Frequently Asked Questions

Getting Started

What is Malware & Monsters?

Malware & Monsters is a collaborative cybersecurity education framework that uses creature-collection mechanics and storytelling to teach incident response. Teams work together to identify, analyze, and respond to digital threats represented as “Malmons” - creatures with distinct behaviors, capabilities, and weaknesses based on real malware families.

Who can participate in Malware & Monsters sessions?

Anyone interested in cybersecurity can participate! Sessions are designed for diverse experience levels, from beginners to cybersecurity professionals. The collaborative learning approach means participants learn from each other’s expertise and perspectives.

Do I need cybersecurity experience to play?

No prior cybersecurity experience is required. The framework is designed to teach through discovery and collaboration. Your unique perspective and problem-solving skills are valuable regardless of your technical background.

How long does a typical session last?

A standard Malware & Monsters session lasts 2-4 hours, divided into three rounds: Discovery (identifying the threat), Investigation (understanding impact and scope), and Response (coordinating containment and recovery).

Session Requirements

What do I need to participate?

• A willingness to collaborate and share ideas
• Basic problem-solving curiosity
• Access to the Players Handbook (online or PDF)
• An Incident Master to facilitate the session

Do I need special software or tools?

No special software is required. The framework focuses on collaborative thinking and communication rather than technical tool usage. Any specific tools used are determined by the scenario and learning objectives.

How many people can participate in a session?

Sessions work best with 3-6 participants, allowing each person to take on distinct incident response roles while maintaining effective group collaboration.

Learning and Progression

What will I learn from Malware & Monsters?

Participants develop skills in: - Incident response methodologies - Malware analysis and classification - Collaborative problem-solving - Communication during crisis situations - Understanding of MITRE ATT&CK framework - Network and endpoint security concepts

How does the progression system work?

The framework includes a badge system that tracks skill development across six key areas: Network Security, Endpoint Security, Data Protection, Human Factor Security, Critical Infrastructure Security, and Governance & Compliance.

Are there competitive elements?

While the framework includes community collection and progression tracking, the primary focus is collaborative learning rather than competition. Teams succeed or fail together.

For Facilitators

What’s an Incident Master?

An Incident Master (IM) is the facilitator who guides sessions using proven educational techniques. They don’t need to be cybersecurity experts - they focus on asking the right questions and creating engaging learning experiences.

How do I become an Incident Master?

Start with the IM Handbook which provides complete facilitation guidance, techniques, and session management approaches based on the Sly Flourish methodology.

What scenarios are available?

The framework includes detailed scenario cards covering various organizational contexts (healthcare, finance, education, etc.) and different malware families from historical threats like Code Red (2001) to contemporary threats like LockBit.

Technical Questions

What are Malmons?

Malmons (short for Malware Monsters) are creatures representing real malware families. Each has specific types (Trojan, Worm, Ransomware, APT), abilities based on actual attack techniques, and weaknesses that mirror real-world containment strategies.

How does the type effectiveness system work?

Similar to creature-collection games, different response approaches are more or less effective against specific Malmon types. For example, network isolation is super effective against Worms but less effective against already-installed Trojans.

Are the scenarios based on real incidents?

Yes, all scenarios and Malmons are based on real malware families and actual cybersecurity incidents, adapted for educational purposes while maintaining technical accuracy.

Community and Resources

Where can I find more resources?

• Players Handbook - Complete participant guide
• IM Handbook - Facilitation techniques and scenarios
  
• Community - Connect with other learners and facilitators
• GitHub Repository - Open source materials

How can I contribute to the project?

The project welcomes contributions including: - New scenario cards and organizational contexts - Additional Malmon profiles for emerging threats - Translation into other languages - Facilitation technique improvements - Community feedback and session reports

Is Malware & Monsters free to use?

Yes, all materials are available under Creative Commons licensing to encourage widespread cybersecurity education. The framework is designed for educational use by schools, organizations, and community groups.

---

Don’t see your question here? Contact us and we’ll help you get started with collaborative cybersecurity learning.