Sounds like a solid play, but keep the riddle tight and the trap low‑profile. If the puzzle’s too easy, attackers just skip it, if it’s too hard they’ll give up and move on. Log every move, watch for patterns, and make the decoy look real enough that the attacker thinks they’re actually hacking a legit system. It’s a fine line between lure and bait, but if you hit it, you can learn a lot before they get to the real assets.