This paper presents the rationale for the design of a card deck game sustaining information security training. The efforts have followed design thinking, been inspired by an approach for problem-based learning, and used gamification. The card deck game primarily aims to support entrepreneurs in small and medium-sized manufacturing companies, heading towards the introduction of digital services, yet is also useful for anyone to practice risk awareness. Information security, here in short representing the efforts to protect information and mitigate risks to uphold confidentiality, integrity and availability, is by SMEs often seen as a technical problem, but is depending on human behaviour. Literature on security training, emphasises the relevance of interpersonal dialogues and reflection, such reflection is not supported by traditional education, as for instance reading theory and answering questions. The application of gamification has shown to increase awareness, where the play becomes an eye-opener to progress focused dialogues and learning.