experience possible.

AR and VR can help enhance cybersecurity awareness training by facilitating personalized, immersive learning experiences. As these tools become more pervasive among a wide range of applications, they will play a critical role in creating more engaging and efficient learning experiences.

About the essayist: Zac Amos writes about cybersecurity and the tech industry, and he is the Features Editor at ReHack. Follow him on Twitter or LinkedIn for more articles on emerging cybersecurity trends.


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone