According to effective learning theories, active and dynamic learning leads to better and more effective outcomes (Boyle et al., 2011). Gamification is a form of active learning utilized in STEM education and is particularly appealing in cybersecurity (Wolfenden, 2019). The current paper explores the critical need for cybersecurity measures, especially for entities engaged with the Department of Defense (DOD). The increasing cyber threats highlight vulnerabilities small businesses face, making the prioritization of cybersecurity imperative. Small businesses constitute 43% of cyber-attack targets, with only 26% acknowledging cybersecurity as a top priority (Palatty, 2023). Regardless of size, these businesses may be mandated to adhere to the Cybersecurity Maturity Model Certification (CMMC) to mandate cybersecurity standards due to their connections with the DOD. Therefore, the current paper proposes the development of an engaging educational game designed to simplify the complexities of the CMMC model for small businesses. The focus is to create a gaming environment that educates non-technical employees on CMMC principles. The study will provide detailed insights into the game's structure and mechanics, emphasizing its innovative approach to enhancing cybersecurity awareness among non-technical staff. The game's effectiveness and design features will be assessed quantitatively and qualitatively.