To Infinity and Beyond: How Azul Took Its Cybersecurity Program to New Heights with Gamification
Azul is one of the largest airlines in Brazil. With an impressive large-scale operation, the company runs more than 1000 flights a day to over 160 destinations. And its signature strength? Punctuality. Azul relies on a dedicated team of more than 16 thousand crew members to ensure everything runs smoothly for travelers around the clock.
But this giant of the skies doesn’t stand out just for its journey through the air. It’s also a standout when it comes to cybersecurity, especially on the human side of things.
Coloring the Sky in Blue
At Azul, safety has always been a top priority. Whether in flight operations or in the cybersecurity realm, protection is taken seriously!
Since its founding in 2008, the company has consistently invested in human-focused cybersecurity education. Back then, most training was developed in-house and delivered in a hybrid format: onboarding took place in person at UniAzul, the company’s corporate university, while additional content was released periodically online.
However, as Azul grew and gained recognition in both the national and international markets, establishing bases across Brazil, the United States, and Europe, the workforce expanded and operations naturally became more complex.
It soon became clear that creating all content internally was no longer sustainable. It was time to free up operational resources and look for a robust solution capable of keeping pace with the scale and ambition of the program Azul wanted to implement.
Choosing a Gamified Approach
When Azul decided to adopt a cybersecurity solution, the goal was clear: to boost employee engagement in the program and reinforce strong cybersecurity habits.
“The first step, before engagement, is adoption. We needed to ensure the program was quickly embraced by employees right from onboarding so they would immediately become interested in the initiative. Gamification was a key factor in helping us achieve this goal.”
João Paulo Torralvo, Information Security Manager at Azul Linhas Aéreas and a professional with over 23 years of IT experience, explains that the gamified program was essential in driving greater team adoption and streamlining the onboarding process. By the second season, the company already had more than 4370 employees actively engaged.
Changing Behavior and Promoting Safe Practices
According to João Paulo, while the in-house training did its job, one of the biggest challenges was truly engaging employees with the topic of security. More than that, it was about measuring the program’s results and proving real behavior changes in day-to-day operations.
The secret Azul found to overcome this challenge was to bring the educational program content closer not only to employees’ work routines but also to their personal daily lives.
“I always talk a lot about the acronym PPT. People usually think it stands for PowerPoint, but it doesn’t,” – João Paulo says with a laugh. “I’m talking about people, processes, and technology. You need to create technologies and processes that make sense for people, because at the end of the day, it’s people who control the technologies and processes. It’s the same with security training. Today, when an employee walks out of Azul, they feel that the program’s content is useful not just for their work, but for their personal life as well.”
This strategy was a game-changer for the giant of the skies. By choosing content that made sense for employees’ daily routines and combining it with gamified experiences that truly captured their interest, the company unlocked a valuable achievement: genuine engagement.
Over time, teams didn’t just come to understand the risks—they began participating in the program naturally. Through direct communication channels, it was possible to measure and observe behaviors changing and the security culture coming to life in day-to-day operations.
In the very first season, Azul received thousands of employee reports through Cyberattitudes, and that number more than tripled in the second season. Hundreds of these reports were addressed with the security team and turned into opportunities to implement new controls.
First Season
1,381 Cyberattitudes submitted
Over 600 turned into contributions for new security controls
Second Season
4,875 Cyberattitudes submitted
Over 150 turned into contributions for new security controls
With these results, Azul was able to gather evidence of security and privacy controls that helped them achieve SOC 2 certification in the United States.
More Than a Program: A Culture
Aware of the importance of the topic, Azul goes beyond training with a range of initiatives in its cybersecurity education program. And they truly excel when it comes to personalization, communication, and recognition!
To start, João Paulo and his trusted partner, Gabriela Bettarello, created an internal hub fully dedicated to cybersecurity content. For those more active on social media, like flight attendants, there’s an Instagram profile entirely focused on the topic. For those always on the go, like pilots, regular updates are sent via WhatsApp.
And beyond tailoring engagement to each type of employee, Azul also runs a program of visits to its bases across Brazil, fostering direct conversations about the importance of cybersecurity and reinforcing a culture of protection at every point of operations.
When it comes to recognition, this airline giant doesn’t mess around. With plenty of celebration and good humor, the top crew members each season can earn Hacker Rangers boards, Azul Loyalty points, and even company-paid trips! Now that’s what we call recognition!
“We always hold recognition ceremonies to share interim and final results. We prepare internal communications with videos from the security team, recognition messages from senior leadership, and even invite previous season winners to share their experiences… It’s always a lot of fun!”
Security in Everyday Life. For Everyone.
Today, with a gamified approach, João Paulo observes a significant increase in employee adoption and retention in the security program. According to the manager, through a positive approach, the use of gamification, personalized communication, interactivity, and recognition, employees remain motivated and engaged, eager to progress and enhance their cybersecurity knowledge.
Even employees in flight operations, whose engagement can be heavily affected by seasonal demands, strive to reach the top and be recognized in first place—just as one of the ground operations team members actually achieved!
“Today, we’ve been able to reach far beyond the administrative teams. Security has reached flight attendants, pilots, ground operators… and I can say we’ve reached many others outside the company’s doors. Our crew members share what they’ve learned with family and friends. We receive many genuine stories of how they’ve been able to protect their loved ones with the knowledge they gained here at Azul.”
The security program is so seamlessly integrated into the company culture that one of aviation’s core principles has also become a security practice.
“You know that common aviation rule? That you put the mask on yourself first before helping others? We see that in practice every day in the program. Employees learn and support each other. It has created a kind of ‘consultation environment’ where everyone talks about cybersecurity. We’ve been able to break some outdated taboos and encourage open communication about risks, all in a very positive way.”
An Even Bluer Sky!
Azul proudly displays the Hacker Rangers White Certified seal—but there’s still so much more to come! Upcoming initiatives to further strengthen the company’s security culture include an ambassador program, comic strips, partnerships with HR, and even CTF events. And of course, they can always count on Hacker Rangers as their co-pilot on this journey to the next level.
“No tool can replace human behavior. A cybersecurity mindset is crucial. From the perimeter to the digital environment, it’s people who control the technologies and manage operations. A well-trained eye can make all the difference.”
