Boeing
Gamification in technical learning modules
Case Study
5 min read
Show Solution
Show Solution
Project Overview
Project Overview
Project Overview
This 6-month capstone project created a new learning approach for Boeing's software engineering workforce. Working with 3 Boeing stakeholders, our team developed practical solutions to bridge the gap between security theory and real-world application for new engineers.
This 6-month capstone project created a new learning approach for Boeing's software engineering workforce. Working with 3 Boeing stakeholders, our team developed practical solutions to bridge the gap between security theory and real-world application for new engineers.
This 6-month capstone project created a new learning approach for Boeing's software engineering workforce. Working with 3 Boeing stakeholders, our team developed practical solutions to bridge the gap between security theory and real-world application for new engineers.
Role
Role
Tools
Tools
Task
Task
Team
Team
UX Designer & Researcher
UX Designer & Researcher
Figma, Lovable.dev, Claude.ai
Figma, Lovable.dev, Claude.ai
Product Design, User Research
Product Design, User Research
2 UX Designers, 3 Software Engineers, 3 Boeing Stakeholders
2 UX Designers, 3 Software Engineers, 3 Boeing Stakeholders
Impact Preview
Impact Preview
Success Metrics
Our research-validated approach established clear success targets with Boeing stakeholders. These metrics demonstrate measurable improvement in security competency and reduced operational burden on technical teams.
Our research-validated approach established clear success targets with Boeing stakeholders. These metrics demonstrate measurable improvement in security competency and reduced operational burden on technical teams.
Our research-validated approach established clear success targets with Boeing stakeholders. These metrics demonstrate measurable improvement in security competency and reduced operational burden on technical teams.
53% → 70%
Improvement
in new hires correctly identifying security vulnerabilities at 3-month mark
36% → 20%
reduction
in assessment retake rate, from multiple attempts to single completion
6 → 4
hours weekly
decrease in remedial guidance time from technical leads per team
Context
Context
Boeing's Training Crisis
Boeing faces a significant training challenge with their large annual intake of new software engineers requiring DevSecOps knowledge—integrating security throughout the development lifecycle. To understand how this training crisis specifically affects Boeing's engineers and operations, we need to examine the concrete problems they face daily.
Boeing faces a significant training challenge with their large annual intake of new software engineers requiring DevSecOps knowledge—integrating security throughout the development lifecycle. To understand how this training crisis specifically affects Boeing's engineers and operations, we need to examine the concrete problems they face daily.
Boeing faces a significant training challenge with their large annual intake of new software engineers requiring DevSecOps knowledge—integrating security throughout the development lifecycle. To understand how this training crisis specifically affects Boeing's engineers and operations, we need to examine the concrete problems they face daily.
Why DevSecOps Matters to Boeing
DevSecOps is a methodology that integrates security practices throughout the entire software development lifecycle, from initial design through production deployment.
At Boeing, failed security integration can ground aircraft fleets and cost millions in recalls.
The Training Challenge
Why DevSecOps Matters to Boeing
450-500 engineers need this training annually
Current text-heavy approach leads to security vulnerabilities in production
Currently 6+ hours weekly are spent fixing preventable security issues by Technical leads
DevSecOps is a methodology that integrates security practices throughout the entire software development lifecycle, from initial design through production deployment.
At Boeing, failed security integration can ground aircraft fleets and cost millions in recalls.
The Training Challenge
450-500 engineers need this training annually
Current text-heavy approach leads to security vulnerabilities in production
Currently 6+ hours weekly are spent fixing preventable security issues by Technical leads
Problem
Problem
Why Text-Heavy Training Fails
The traditional text-based approach fails to prepare engineers for real-world security challenges. Boeing's engineers confirmed this gap through direct feedback about their training frustrations and daily workflow challenges.
The traditional text-based approach fails to prepare engineers for real-world security challenges. Boeing's engineers confirmed this gap through direct feedback about their training frustrations and daily workflow challenges.
The traditional text-based approach fails to prepare engineers for real-world security challenges. Boeing's engineers confirmed this gap through direct feedback about their training frustrations and daily workflow challenges.
01.
New Hire Engineer
"I'd learn so much more if I could see examples of vulnerable Boeing code and how to fix it."
02.
New Software Engineer
"I know the information is in there somewhere, but finding what I need when I need it is almost impossible."
03.
Engineering Manager
"Our teams want to build secure code, but they need to see how security applies to their specific work."
01.
New Hire Engineer
"I'd learn so much more if I could see examples of vulnerable Boeing code and how to fix it."
02.
New Software Engineer
"I know the information is in there somewhere, but finding what I need when I need it is almost impossible."
03.
Engineering Manager
"Our teams want to build secure code, but they need to see how security applies to their specific work."
Research and Insights
Research and Insights
Evidence-Based Design Approach
We conducted literature reviews, stakeholder interviews, and user testing within the current platform across 6 months to validate our approach. This systematic research revealed specific pain points and guided our design decisions. Here is what we found:
We conducted literature reviews, stakeholder interviews, and user testing within the current platform across 6 months to validate our approach. This systematic research revealed specific pain points and guided our design decisions. Here is what we found:
We conducted literature reviews, stakeholder interviews, and user testing within the current platform across 6 months to validate our approach. This systematic research revealed specific pain points and guided our design decisions. Here is what we found:
📖
Literature Reviews
75% vs 10% retention: Interactive vs Text-based learning
68% better implementation when applied within 24 hours
42% higher confidence with fix-the-bug exercises
🤝
Stakeholder Meetings
Real Boeing code examples essential for relevance
Training must align with Boeing security standards
New hires need confidence in security reviews
👨🏻💻
📖
User Testing
Literature Reviews
56% accuracy improvement with visual highlighting
75% vs 10% retention: Interactive vs Text-based learning
"I'd learn more if I could see vulnerable Boeing code"
68% better implementation when applied within 24 hours
68% better implementation when applied within 24 hours
42% higher confidence with fix-the-bug exercises
🤝
Stakeholder Meetings
Real Boeing code examples essential for relevance
Training must align with Boeing security standards
New hires need confidence in security reviews
👨🏻💻
User Testing
56% accuracy improvement with visual highlighting
"I'd learn more if I could see vulnerable Boeing code"
68% better implementation when applied within 24 hours
Defining the Challenge
Defining the Challenge
From User Pain Points to Design Opportunity
These insights from Boeing engineers revealed a clear pattern: traditional training methods weren't building practical security skills. Working with stakeholders, we synthesized this feedback to frame our core design challenge:
These insights from Boeing engineers revealed a clear pattern: traditional training methods weren't building practical security skills. Working with stakeholders, we synthesized this feedback to frame our core design challenge:
These insights from Boeing engineers revealed a clear pattern: traditional training methods weren't building practical security skills. Working with stakeholders, we synthesized this feedback to frame our core design challenge:
“How might we transform Boeing’s text-heavy DevSecOps training into engaging, interactive challenges that boost learning, retention, and real-world security skills for new software developers so they are more confident and can focus more on critical work.”
“How might we transform Boeing’s text-heavy DevSecOps training into engaging, interactive challenges that boost learning, retention, and real-world security skills for new software developers so they are more confident and can focus more on critical work.”
Ideation & Prioritization
Ideation & Prioritization
From 11 Ideas to Strategic Focus
Our team brainstormed 11 different concepts addressing the training challenges. Using a prioritization matrix that considered research findings, technical constraints, and timeline, we identified 4 high-value, low-effort concepts in our optimal development zone.
Our team brainstormed 11 different concepts addressing the training challenges. Using a prioritization matrix that considered research findings, technical constraints, and timeline, we identified 4 high-value, low-effort concepts in our optimal development zone.
Our team brainstormed 11 different concepts addressing the training challenges. Using a prioritization matrix that considered research findings, technical constraints, and timeline, we identified 4 high-value, low-effort concepts in our optimal development zone.
Exploring the 4 Solutions
Exploring the 4 Solutions
Exploring the 4 Solutions
Our top 4 concepts addressed different aspects of interactive security learning:
Our top 4 concepts addressed different aspects of interactive security learning:
Our top 4 concepts addressed different aspects of interactive security learning:
🔍
Vulnerability Identification Lab
Interactive exercises for identifying security issues in real Boeing code
🧩
Security Escape Room
Timed, narrative-driven challenges simulating security incidents
👾
Code-Fix Laboratory
Hands-on environment for implementing security fixes
📊
Tournament Platform
Competitive elements with leaderboards and team challenges
Stakeholder Collaboration
Stakeholder Collaboration
AI-Assisted Whiteboarding for Decision Making
The Challenge: With limited UX resources and 4 concepts requiring stakeholder approval, manually wireframing each would consume weeks of our 6-month timeline.
The Approach: I leveraged AI-assisted wireframing to rapidly generate visual representations, enabling our team to focus human effort on research synthesis and stakeholder facilitation.
The Impact: Visual concepts enabled productive stakeholder discussion. Boeing's security team immediately identified the Vulnerability ID and Code-Fix Labs as most aligned with their immediate training needs, approving both as our MVP scope.
The Challenge: With limited UX resources and 4 concepts requiring stakeholder approval, manually wireframing each would consume weeks of our 6-month timeline.
The Approach: I leveraged AI-assisted wireframing to rapidly generate visual representations, enabling our team to focus human effort on research synthesis and stakeholder facilitation.
The Impact: Visual concepts enabled productive stakeholder discussion. Boeing's security team immediately identified the Vulnerability ID and Code-Fix Labs as most aligned with their immediate training needs, approving both as our MVP scope.
The Challenge: With limited UX resources and 4 concepts requiring stakeholder approval, manually wireframing each would consume weeks of our 6-month timeline.
The Approach: I leveraged AI-assisted wireframing to rapidly generate visual representations, enabling our team to focus human effort on research synthesis and stakeholder facilitation.
The Impact: Visual concepts enabled productive stakeholder discussion. Boeing's security team immediately identified the Vulnerability ID and Code-Fix Labs as most aligned with their immediate training needs, approving both as our MVP scope.
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
🏆 The Winners - Vulnerability Identification Lab + Code-Fix Lab
Boeing prioritized direct skill-building over gamification elements
⏭️ Future Considerations - Tournament Platform and Security Escape room
My Role
My Role
Designing the Highest Priority Feature
Following stakeholder approval, I took ownership of the Vulnerability Identification Lab as the highest priority feature and leveraged my UX design experience to develop the solution, while my partner handled the Code-Fix Laboratory.
Following stakeholder approval, I took ownership of the Vulnerability Identification Lab as the highest priority feature and leveraged my UX design experience to develop the solution, while my partner handled the Code-Fix Laboratory.
Following stakeholder approval, I took ownership of the Vulnerability Identification Lab as the highest priority feature and leveraged my UX design experience to develop the solution, while my partner handled the Code-Fix Laboratory.
Solution
Solution
The Final Product
The Vulnerability Identification Lab transforms passive reading into hands-on security practice using real Boeing code examples. Engineers actively identify vulnerabilities, receive progressive guidance, and learn through detailed explanations—building the practical skills that text-heavy training failed to deliver.
The Vulnerability Identification Lab transforms passive reading into hands-on security practice using real Boeing code examples. Engineers actively identify vulnerabilities, receive progressive guidance, and learn through detailed explanations—building the practical skills that text-heavy training failed to deliver.
The Vulnerability Identification Lab transforms passive reading into hands-on security practice using real Boeing code examples. Engineers actively identify vulnerabilities, receive progressive guidance, and learn through detailed explanations—building the practical skills that text-heavy training failed to deliver.
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
Feature 1 - Interactive Code Highlighting
Engineers click on vulnerable code lines and select security issue types. Visual highlighting improved identification accuracy by 56% over text descriptions.
Feature 2 - Progressive Hint System
Three progressive hints guide learning without revealing answers. Scaffolded approaches showed 35% improved knowledge retention.
Feature 3 - Solution Explanations
After 5 attempts, engineers unlock comprehensive explanations. Users wanted "immediate feedback when making a mistake, not just a final score."
User Testing
User Testing
Solving the Abandonment Problem
User testing with 10 Computer Science Students at the University of Washington, revealed that 40% of engineers abandoned challenges after multiple failed attempts. I designed a "Show Solution" feature that unlocks after 5 attempts, providing detailed explanations while maintaining educational value.
User testing with 10 Computer Science Students at the University of Washington, revealed that 40% of engineers abandoned challenges after multiple failed attempts. I designed a "Show Solution" feature that unlocks after 5 attempts, providing detailed explanations while maintaining educational value.
User testing with 10 Computer Science Students at the University of Washington, revealed that 40% of engineers abandoned challenges after multiple failed attempts. I designed a "Show Solution" feature that unlocks after 5 attempts, providing detailed explanations while maintaining educational value.
Before - No Solution Button
“Is there a place where I can get the solution?”
After - Solution Feature
This iteration dramatically improved completion rates and user satisfaction, with users specifically praising how the explanations helped them understand what they'd been missing.
This iteration dramatically improved completion rates and user satisfaction, with users specifically praising how the explanations helped them understand what they'd been missing.
This iteration dramatically improved completion rates and user satisfaction, with users specifically praising how the explanations helped them understand what they'd been missing.
Key Learnings
Key Learnings
Reflections on Process and Outcomes
Collaboration: Working closely with developers and Boeing stakeholders ensured technical feasibility and business alignment. Cross-functional teamwork was essential for creating an MVP that solved real user challenges.
Research-Driven Design: Basing design decisions on learning effectiveness research created measurable improvements in user engagement and knowledge retention.
Strategic Prioritization: Focusing on high-impact, low-effort features first allowed us to deliver meaningful value within our 6-month timeline constraints.
AI as a Design Tool: Strategic use of AI for rapid ideation accelerated stakeholder communication without replacing critical design thinking and user validation.
Collaboration: Working closely with developers and Boeing stakeholders ensured technical feasibility and business alignment. Cross-functional teamwork was essential for creating an MVP that solved real user challenges.
Research-Driven Design: Basing design decisions on learning effectiveness research created measurable improvements in user engagement and knowledge retention.
Strategic Prioritization: Focusing on high-impact, low-effort features first allowed us to deliver meaningful value within our 6-month timeline constraints.
AI as a Design Tool: Strategic use of AI for rapid ideation accelerated stakeholder communication without replacing critical design thinking and user validation.
Collaboration: Working closely with developers and Boeing stakeholders ensured technical feasibility and business alignment. Cross-functional teamwork was essential for creating an MVP that solved real user challenges.
Research-Driven Design: Basing design decisions on learning effectiveness research created measurable improvements in user engagement and knowledge retention.
Strategic Prioritization: Focusing on high-impact, low-effort features first allowed us to deliver meaningful value within our 6-month timeline constraints.
AI as a Design Tool: Strategic use of AI for rapid ideation accelerated stakeholder communication without replacing critical design thinking and user validation.
Jonathan To
© 2024 Jonathan To Site. All rights reserved.
User Testing
Solving the Abandonment Problem
User testing with 10 Computer Science Students at the University of Washington, revealed that 40% of engineers abandoned challenges after multiple failed attempts. I designed a "Show Solution" feature that unlocks after 5 attempts, providing detailed explanations while maintaining educational value.
Before - No Solution Button
“Is there a place where I can get the solution?”
After - Solution Feature
This iteration dramatically improved completion rates and user satisfaction, with users specifically praising how the explanations helped them understand what they'd been missing.
Key Learnings
Reflections on Process and Outcomes
Collaboration: Working closely with developers and Boeing stakeholders ensured technical feasibility and business alignment. Cross-functional teamwork was essential for creating an MVP that solved real user challenges.
Research-Driven Design: Basing design decisions on learning effectiveness research created measurable improvements in user engagement and knowledge retention.
Strategic Prioritization: Focusing on high-impact, low-effort features first allowed us to deliver meaningful value within our 6-month timeline constraints.
AI as a Design Tool: Strategic use of AI for rapid ideation accelerated stakeholder communication without replacing critical design thinking and user validation.