Gamifying Corporate Culture: How AJ Leece is Turning Boring Training into Playable Stories
Podcasts
•
April 29, 2025
If you've ever sat through a compliance training video and felt your soul slowly drift away, you're not alone. But what if those InfoSec lessons were delivered like a story, complete with missions, villains, and… dice rolls? That’s exactly what AJ Leece, founder of Brekade, is doing—redefining how businesses think about corporate learning through games that are fun, functional, and surprisingly effective.
1. The Pain of Traditional Training
For most companies, security training is a checkbox. It’s dry, mandatory, and often forgotten the moment it’s completed. Studies show that:
Only 10–15% of employees retain details from passive training modules.
Phishing success rates are still alarmingly high—33% of users click on phishing links during simulations.
This isn’t a knowledge problem—it’s an engagement problem.
2. Enter “Incidents and Accidents”
When AJ was teaching PCI compliance to students on Friday afternoons (in a basement, no less), he knew he needed to shake things up. The result? A D20-fueled tabletop exercise that turned students into IT leaders, asking questions real executives should be asking.
That moment—where the disengaged became deeply curious—sparked a business.
3. Games That Simulate Real Threats
Brekade’s library includes:
“Fishing Expedition”: Teams role-play as cybercriminals planning real-world phishing attacks using actual tradecraft.
“SecOps Chaos”: A side-scrolling burnout simulator for security professionals dodging chat Goombas and overflowing inboxes.
“Incidents and Accidents”: The original game, now a full demo, simulating response to a company-wide breach.
These aren't just gimmicks. They introduce core security concepts in environments that encourage collaboration, creativity, and laughter—yes, laughter—in a training session.
4. From Facilitated to Scalable
What started as workshop-only experiences are now being rebuilt into self-directed tools—a shift driven by demand from middle managers who want better training but lack budget for full consulting services. The games are:
Less expensive than traditional workshops
Easier to scale across departments
More fun = more retention
5. Why This Works (And Who It’s For)
Ideal companies are mid-sized (500–2000 employees), with enough complexity to benefit from training but not so much internal overhead that innovation gets blocked. These organizations:
Want to validate their existing systems
Need better engagement across non-technical teams
Are ready to change how training is done
And with game development costs under $1,000 per title, Brekade proves that impact doesn’t require AAA budgets.
Final Thought: Productive Laziness as a Superpower
AJ embraces what he calls productive laziness: the drive to automate repetitive tasks so your brain can focus on meaningful work. Whether it’s building games that teach, or frameworks that scale, it’s all about reclaiming your time—and your team’s attention.
1. The Pain of Traditional Training
For most companies, security training is a checkbox. It’s dry, mandatory, and often forgotten the moment it’s completed. Studies show that:
Only 10–15% of employees retain details from passive training modules.
Phishing success rates are still alarmingly high—33% of users click on phishing links during simulations.
This isn’t a knowledge problem—it’s an engagement problem.
2. Enter “Incidents and Accidents”
When AJ was teaching PCI compliance to students on Friday afternoons (in a basement, no less), he knew he needed to shake things up. The result? A D20-fueled tabletop exercise that turned students into IT leaders, asking questions real executives should be asking.
That moment—where the disengaged became deeply curious—sparked a business.
3. Games That Simulate Real Threats
Brekade’s library includes:
“Fishing Expedition”: Teams role-play as cybercriminals planning real-world phishing attacks using actual tradecraft.
“SecOps Chaos”: A side-scrolling burnout simulator for security professionals dodging chat Goombas and overflowing inboxes.
“Incidents and Accidents”: The original game, now a full demo, simulating response to a company-wide breach.
These aren't just gimmicks. They introduce core security concepts in environments that encourage collaboration, creativity, and laughter—yes, laughter—in a training session.
4. From Facilitated to Scalable
What started as workshop-only experiences are now being rebuilt into self-directed tools—a shift driven by demand from middle managers who want better training but lack budget for full consulting services. The games are:
Less expensive than traditional workshops
Easier to scale across departments
More fun = more retention
5. Why This Works (And Who It’s For)
Ideal companies are mid-sized (500–2000 employees), with enough complexity to benefit from training but not so much internal overhead that innovation gets blocked. These organizations:
Want to validate their existing systems
Need better engagement across non-technical teams
Are ready to change how training is done
And with game development costs under $1,000 per title, Brekade proves that impact doesn’t require AAA budgets.
Final Thought: Productive Laziness as a Superpower
AJ embraces what he calls productive laziness: the drive to automate repetitive tasks so your brain can focus on meaningful work. Whether it’s building games that teach, or frameworks that scale, it’s all about reclaiming your time—and your team’s attention.
1. The Pain of Traditional Training
For most companies, security training is a checkbox. It’s dry, mandatory, and often forgotten the moment it’s completed. Studies show that:
Only 10–15% of employees retain details from passive training modules.
Phishing success rates are still alarmingly high—33% of users click on phishing links during simulations.
This isn’t a knowledge problem—it’s an engagement problem.
2. Enter “Incidents and Accidents”
When AJ was teaching PCI compliance to students on Friday afternoons (in a basement, no less), he knew he needed to shake things up. The result? A D20-fueled tabletop exercise that turned students into IT leaders, asking questions real executives should be asking.
That moment—where the disengaged became deeply curious—sparked a business.
3. Games That Simulate Real Threats
Brekade’s library includes:
“Fishing Expedition”: Teams role-play as cybercriminals planning real-world phishing attacks using actual tradecraft.
“SecOps Chaos”: A side-scrolling burnout simulator for security professionals dodging chat Goombas and overflowing inboxes.
“Incidents and Accidents”: The original game, now a full demo, simulating response to a company-wide breach.
These aren't just gimmicks. They introduce core security concepts in environments that encourage collaboration, creativity, and laughter—yes, laughter—in a training session.
4. From Facilitated to Scalable
What started as workshop-only experiences are now being rebuilt into self-directed tools—a shift driven by demand from middle managers who want better training but lack budget for full consulting services. The games are:
Less expensive than traditional workshops
Easier to scale across departments
More fun = more retention
5. Why This Works (And Who It’s For)
Ideal companies are mid-sized (500–2000 employees), with enough complexity to benefit from training but not so much internal overhead that innovation gets blocked. These organizations:
Want to validate their existing systems
Need better engagement across non-technical teams
Are ready to change how training is done
And with game development costs under $1,000 per title, Brekade proves that impact doesn’t require AAA budgets.
Final Thought: Productive Laziness as a Superpower
AJ embraces what he calls productive laziness: the drive to automate repetitive tasks so your brain can focus on meaningful work. Whether it’s building games that teach, or frameworks that scale, it’s all about reclaiming your time—and your team’s attention.
Share
Copy link
Share
Copy link
Share
Copy link
