Human-Centered Security
36 episodes - English - Latest episode: 14 days ago - ★★★★★ - 1 ratingCybersecurity is complex. Its user experience doesn’t have to be. Heidi Trost interviews information security experts about how we can make it easier for people—and their organizations—to stay secure.
Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
What Designers Need to Know About Digital Identity and Access with David Mahdi
April 24, 2024 09:00 - 45 minutes - 41.6 MBWhat do the terms digital identity and access mean for the user experience? David Mahdi, CIO at Transmit Security and digital identity and cybersecurity expert, breaks it all down in this episode. We talk about: Access-related terms you need to understand: Digital identity, authentication, and authorization. Why so many security problems are, in fact, access problems. User experience implications. The future of digital identity and what it might mean for your product and your u...
What Designers Need to Know About Identity and Access Management (IAM) with David Mahdi
April 24, 2024 09:00 - 45 minutes - 41.6 MBMaybe you’ve heard the words identity and access management, or IAM, but what does IAM mean for the user experience? David Mahdi, CIO at Transmit Security and digital identity and cybersecurity expert, breaks it all down in this episode. We talk about: What is identity and access management (IAM)? Why so many security problems are, in fact, access problems. How IAM impacts the user experience. The future of IAM and what it might mean for your product and your users. David Mah...
Bake Security Into the DNA of Your Product and Improve the Security User Experience with Darren Thomas and Margaret Cunningham
April 03, 2024 09:00 - 41 minutes - 37.7 MBWe start the episode discussing a very serious topic: emojis. Then we get back to your regularly scheduled programming. How would you approach security if you were building something from scratch? How would you address security user experience challenges? Darren Thomas and Margaret Cunningham from Wethos AI talk about how they’ve built security into their product and how cross-disciplinary collaboration helps them improve the security user experience. In this episode, we talk abou...
What UX Designers Need to Know About Privacy with Michelle Finneran Dennedy
March 13, 2024 13:00 - 50 minutes - 46 MBWhen your website says, “we value your privacy,” how do users interpret that statement? How do they experience “privacy” in your product? What messages are you conveying--perhaps unintentionally? Privacy expert Michelle Finneran Dennedy helps designers think about privacy in the context of the user experience. In this episode, we talk about: What does privacy mean? How, as designers, we give the user ideas of what to expect around privacy—an opportunity to erode or foster trust. ...
Learning and Iterating Are Key to Improving the Security User Experience with Kevin Goldman
February 07, 2024 10:00 - 45 minutes - 41.5 MBDesigning for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to stay ahead of threat actors. In other words, what may have been relatively effective yesterday might not be effective tomorrow. Exactly why the security user experience is so exciting! Thankfully, K...
Build a UX of AI Framework for Your Cross-Disciplinary Team with John Robertson
January 10, 2024 10:00 - 44 minutes - 40.4 MBUX folks are great at asking questions about AI and that’s exactly what we do in this episode. But “questions” sounds boring so we gave the set of questions a fancy name: a UX of AI framework. UX researcher John Robertson describes the UX of AI framework he and his team helped build. In this episode, we talk about: The importance of a human-centered design approach to AI. The need to slow down and consider safety, privacy, and ethics as part of implementing AI. Looking beyond th...
Build Security and UX Into Your Product Development Process with Ali Cuthbertson and Jason Telner
December 13, 2023 10:00 - 38 minutes - 35.4 MBIf there’s one thing both UX teams and security teams can empathize with each other on is being involved too late in the development process. Ali Cuthbertson and Jason Telner realized that it wasn’t enough for teams to embrace the need for UX and security—they needed a method for integrating them into their agile development processes. Throughout the interview, Ali and Jason will be referencing a project they worked on together to help develop and foster a consistent process for in...
Designing for Cybersecurity Power Users with Tom Keenoy
November 29, 2023 10:00 - 33 minutes - 30.5 MBEver wonder what it’s like to design enterprise cybersecurity software? Tom Keenoy, a design leader for a cybersecurity company, explains why what you learned in design school may not apply when you’re building software for specialized power users (think: security analysts, IT administrators, devops). How do you get up-to-speed when designing for complex domains like cybersecurity? How do you adapt your design process for enterprise power users (spoiler: stripping away information...
Security Engineers Hate CAPTCHAs, Too with Jason Puglisi
November 17, 2023 10:00 - 40 minutes - 36.7 MBEver encountered a CAPTCHA and thought to yourself, “whoever decided to put this here must really hate people”? It turns out, the people who make the decisions to use CAPTCHAs hate them as much as you do. Jason Puglisi, an application security engineer, describes what teams like his think about when evaluating potential solutions to a security issue. (Spoiler: you’ll be pleased to know these considerations include how security solutions may affect the user experience). The surprisi...
Threat Modeling for UX Designers with Adam Shostack
November 09, 2022 11:00 - 40 minutes - 37.2 MBIn this episode, we talk about: Questions you should be asking to uncover information security threats early on in the design process. How to account for human behavior in a structured way as part of threat modeling (spoiler: this is not so different from what you are doing now). How to collaborate with an interdisciplinary team as part of an iterative design process to improve the user experience of security. Adam Shostack is an expert on threat modeling, having worked at Micro...
Designing Multi-Factor Authentication with Blair Shen and Bethany Sonefeld
October 19, 2022 13:02 - 38 minutes - 35.1 MBIn this episode we talk about: How designing for security is different from (and the same as) designing for other types of experiences. How to tackle aspects of the user experience that may be necessary but are perceived as annoying roadblocks. How to anticipate where things might go wrong for the user. How to effectively collaborate with technical teams. Bethany Sonefeld is the founder of Create With Conscience, a space dedicated to educating and committing to building healthi...
Unintended Consequences: What Questions Should Designers Be Asking? With Bethany Sonefeld
August 24, 2022 13:12 - 38 minutes - 35.4 MBIn this episode, we talk about: How do you tackle situations where business goals might be at odds with what’s ethical or what’s best for the human using the product? How can designers make a difference even if they don’t have a leadership role at their organization? How do you anticipate potentially unhealthy behaviors or unintended consequences? What are some actionable steps you can take today? Bethany Sonefeld is the founder of Create With Conscience, a space dedicated to ...
What Role Does the UX Team Play in Security? With Michael Snell
July 20, 2022 10:00 - 37 minutes - 34.4 MBHow do the UX, product, and technology teams effectively collaborate when it comes to security? How do we, as part of the UX team, take part in the security conversations and what role do we play? In this episode, we talk about: How Michael’s user research for dating apps helped him understand the unintended consequences of digital products on our behaviors. Why we need new frameworks for security and privacy in the digital world. How users’ perceptions and expectations for secu...
Testing for Usability and Security with Jeremiah Still
May 25, 2022 12:15 - 33 minutes - 30.9 MBIn this episode, we talk about: Where the fields of cognitive psychology, security, and user experience meet. Why Jeremiah and his team chose to investigate graphical authentication. How they cleverly incorporated testing both usability and security in their two-part study. The importance of research around learnability: is it easy for users to learn how to use your new authentication schema? Read Jeremiah’s research: Usability Comparison of Over-the-Shoulder Attack Resistant A...
Technical Users Care About UX, Too
March 09, 2022 12:51 - 28 minutes - 25.7 MBIn this episode, we talk about: Why technical users expect a great user experience just like everyone else. How to find and incentivize participants who are extremely busy. How to support users in making a decision without telling them what to do. Deciding what data to show and how to show it. Tanja Venborg Hansen is a seasoned user researcher who has worked in both the enterprise cybersecurity (Forcepoint) and aviation industries (Finnair). She earned a master of science degre...
Responsible Innovation in the Technology Industry with Chloe Poynton
December 08, 2021 13:31 - 41 minutes - 38 MBIn this episode, we talk about: What is responsible innovation and where can companies get started? How can companies take guiding principles, establish a framework, and operationalize that framework in a way that “informs decision-making in a meaningful way”? How are regulations impacting responsible innovation programs? What happens when an organization’s business model conflicts with responsible innovation principles? Chloe Poynton is the co-founder and principal at Article ...
Why Designers Need to Learn About Security with Jared Spool
November 10, 2021 12:41 - 47 minutes - 43.2 MBIn this episode, we talk about: Why security UX requires “selective usability” and how that poses unique challenges for designers. Thinking about security in terms of safety systems: putting the burden on the system rather than on the user. How to work effectively with the security team. And Jared shares lots of examples. Jared Spool is the founder of UX consultancy UIE and the co-founder of UX design school Center Centre. Interested in hearing more about what Jared has to say ...
Improve, Adapt, and Customize Cybersecurity Awareness Strategies and Metrics with Kate Brett Goldman
October 27, 2021 11:22 - 37 minutes - 34.7 MBIn this episode, we talk about: What’s next for the cybersecurity awareness industry. How to leverage qualitative and quantitative metrics (with similar challenges and opportunities to measuring the user experience). How to go about understanding and changing your organization’s cybersecurity culture. Kate Brett Goldman is the Founder and CEO of Cybermaniacs, an innovative cybersecurity awareness company. Prior to founding Cybermaniacs, Kate spent over 20 years developing soluti...
Everything You Wanted to Know About Security But Were Too Afraid to Ask with Ira Winkler
September 15, 2021 10:00 - 41 minutes - 38.1 MBIn this episode we talk about: Building a system in a way that, as Ira says, “a user cannot initiate a loss” What designers need to know about prevention, detection, and reaction when it comes to security What we can learn from safety science How designers can get a seat at the table when it comes to human security engineering Ira Winkler is the founder of Secure Mentem and Chief Information Security Officer at Skyline Technology Soutions. He is the author of seven books on s...
IoT Devices: Establishing Trust through Transparency with Matt Wyckhouse
August 24, 2021 21:17 - 44 minutes - 40.4 MBIn this episode we talk about: The security risks associated with IoT devices. Why IoT devices can be less secure than, for example, a mobile device. Supply chain security. How UX designers can more effectively communicate risk to their users. Prior to founding Finite State, Matt spent 15 years leading the research and development of advanced solutions to some of the hardest problems in cyber security, with experience across the spectrum of offensive and defensive cyber operati...
How an Anthropologist Approaches a Security Breach with Patricia Ensworth
August 11, 2021 11:24 - 40 minutes - 37.2 MBIn this episode, we talk about: How anthropology can help security teams uncover the “why” behind security breaches. Why it’s important for designers to familiarize themselves with information security risk management. What designers should know about quality assurance applied to security. How to fight for the time needed to build security into products. Patricia Ensworth is a business anthropologist whose work focuses on the human factors affecting the development and mainten...
Where do "people" fit in with process and technology? with Dr. Nikki Robinson
July 14, 2021 11:51 - 29 minutes - 27.2 MBIn this episode, we talk about: Why human factors is important when it comes to cybersecurity and why it’s still a relatively unexplored topic. The importance of communication and empathy in cybersecurity. Dr. Robinson’s research around low and medium vulnerabilities—and how their potential use in combination warrants additional attention. Dr. Robinson’s most recent research around “vulnerability chaining blindness” and why the words we use and a shared understanding are crucial...
Adapting the Human Factors Analysis and Classification System to Cybersecurity with Robin Bylenga
June 30, 2021 12:16 - 34 minutes - 32 MBDuring this episode, we talk about: How an insider threat at her own company led Robin into cybersecurity. Why looking at the human side of errors and using a framework like HFCAS can help identify the root cause of the problem. How Robin’s research challenges the idea that “humans are the weakest link.” How HFACS can be applied to cybersecurity’s existing frameworks. Robin Bylenga is a seasoned client-facing expert, having drawn her initial skills early in her career as a flig...
Avoid the Temptation to Start Cybersecurity Conversations with “You’re Doing It Wrong” with Ryan Cloutier
June 16, 2021 11:45 - 39 minutes - 36.1 MBIn this episode, we talk about: How security experts can more effectively communicate with end users. The issue of delayed consequences in the digital realm and how that impacts how people behave. The role accountability plays in improving information security. Ryan Cloutier is the principal security consultant for SecurityStudio. He is an experienced IT/cybersecurity professional with over 15 years experience developing cybersecurity programs for Fortune 500 organizations. Ryan...
Cybersecurity Risk Management for UX Practitioners with Natalie Hill
May 19, 2021 11:48 - 37 minutes - 34.6 MBIn this episode we talk about: Thinking about cybersecurity risk from a UX practitioner’s perspective. Balancing ease of use while not introducing unnecessary risk. Building personas and scenarios for bad actors so you can make conscious decisions about how controls might be circumvented. The importance of content strategy and collaborating with UX writers. Tips for conducting user research when it’s difficult to get access to end users. Natalie Hill is a senior product design...
Expectation vs. Outcome: Accounting for Human Behavior with Dr. Alexander Stein
May 05, 2021 12:05 - 35 minutes - 32.8 MBDuring this episode, we talk about: Why looking for a silver bullet for cybersecurity is hopeless. Like any human issue, it is a multi-dimensional and complex. Expectations versus outcomes: how we must take into account how “things will play out when you involve people.” "Changing how people think and behave is complicated, non-linear, painstaking, and does not conform to your expectations.” Despite this, understanding and accounting for people when it comes to cybersecurity is c...
How Do You Get People to Care About Cybersecurity? with Laura Nespoli
February 24, 2021 14:50 - 28 minutes - 26.4 MBLaura Nespoli is founder of Meshin Movement, a brand strategy consultancy. Laura has spent her career serving as a strategic problem-solver and brand storyteller across the sales marketing spectrum in many facets--from agency to client-side, media to creative, market research to integrated marketing planning. Her professional focus is in helping brands and teams reveal business opportunity and advantage while her passion is rooted in inspiring ideas that serve the world for greater...
We All Have Been the “Stupid User” at Some Point with Dr. Margaret Cunningham
February 10, 2021 12:11 - 34 minutes - 31.8 MBDr. Margaret Cunningham is an experimental psychologist and the Principal Research Scientist for Human Behavior at Forcepoint’s X-Lab. In this role, she serves as the behavioral science subject matter expert in an interdisciplinary security team driving the development of human-centric security solutions. Previously, she supported the Human Systems Integration branch of The Department of Homeland Security. In this episode, we talk about: Why saying “people are the weakest link”...
Using Analogies to Help People Understand Information Security with Brian Murphy
February 03, 2021 13:17 - 21 minutes - 19.7 MBBrian Murphy, a security specialist at GreyCastle Security, is a technology, information security, and risk management professional. He assists with the development and implementation of cybersecurity solutions for a variety of industries. Brian has knowledge of PCI, SOX, GLBA compliance requirements, as well as ISO and NIST standards and regulations. On this episode we talk about: How we are constantly doing risk assessments in our everyday life. At least, we should be. How usin...
What can we learn from human factors programs in other industries? with Dr. Calvin Nobles
January 27, 2021 13:18 - 41 minutes - 37.6 MBDr. Nobles is a cybersecurity scientist and human factors practitioner with more than 25 years of experience. He retired from the U.S. Navy and currently works in the financial services industry. Dr. Nobles recently completed a Cybersecurity Policy Fellowship with the New America Think Tank in Washington, D.C. In this episode we talk about: What human factors is and what a human factors engineer does. Chronic fatigue and stress in the cybersecurity industry. What approaches the ...
Managing Risk Through Two-Way Communication with Alexandra Panaretos
January 20, 2021 13:44 - 31 minutes - 29.2 MBAlex is the EY Americas Cybersecurity Lead for Secure Culture Activation. With a background in sports broadcasting and operational security, she is experienced in security communications and education, awareness program development, the psychology of social engineering, and behavior analytics. In her free time, she is a mother of three and she volunteers with law enforcement agencies and neighborhood organizations to educate community members, elder care organizations, children and ...
Improving the User Experience with Passwordless Security with Yan Grinshtein
January 13, 2021 13:28 - 34 minutes - 31.9 MBYan Grinshtein is an HCI and accessibility certified human-centered design leader, speaker, and mentor. Currently the head of design at HYPR, Yan has over 20 years of experience as a creative and design leader. He has worked on three different continents across four countries with companies ranging from Fortune 500 to startups, some of which have become multi-billion dollar companies today. You can follow Yan on Medium or Linkedin. In this episode, we talk about: How to design bet...
How to Design Great User Experiences in a Complicated Cybersecurity Ecosystem with Christian Rohrer
January 06, 2021 13:48 - 42 minutes - 39.2 MBChristian Rohrer is Senior Director, User Experience at McAfee, returning to the company after a 5-year hiatus during which he was Founder and Principal at XD Strategy, a UX strategy consultancy, and former Vice President of Design, Research and Enterprise Services at Capital One. He has also led UX teams at Realtor.com, eBay, and Yahoo!. Christian holds a Bachelors in Computer Science from UC Santa Cruz and a Ph.D in Cognitive Science and Education from Stanford University. Christ...
Using Self-Sovereign Identity as the Foundation for Secure, Trusted Digital Relationships with Kaliya Young
December 23, 2020 14:11 - 30 minutes - 27.9 MBIn this episode we talk about: What Kaliya describes as a new “layer” to the Internet to support decentralized identity, much like how html or email supported what came next. The importance of open standards. How to build a “digital wallet” paradigm that makes sense to people. What SSI means for businesses/business models. Kaliya is the co-author of “Comprehensive Guide to Self-Sovereign Identity,” and author of “Domains of Identity.” She is also one of the co-founders of the I...
Reframing the Information Security Conversation for Business Owners with Jim Nelson
December 16, 2020 13:55 - 40 minutes - 37.3 MBJim Nelson, Senior Security Consultant for Innovative Solutions, has been working with organizations to help raise their security posture based on their risk for the last 17 years. In this episode, we talk about: How to reframe the security conversation so business owners understand that an investment in security is taking a proactive stance. Ultimately, you have to empathize with business owners. Why fear-based tactics may not be the best solution in getting people to care about...
The Role of Storytelling in Cybersecurity Awareness Training with Gabriel Friedlander
December 08, 2020 17:00 - 44 minutes - 40.6 MBGabriel has been studying human behavior for a long time. His first company, ObserveIT, an insider threat management platform recently acquired by Proofpoint, dealt with monitoring and reporting on out-of-policy employee behavior. Today, as the founder of Wizer, a security awareness training platform, Gabriel is focused on ensuring, as he put it, “security awareness is a basic human skill.” In fact, not only is Wizer’s training user-friendly and in digestible chunks, most of it is f...