{"id":180947,"date":"2026-01-23T09:00:00","date_gmt":"2026-01-23T14:00:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/23\/bob-miller-ceo-and-founder-of-irgame-gamification-for-incident-response-training\/"},"modified":"2026-01-23T10:10:09","modified_gmt":"2026-01-23T15:10:09","slug":"bob-miller-ceo-and-founder-of-irgame-gamification-for-incident-response-training","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/23\/bob-miller-ceo-and-founder-of-irgame-gamification-for-incident-response-training\/","title":{"rendered":"Bob Miller, CEO and Founder of IRGame, Gamification for Incident Response Training"},"content":{"rendered":"<p><a href=\"https:\/\/discoverlafayette.net\/podcast\/bob-miller-ceo-and-founder-of-irgame-gamification-for-incident-response-training\">Bob Miller, CEO and Founder of IRGame, Gamification for Incident Response Training<\/a><\/p>\n<p><a href=\"https:\/\/discoverlafayette.net\/podcast\/bob-miller-ceo-and-founder-of-irgame-gamification-for-incident-response-training\">https:\/\/discoverlafayette.net\/podcast\/bob-miller-ceo-and-founder-of-irgame-gamification-for-incident-response-training<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-23 09:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"discoverlafayette.net\">discoverlafayette.net<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n\t\t\t\t\t\t\t\tPodcast: Play in new window | Download (Duration: 1:00:11 \u2014 82.7MB)Subscribe:  | More<br \/>\nBob Miller, CEO and Founder of IRGame, is a technology entrepreneur with 30+ years of experience across cybersecurity and emerging technologies.<\/p>\n<p>He\u2019s a pioneer in using AI-powered gamification for incident response (\u201cIR\u201d) training, designed specifically for busy executives who can\u2019t spend full days in training but must make high-stakes decisions quickly during real crises. IRGame puts executive teams through realistic scenario such as ransomware, data breaches, business email compromise, and AI-related incidents, so they can practice decision-making under pressure.<\/p>\n<p>Returning to Lafayette and building startups<\/p>\n<p>Bob graduated in 1988 from University of Louisiana \u2013 Monroe in Computer Science and Math. He moved back to Louisiana from San Jose around 2010 and chose Lafayette as home. Almost immediately, the Lafayette Economic Development Authority (LEDA) contacted him about helping build a startup accelerator. With experience across roughly 10 startups, he became founding director of what he named the Opportunity Machine, where his title was \u201cHead Machinist\u201d). Bob later continued mentoring via the Accelerator Board.<\/p>\n<p>After three years, engineer and entrepreneur Bill Fenstermaker recruited him to help commercialize products at Fenstermaker &#038; Associates. Bob worked on projects including a custom GIS system and underwater acoustics, following earlier work in areas like satellite systems. Later he became COO at Waitr in its early stage, helping scale from about 300 to 3,000 employees in roughly 12\u201314 months, the kind of operational scaling challenge he\u2019s often brought in to manage. He then joined a local managed service provider and helped transform it into a managed security service provider, an experience that directly led to IR Game.<\/p>\n<p>Why IR Game exists<\/p>\n<p>Bob identified a persistent problem: many organizations resist spending time and money on cybersecurity because they don\u2019t understand it and lack an emotional connection because they have never experienced a crisis. Traditional tabletop training exercises meant to train a business team on how to respond during a crisis (paper scenarios, PowerPoint presentations, and sitting around a conference table discussing solutions) have existed for decades, but they\u2019re time-consuming (often 80\u201390 hours to prepare) and require pulling people into a room for a full day, which makes them expensive and hard to scale. If it\u2019s hard, many companies simply don\u2019t do it.<\/p>\n<p>Bob attended a cybersecurity conference and participated in a tabletop designed for managed service providers, an exercise that was \u201cfundamentally terrifying\u201d and eye-opening. A worst-case Managed Service Provider (\u201cMSP\u201d) scenario is when a third-party tool, especially remote monitoring and management (RMM) software, gets compromised. That can lead to ransomware across an MSP\u2019s entire customer base simultaneously. The exercise illustrated IRGame\u2019s central insight: about 80% of incident response is non-technical in nature: financial consequences, shutdown decisions, customer impact, employee panic, communications, reputational and legal exposure.<\/p>\n<p>Bob brought the tabletop back to his company and ran it with 80 of 130 employees, customizing it with real customer names, revenue figures, and tenure. Even with a mature incident response plan and twice-yearly practice, they discovered a dozen needed changes. That convinced him that if a well-prepared security organization learns that much from a scenario, \u201ceverybody can.\u201d<\/p>\n<p>The breakthrough: turning tabletop into an online multiplayer game<\/p>\n<p>During that exercise, a longtime software collaborator of Bob\u2019s mentioned he still had a dormant game app framework built years earlier for a high-school project with Bob\u2019s daughter. He believed he could convert the paper tabletop into an online multiplayer experience in a weekend. After running the in-person tabletop on Thursday, he demonstrated a working browser-based multiplayer version on Sunday.<\/p>\n<p>They showed it to cybersecurity tabletop authors and industry influencers, Matt Lee and Ethan Tancredi, who were shocked by how quickly the tabletop content had been transformed into a functional digital game. Soon after, they invited about 20 people to test it. The early version looked rough, like a 1980s text adventure, but it worked. The response was far stronger than expected: participants reported intense emotional engagement and immediate practical takeaways. One government participant said it left him rattled, with pages of notes and a need for a drink; an MSP in Hawaii asked when he could use it with customers.<\/p>\n<p>That became a monthly community practice program: they\u2019ve run 25+ free games, putting 1,000+ people through the system. As demand grew\u2014especially from providers wanting to use it with customers\u2014IRGame chose to commercialize.<\/p>\n<p>IR Game mirrors tabletop training but compresses it into a high-intensity, guided simulation. A scenario is narrated like scenes in a movie. Participants answer opening questions to get teams communicating quickly, which is critical because incident response requires fast coordination. Players assume roles and must allocate limited resources to tasks. Challenges pile up faster than teams can handle them, forcing prioritization and tradeoffs, just like real incidents.<\/p>\n<p>A key design element is pressure: a relentless timer counts down; there\u2019s no pause button. This stress reveals the truth: under pressure, people become more honest about gaps in their preparedness. That\u2019s valuable because organizations often sugarcoat weaknesses\u2014until a simulation forces real reactions.<\/p>\n<p>Bob explained an example crisis scenario: a business email compromise (which he says is currently a dominant incident type). A financial firm discovers a customer wired money to a \u201cnew account\u201d supposedly sent by the CFO, yet the CFO didn\u2019t send it. As the story unfolds, participants learn the compromise likely affected many customers, not just one. The game surfaces operational realities executives often miss: internal rumors, uncontrolled communications, legal exposure triggered by words like \u201cbreach,\u201d and the need for an \u201cevent mode\u201d communications policy that calms the organization and prevents chaos.<\/p>\n<p>AI scenarios and new risks<\/p>\n<p>IRGame also focuses on emerging AI-related risks. Miller says they ran what they described as the first AI incident scenario at a national security conference (IT Nation Secure) and now maintain multiple AI scenarios. The point is not to create fear, but to provide a safe environment to practice decisions around new threat patterns.<\/p>\n<p>Practical cybersecurity guidance for individuals and small businesses<\/p>\n<p>Bob emphasizes that cybersecurity is no longer optional and that AI strengthens attackers as well as defenders. He predicts that in 2026 smaller businesses will face increased targeting, because automation lets \u201ctwo dudes and a dog\u201d run campaigns that once required larger teams, making up revenue in volume rather than big single payouts.<\/p>\n<p>He also notes that cybercriminal ecosystems now resemble legitimate businesses, including tools, support, and organizational structure.<\/p>\n<p>Bob recommends baseline controls that are realistic for small organizations: unique passwords, password managers, multi-factor authentication, training on phishing, cyber insurance, and economical endpoint monitoring (EDR\/MDR). These measures raise the cost for attackers so they move on to easier targets, though no control is perfect.<\/p>\n<p>On password managers, Bob uses Keeper and mentions 1Password and others. He strongly warns against saving passwords in browsers. He also flags emerging concerns about AI-enabled browsers that maintain a large \u201ccontext window\u201d across many sites, potentially increasing risk if compromised.<\/p>\n<p>On online exposure to your information, such as emails and staff info on websites, he advises sharing only what\u2019s necessary. Data can be scraped and used for phishing and impersonation. Deepfakes and better-written scams are making social engineering harder to detect.<\/p>\n<p>He also notes that much personal data is already exposed through breaches, citing Louisiana\u2019s DMV breach as an example of widespread data loss where every licensed driver\u2019s Social Security Number was compromised.<\/p>\n<p>Incident response planning and insurance pressure<\/p>\n<p>A recurring theme: organizations need an incident response plan and must practice it, especially as cyber insurers increasingly demand proof. In a room of 50+ attorneys he spoke to recently, Miller found only three had a plan, and none practiced it. He warned that future claims could be denied if companies claim they had plans but don\u2019t demonstrate practice.<\/p>\n<p>Trying IRGame for free<\/p>\n<p>IRGame offers free public sessions: the last Friday of every month, sign-up available via their website. Miller notes they also post recordings and content online (LinkedIn and YouTube).<\/p>\n<p>Visit https:\/\/www.irgame.ai\/ for more information and to sign up for a free public session. You can also see how IRGame works by visiting its youtube channel at https:\/\/www.youtube.com\/@IRGameify<\/p>\n<p>Personal note: music and creativity<\/p>\n<p>Outside cybersecurity, Miller is a musician, primarily blues\/rock, and often appears on video with guitars behind him. He draws a parallel between software development and music: both require creativity within rules. He argues policies and procedures aren\u2019t bureaucracy\u2014they\u2019re like scales and tempo: structure that enables effective performance under pressure.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bob Miller, CEO and Founder of IRGame, Gamification for Incident Response Training https:\/\/discoverlafayette.net\/podcast\/bob-miller-ceo-and-founder-of-irgame-gamification-for-incident-response-training Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":180948,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/discoverlafayette.net\/wp-content\/uploads\/2026\/01\/Bob-Miller-and-Jan-Swift-at-taping-of-Discover-Lafayette-podcast.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,25],"class_list":["post-180947","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180947"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=180947"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180947\/revisions"}],"predecessor-version":[{"id":180949,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180947\/revisions\/180949"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/180948"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=180947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=180947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=180947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}