The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Player FM - Internet Radio Done Right
Checked 8d ago
Added four years ago
Content provided by Heidi Trost. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Heidi Trost or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Human-Centered Security
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Big tech is transforming every aspect of our world. But how, and at what cost? This season of Land of the Giants – The Disney Dilemma – focuses on Disney’s ability to weather the ups and downs of the business cycle and changing tastes and explores what has kept it successful for over 100 years. The entertainment giant has leveraged nostalgia and its intellectual property to build a beloved brand, but after an acquisition spree that included Marvel, Lucasfilm, and 20th Century Fox, can it sus ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
V
Via Podcast
1 Close Encounters with UFO Hot Spots: Area 51, Roswell, and the Great ET Road Trip 39:50
39:50 
Play Later 
Play Later 
Lists 
Like 
Liked39:50
Play Later
Play Later
Lists
Like
LikedThe truth is out West! We’re hopping on the ET Highway and venturing to the most notorious alien hot spots, including Roswell’s infamous crash site, Area 51’s eerie perimeter, and a mysterious desert watchtower. Join us as journalist Laura Krantz, host of the podcast Wild Thing , beams up to share stories from the front lines of UFO reporting—from strange sightings and quirky festivals to a mailbox where people leave letters to extraterrestrials. Maybe you’ll even decide for yourself: Is Earth a tourist stop for spaceships? UFO hot spots you’ll encounter in this episode: - UFO Watchtower (near Great Sand Dunes National Park, Colorado) - Roswell, New Mexico - Area 51, Nevada - Extraterrestrial Highway (aka State Route 375), Nevada - Little A’Le’Inn, ET Highway, Nevada - E.T. Fresh Jerky, ET Highway, Nevada - Alien Research Center, ET Highway, Nevada - The Black Mailbox, ET Highway, Nevada Via Podcast is a production of AAA Mountain West Group .…
Learning and Iterating Are Key to Improving the Security User Experience with Kevin Goldman
Manage episode 399686028 series 2836702
Content provided by Heidi Trost. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Heidi Trost or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Designing for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to stay ahead of threat actors. In other words, what may have been relatively effective yesterday might not be effective tomorrow. Exactly why the security user experience is so exciting!
Thankfully, Kevin Goldman shares my enthusiasm. Kevin is a design executive whose most recent focus has been in identity and access management. Kevin is the Chair of the UX Working Group at the FIDO Alliance, a nonprofit global industry organization that has developed the standards for passkeys.
During this episode, Kevin and I talk about:
- How to get buy-in for a human-centered approach to the security user experience.
- A key moment when Kevin and in his team faced a UX challenge with passkeys that forced them to take a step back and re-evaluate their approach.
- The surprising findings and resolution after they dug deeper to understand the problem.
- How Kevin worked with his cross-disciplinary team members to identify tradeoffs in usability and security and how they worked through them.
56 episodes
ShareManage episode 399686028 series 2836702
Content provided by Heidi Trost. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Heidi Trost or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Designing for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to stay ahead of threat actors. In other words, what may have been relatively effective yesterday might not be effective tomorrow. Exactly why the security user experience is so exciting!
Thankfully, Kevin Goldman shares my enthusiasm. Kevin is a design executive whose most recent focus has been in identity and access management. Kevin is the Chair of the UX Working Group at the FIDO Alliance, a nonprofit global industry organization that has developed the standards for passkeys.
During this episode, Kevin and I talk about:
- How to get buy-in for a human-centered approach to the security user experience.
- A key moment when Kevin and in his team faced a UX challenge with passkeys that forced them to take a step back and re-evaluate their approach.
- The surprising findings and resolution after they dug deeper to understand the problem.
- How Kevin worked with his cross-disciplinary team members to identify tradeoffs in usability and security and how they worked through them.
56 episodes
All episodes
×
H
Human-Centered Security
1 XDR, EDR, SIEM, SOAR…Snooze: Cybersecurity Marketing Real Talk with Gianna Whitver 34:09
34:09 Play Later Play Later Lists Like Liked34:09
Play Later Play Later Lists Like LikedYou're a founder with a great cybersecurity product—but no one knows or cares. Or you're a marketer drowning in jargon (hey, customers hate acronyms, too), trying to figure out what works and what doesn’t. Gianna Whitver, co-founder of the Cybersecurity Marketing Society, breaks down what the cybersecurity industry is getting wrong—and right—about marketing. In this episode, we talk about: Cyber marketing is hard (but you knew that already). It requires deep product knowledge, empathy for stressed buyers, and clear, no-FUD messaging. Building authentic, value-driven communities leads to stronger cybersecurity marketing impact. Don’t copy the marketing strategies of big enterprises. Instead, focus on clarity, founder stories, and product-market fit. Founder-led marketing works. Early-stage founders can break through noise by sharing personal stories. Think twice before listening to the advice of “influencer” marketers. This advice is often overly generic. Or, you’re following advice of marketers marketing to marketers (try saying that ten times fast). In other words, their advice is probably not going to apply to cybersecurity. Gianna Whitver is the co-founder and CEO of the Cybersecurity Marketing Society , a community for marketers in cybersecurity to connect and share insights. She is also the podcast co-host of Breaking Through in Cybersecurity Marketing podcast, and founder of LeaseHoney, a place for beekeepers to find land.…
H
Human-Centered Security
1 Here Comes the Sludge with Kelly Shortridge and Josiah Dykstra 43:23
43:23 Play Later Play Later Lists Like Liked43:23
Play Later Play Later Lists Like LikedUsers, threat actors, and the system design all influence—and are influenced by—one another. To design safer systems, we first need to understand the players who operate within those systems. Kelly Shortridge and Josiah Dykstra exemplify this human-centered approach in their work. In this episode we talk about: The vital role of human factors in cyber-resilience—how Josiah and Kelly apply a behavioral-economics mindset every day to design safer, more adaptable systems. Key cognitive biases that undermine incident response (like action bias and opportunity costs) and simple heuristics to counter them. The “sludge” strategy: deliberately introducing friction to attacker workflows to increase time, effort, and financial costs—as Kelly says, “disrupt their economics.” Why moving from a security culture of shame and blame to one of open learning and continuous improvement is essential for true cybersecurity resilience. Kelly Shortridge is VP, Security Products at Fastly, formerly VP of Product Management and Product Strategy at Capsule8. She is the author of Security Chaos Engineering: Sustaining Resilience in Software and Systems . Josiah Dykstra is the owner of Designer Security, human-centered security advocate, cybersecurity researcher, and former Director of Strategic Initiatives at Trail of Bits. He also worked at the NSA as Technical Director, Critical Networks and Systems. Josiah is the author of Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us . During this episode, we reference: Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Sludge for Good: Slowing and Imposing Costs on Cyber Attackers,” arXiv preprint arXiv:2211.16626 (2022). Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Opportunity Cost of Action Bias in Cybersecurity Incident Response,” Proceedings of the Human Factors and Ergonomics Society Annual Meeting , 66, Issue 1 (2022): 1116-1120.…
H
Human-Centered Security
1 Human-Centered Security In the Wild: Jordan Girman and Mike Kosak On Security and Product Team Collaboration at Lastpass 40:04
40:04 Play Later Play Later Lists Like Liked40:04
Play Later Play Later Lists Like LikedImagine a world where product teams collaborate with security teams. Where product designers can shadow their security peers. A place where security team members believe communication is one of the most important skillsets they have. These are key attributes of human-centered security—the type of dynamics Jordan Girman and Mike Kosak are fostering at Lastpass. In this episode, we talk about: What cross-disciplinary collaboration looks like at Lastpass (for example, a product designer is shadowing the security team). A set of principles for designing for usable security and privacy. Why intentional friction might be counterintuitive to designers but, used carefully, is critical to designing for security. When it comes to improving security outcomes, the words you use matter. Mike explains how the Lastpass Threat Intelligence team thinks about communicating what they learn to a variety of audiences. How to build a threat intelligence program within your organization--even if you have limited resources. Jordan Girman is the VP of User Experience at Lastpass . Mike Kosak is the Senior Principal Intelligence Analyst at Lastpass. Mike references a series of articles he wrote, including “Setting Up a Threat Intelligence Program From Scratch.”…
H
Human-Centered Security
1 Dear Security Vendors, Here’s What Security Teams Want You to Know with Paul Robinson 36:41
36:41 Play Later Play Later Lists Like Liked36:41
Play Later Play Later Lists Like LikedWhere are security tools failing security teams? What are security teams looking for when they visit a security vendor marketing website? Paul Robinson, security expert and founder of Tempus Network, says, “Over-promising and under-delivering is a major factor in these tools. The tool can look great in a demo—proof of concepts are great, but often the security vendor is just putting their best foot forward. It's not really the reality of the situation.” Paul’s advice for how can security vendors do better? Start by admitting security isn’t just a switch you flip—it’s a journey. Security teams aren’t fooled by glitz and glamour on your marketing website. They want to see how you addressed real problems. Incredible customer service can make a small, scrappy cybersecurity product stand out from larger, slower-moving vendors. Cybersecurity vendors need to get onboarding right (it’s a make or break aspect of the user experience). There are more variables than you think—not only technology but also getting buy-in from employees, leadership, and other stakeholders. Think about the user experience not only of the person using the security product, but the people at the organization who will be impacted by the product. Looking for a cybersecurity-related movie that is just a tad too plausible? Paul recommends Leave the World Behind on Netflix.…
H
Human-Centered Security
1 From Tools to Teammates: (Dis)Trust in AI for Cybersecurity with Neele Roch 36:47
36:47 Play Later Play Later Lists Like Liked36:47
Play Later Play Later Lists Like LikedWhen we collaborate with people, we build trust over time. In many ways, this relationship building is similar to how we work with tools that leverage AI. As usable security and privacy researcher Neele Roch found, “on the one hand, when you ask the [security] experts directly, they are very rational and they explain that AI is a tool. AI is based on algorithms and it's mathematical. And while that is true, when you ask them about how they're building trust or how they're granting autonomy and how that changes over time, they have this really strong anthropomorphization of AI. They describe the trust building relationship as if it were, for example, a new employee.” Neele is a doctoral student at the Professorship for Security, Privacy and Society at ETH Zurich. Neele (and co-authors Hannah Sievers, Lorin Schöni, and Verena Zimmermann) recently published a paper, “Navigating Autonomy: Unveiling Security Experts’ Perspective on Augmented Intelligence and Cybersecurity,” presented at the 2024 Symposium on Usable Privacy and Security. In this episode, we talk to Neele about: How security experts’ risk–benefit assessments drive the level of AI autonomy they’re comfortable with. How experts initially view AI: the tension between AI-as-tool vs. AI-as-“teammate.” The importance of recalibrating trust after AI errors—and how good system design can help users recover from errors without losing their trust in it. Ensuring AI-driven cybersecurity tools provide just the right amount of transparency and control. Why enabling security practitioners to identify, correct, and learn from AI errors is critical for sustained engagement. Roch, Neele, Hannah Sievers, Lorin Schöni, and Verena Zimmermann. "Navigating Autonomy: Unveiling Security Experts' Perspectives on Augmented Intelligence in Cybersecurity." In Twentieth Symposium on Usable Privacy and Security (SOUPS 2024) , pp. 41-60. 2024.…
H
Human-Centered Security
1 Introducing Human-Centered Security: The Book 32:08
32:08 Play Later Play Later Lists Like Liked32:08
Play Later Play Later Lists Like LikedIn this episode, Heidi gets a taste of her own medicine and is interviewed by co-host John Robertson about her newly-released book Human-Centered Security: How to Design Systems That Are Both Safe and Usable . We talk about: Why Heidi’s experience as a UX researcher prompted her to write Human-Centered Security . Places in the user journey where security impacts users the most. Why cross-disciplinary collaboration is important—find your security UX allies (people in security, legal, privacy, engineering, product managers, to name a few). Practical security UX tips like secure by default, guiding the user along the safe path, and being really careful about the words you use. Technical users—IT admins, engineers, security analysts—are users, too and why it’s so important to thoughtfully design the security user experience for them. (Spoiler: they help keep the rest of us safe!)…
H
Human-Centered Security
1 Threat Actors Leverage Behavioral Science; Security Teams Should, Too with Matt Wallaert 39:21
39:21 Play Later Play Later Lists Like Liked39:21
Play Later Play Later Lists Like LikedThe cybersecurity industry often fixates on “behavior change,” expecting users to take on unrealistic tasks instead of designing safer, smarter systems. Matt Wallaert (founder of BeSci.io and author of Start at the End: How to Build Products that Create Change ) explains behavioral science isn't about forcing behavior change. Instead, it's about understanding people so a thoughtfully-designed system can influence more secure outcomes. Whether you’re a UX designer, a security engineer, or a CISO, you influence security behaviors. Here’s how you can move towards more secure outcomes: Stay Ahead of Threat Actors : Cybercriminals use behavioral science to their advantage. People designing the security user experience must not only catch up but outpace them. Define Clear Outcomes : Don’t just say “we want users to be secure.” Know exactly what behaviors you want and why. Vague goals lead to vague results.(as Matt explains, saying things like “I want people to be more secure” isn’t helpful. In fact, many people don’t know what “more secure” means in the context of their product or organization). Ask Better Questions : Use tools like the “sufficiency test.” For example, sure, it might be nice if users created complex passwords—but users don’t necessarily have to be the ones doing it. Why can’t the system create a complex password for them (as password managers do)? Understand promoting and inhibiting pressures . These concepts will help you design systems that are more resilient because they are built with people in mind. There are reasons people do and do not do things—when you understand why, you can develop systems that will be more effective in encouraging the behaviors you want. Security practitioners: tired of being perceived as the “department of no”? Matt explains how behavioral science can help you better collaborate with cross-disciplinary teams. Bonus: UX designers, after this episode you may never create another persona.…
H
Human-Centered Security
1 Tech & Law: The Power of Understanding Both With Justine Phillips 45:24
45:24 Play Later Play Later Lists Like Liked45:24
Play Later Play Later Lists Like Liked“Technical people need to better understand the laws and regulations and lawyers need to better understand the technology and processes in place. When that happens, when those worlds come together, that’s where you can meaningfully make things happen.” -Justine Phillips, Partner at Baker McKenzie In this episode, we talk about: Essential questions product teams should ask legal experts when integrating AI into new products and features. In particular, why it’s important for designers and engineers to question the source of the data they are using for AI-powered products and features. The need to anticipate international security and privacy regulations, which are constantly changing, including emerging regulations that could impact companies developing IoT devices. Justine Phillips is a Partner at Baker McKenzie, where she is co-chair of data+cyber for the Americas. She is the author of Data Privacy Program Guide: How to Build a Privacy Program That Inspires Trust .…
H
Human-Centered Security
1 Complexity Undermines Security With Bill Bonney, Gary Hayslip, and Matt Stamper 47:11
47:11 Play Later Play Later Lists Like Liked47:11
Play Later Play Later Lists Like LikedWhat do CISOs have to say about the security tools their teams use?: “When we introduce a level of complexity in the system, it undermines security. Every moment wasted trying to use a tool effectively benefits the adversary.” - Matt Stamper In this episode, we talk to cybsecurity leaders Bill Bonney, Gary Hayslip, and Matt Stamper about: The ever-evolving role of the CISO and what CISOs care about most. What product teams designing security software need to understand: Security tools need to operate across varied ecosystems (which means your product team needs to understand those ecosystems). Complexity is the enemy of security. Yes, UX matters. Context-switching means security teams waste time. Instead, security tools need to present the right information at the right time. Why CISOs are excited to leverage AI in security tools—and what concerns them the most. Bill Bonney, Gary Hayslip, and Matt Stamper are seasoned CISOs and cybersecurity leaders. They are co-founders of the CISO Desk Reference Guide—a series of books including topics such as security policy, third-party risk, privacy, and incident response—which provide actionable insights for security leaders.…
H
Human-Centered Security
1 Security Tools Don’t Get a Free Pass When It Comes to Human-Centered Design with Jaron Mink 43:30
43:30 Play Later Play Later Lists Like Liked43:30
Play Later Play Later Lists Like LikedIn this episode, we talk about: Security tools don’t get a free pass when it comes to involving end users as part of the design process. People studying and building ML-based security tools make a lot of assumptions. Instead of wasting time on assumptions, why not learn from security practitioners directly? Businesses (and academia) are investing a great deal in building ML-based security tools. But are those tools actually useful? Are they introducing problems you didn’t anticipate? And even if they are useful, how do you know security practitioners will adopt them? Why are adversarial machine learning defenses outlined in academic research not being put into practice? Jaron outlines three places where there are significant roadblocks: First, there are barriers to developers being aware of these defenses in the first place. Second, developers need to understand how the threats impact their systems. And third, they need to know how to effectively implement the defenses (and, importantly, be incentivized to do so). Jaron Mink is an Assistant Professor in the School of Computing and Augmented Intelligence at Arizona State University focused on the intersection of usable security, machine learning, and system security. In this episode, we highlight two of Jaron’s papers: “Everybody’s Got ML, Tell Me What Else Do You Have”: Practitioners’ Perception of ML-Based Security Tools and Explanations.” “Security is not my field, I’m a stats guy”: A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry…
H
Human-Centered Security
1 Leverage UX Research to Improve the Security User Experience with Serge Egelman 31:32
31:32 Play Later Play Later Lists Like Liked31:32
Play Later Play Later Lists Like LikedIn this episode, we talk about: The role misaligned incentives play in security behaviors. How Serge and his team approach security-focused UX research. Looking upstream at the security decisions made by software engineers and, in turn, the situations they are often placed in due to resource constraints and competing priorities at their organizations. Learning from other industries with highly-skilled professionals (shout-out to the humble check list!) Regulations and policy changes will likely place greater liability on the organizations shipping software. Serge Egelman is the Founder and Chief Scientist at AppCensus and Research Director at International Computer Science Institute (ICSI). He’s written countless research papers on usable security and privacy. Most recently, his research centers around improving the user experience for users who are responsible for safeguarding their customer’s data (such as software engineers).…
H
Human-Centered Security
1 Help Security Analysts Tell the Story Behind the Threats with Shante Perrin 28:58
28:58 Play Later Play Later Lists Like Liked28:58
Play Later Play Later Lists Like LikedShante Perrin, a cybersecurity leader, and her team use cybersecurity software to not only to detect and respond to cybersecurity threats but also, as Shante describes, to help paint a picture for their customers: “We like to build a timeline of events to build that picture, create that story so we can deliver it to the customer and explain why we felt it is suspicious. In other words, why are we bothering you about this?” In this episode, we talk about: Building stories from data: analysts must translate technical information into clear, understandable narratives for customers. If people designing cybersecurity software can design better, more effective experiences for analysts, analysts can do a better job of communicating these narratives to their customers. How security analysts at different levels perceive and handle threats differently—and how that changes what they need or expect from cybersecurity software. How thinking like an attacker can help security analysts—but only if the tools they use provide them with the right information at the right time. Shante Perrin is a cybersecurity leader and is currently the director of a managed services team. She led a cybersecurity team for a Fortune 100 company as an MSSP and has been a security analyst and security operations center (SOC) lead.…
H
Human-Centered Security
1 Putting Human-Centered Security Into Practice with Julie Haney 50:50
50:50 Play Later Play Later Lists Like Liked50:50
Play Later Play Later Lists Like LikedIn this episode, we talk about: The need for human-centered security—in order for security measures to be effective, they must center around people, making usability as crucial as technology. We explore the gap between research and practice, highlighting the need to bring cybersecurity research into real-world application. Human-centered security research can’t possible be effective if no one knows about it or finds it challenging to implement. The importance of collaboration, advocating for more shared spaces where researchers and practitioners can come together to address pressing cybersecurity challenges. Julie Haney is a Computer Scientist and Human-Centered Security Researcher and program lead at NIST (National Institute of Standards and Technology). She was formerly a Computer Scientist at the United States Department of Defense. In the episode we refer to two of Julie’s publications: “From Ivory Tower to Real World: Building Bridges Between Research and Practice in Human-Centered Cybersecurity” and “Towards Bridging the Research-Practice Gap: Understanding Researcher-Practitioner Interactions and Challenges in Human-Centered Cybersecurity.”…
H
Human-Centered Security
1 So Much Data, So Little Time—Designing for Security Workflows with Tom Harrison 31:07
31:07 Play Later Play Later Lists Like Liked31:07
Play Later Play Later Lists Like LikedSecurity analysts respond to security detections and alerts. As part of this, they have to sift through a mountain of data and they have to do it fast. Not in hours, not in days. In minutes. Tom Harrison, security operations manager at Secureworks, explains it perfectly, “We have a time crunch and it’s exacerbated by the other big issue security analysts have: we have an absolute ton of data that we have to sift through.” In this episode: Tom explains that security analysts are forced to go back to a pile of data with each subsequent question in their workflow. That’s a huge waste of time. And a terrible user experience. Tom says, “It would lead to better accuracy, faster triage, and a better user experience if you can just take me directly to the answer or at the very least a subsection that has the answer I’m looking for.” What does this mean for you as a UX designer designing security products? You need a deep understanding of security analyst workflows to help them identify and respond to attacks as quickly as possible. That way, you can design security products that support users who are under intense pressure to do things quickly. Tom describes how the UX can “guide or complement the workflow.” Tom talks about what gets him excited about integrating AI into security analyst workflows—and what has him worried, as well. Tom Harrison is a Security Operations Manager at Secureworks. We dubbed Tom an “ideas machine” and a fierce advocate for the security analyst user experience. In fact, Tom is conducting UX research in the field better than most UX researchers. He’s a passionate teacher and shares his knowledge and resources in a free security reference guide .…
H
Human-Centered Security
1 Threat Modeling Parts of the User Journey That Cost Your Business Money With Adam Shostack 47:01
47:01 Play Later Play Later Lists Like Liked47:01
Play Later Play Later Lists Like Liked“Even though usability and security tradeoffs will always be with us, we can get much smarter. Some of the techniques are really simple. For one, write everything down a user needs to do in order to use your app securely. Yeah, keep writing.” In this episode, we talk about: What is threat modeling and why should product teams and UX designers care about it? (Also check out Adam’s first episode on Human-Centered Security ). Focus on parts of the user journey where you might gain or lose customers: what tradeoffs between usability and security are you making here? Involve a cross-disciplinary team from the very beginning. This is critiical: “How do we get focused on the parts of the problem that matter so we don’t spend forever on the wrong stuff?” Adam Shostack is an expert on threat modeling, having worked at Microsoft and currently running security consultancy Shostack + Associates . He is the author of The New School of Information Security , Threat Modeling: Designing for Security and Threats: What Every Engineer Should Learn From Star Wars . Adam’s YouTube channel has entertaining videos that are also excellent resources for learning about threat modeling.…
H
Human-Centered Security
1 No Room for Hype When Integrating AI Into Cybersecurity Products with John Robertson and Siddharth Hirwani 35:58
35:58 Play Later Play Later Lists Like Liked35:58
Play Later Play Later Lists Like Liked“UX design can enhance the overall performance, adoption, and impact in cybersecurity tools that leverage AI, making the tools more accessible to a broader range of users, including those who don’t have deep technical or security knowledge.” In this episode, Siddharth Hirwani and John Robertson talk about: Pressures and challenges security analysts face and how AI can help. Moving beyond AI hype and focusing on integrating AI in a way that genuinely addresses security analyst’s needs. How UX design can foster trust and adoption of AI tools, while still encouraging analysts to verify AI outputs. John and Siddharth highlight problems like over-reliance and bias and how UX can be leveraged to address these concerns. Siddharth Hirwani is Senior Principal Product Designer interested in exploring the critical intersection of user experience and cybersecurity. John Robertson is a researcher interested in the experience of technical users, especially those in cybersecurity. Recently his focus has been understanding workflows of cybersecurity analysts in security operations centers. Siddharth and John will be presenting their paper “Cybersecurity Analyst’s Perception of AI Security Tools and Practical Implications” at USENIX SOUPS (Symposium on Usable Privacy and Security) in August 2024.…
H
Human-Centered Security
1 What Do You Know About Alert Fatigue? An Interview with John Robertson 19:31
19:31 Play Later Play Later Lists Like Liked19:31
Play Later Play Later Lists Like Liked“People try to talk about the technical user experience at too high of a level. You talk about alert fatigue and you kind of understand what alert fatigue is just by the name. Yeah, there’s a lot of alerts. But watching it in action is different.” In this episode, Heidi interviews John about what he’s learned about designing for security analysts. We talk about: The importance of understanding user workflows. “Alert fatigue” is just a saying until you actually observe it in action. While trust is hard to measure, it’s critical for improving the security user experience. Practical tips on how to promote cross-disciplinary collaboration. John Robertson is a researcher interested in the experience of technical users, especially those in cybersecurity. Recently his focus has been understanding workflows of Cybersecurity Analysts in Security Operations Centers.…
H
Human-Centered Security
1 How to Build Trust Through the User Experience with Carlie Hundt and Devon Hirth 45:04
45:04 Play Later Play Later Lists Like Liked45:04
Play Later Play Later Lists Like LikedCarlie Hundt and Devon Hirth believe a UX designer’s role is to “lift up the voices of the people trying to access and use government services.” Trust is really important. How do we build trust through the user experience, particularly when you are asking for personal information? In this episode, we talk about: Leveraging storytelling to “share with our government partners the real experience of real people who are trying ot access government services.” Why you need to anticipate where users might question, “Why are you asking for this? What are you going to do with this information?” Providing flexibility in the user experience. Carlie refers to this as “many welcoming doors.” When and why you might give users the option to sign up for services without requiring them to create an account. Both Carlie Hundt and Devon Hirth work for Code for America, a civic tech non-profit, in the Safety Net Innovation Lab. Carlie is Staff Product Designer and Devon is Staff User Experience Designer.…
H
Human-Centered Security
1 Understand the Holistic Experience to Improve Cybersecurity Products with Lindsey Wallace 50:33
50:33 Play Later Play Later Lists Like Liked50:33
Play Later Play Later Lists Like LikedWhen thinking about building products for security teams, we often emphasize the technical side: reduced false positives, new detection techniques, and automation. But what about asking things like: how do security teams work together? What excites a security analyst about their job? How can we help them do more of that? What does the experience look like across a suite of cybersecurity products? To improve the user experience for security teams—and improve security outcomes—you have to think holistically. In this episode, we talk about: How a centralized UX research team fosters meta-analysis across different personas, workflows, and a suite of products. Why in-person research—like visiting a security operations center (SOC)—is so important for UX researchers building security products. Creative ways of engaging with customers and learning from them. Why her UX research team has taken ownership over UX metrics and analytics. Why asking stakeholders a simple question: “What kind of evidence are you looking for?” can save you a lot of time and frustration. Lindsey Wallace is the Director of Design Research and Strategy at Cisco Security Design. She has a PhD in Anthropology and previously worked at Adobe.…
H
Human-Centered Security
1 Include Users with Disabilities in Your Security UX Research with Joyce Oshita 49:29
49:29 Play Later Play Later Lists Like Liked49:29
Play Later Play Later Lists Like LikedAre you inadvertently designing a security user experience that makes it less likely your users will choose the most secure option for them? Are security-related roadblocks preventing people from using your service? In order to design inclusive experiences—including accessible experiences—you must include users with disabilities in your research. In this episode, we talk about: Including users with disabilities as a co-creation exercise—not something you “check off” as part of your UX research. Why flexibility is so important when it comes to the security user experience. The importance of storytelling to help teams design accessible experiences. Joyce’s experience when encountering a CAPTCHA using a screen reader (and listen to an example), where she is prevented from completing a form. Why Joyce believes “today’s frustration will be the field for tomorrow’s innovation.” Joyce Oshita is a Certified Professional in Web Accessibility, accessibility trainer and educator, and advisor for the FIDO Alliance task force. Joyce created the Digital Overload series , which documents her experiences using digital services while using a screen reader. Also check out the W3C Web Accessibility Initiative (WAI) Web Accessibility Perspective Videos.…
H
Human-Centered Security
1 Leveraging Data Science to Help Security Teams with Serge-Olivier Paquette 41:58
41:58 Play Later Play Later Lists Like Liked41:58
Play Later Play Later Lists Like LikedHow do you help security teams understand what happened and what to do next? Data science can help with that. Serge-Olivier Paquette, CPO at threat intelligence and analytics platform Flare, combines product, cybersecurity, and data science expertise to develop cutting-edge products and experiences that help security teams make informed decisions. In this episode: The best explanation of data science you’ve ever heard. Why you need to skeptical of data science models. How to leverage data science to be more helpful to security teams. How to build trust—particularly when tools can increasing perform actions on behalf of users. Serge-Olivier Paquette is CPO at Flare, a cybersecurity platform that helps organizations proactively identify security threats. He works at the intersection of product management, data science, cybersecurity, and platform engineering. Serge-Olivier was previously tech lead and senior manager at Secureworks.…
H
Human-Centered Security
1 What Designers Need to Know About Digital Identity and Access with David Mahdi 45:27
45:27 Play Later Play Later Lists Like Liked45:27
Play Later Play Later Lists Like LikedWhat do the terms digital identity and access mean for the user experience? David Mahdi, CIO at Transmit Security and digital identity and cybersecurity expert, breaks it all down in this episode. We talk about: Access-related terms you need to understand: Digital identity, authentication, and authorization. Why so many security problems are, in fact, access problems. User experience implications. The future of digital identity and what it might mean for your product and your users. David Mahdi is the CIO at Transmit Security, former Gartner research VP, and was previously CSO at Sectigo. An IAM leader and visionary, David is an expert in digital identity, cryptography, and cybersecurity.…
H
Human-Centered Security
1 Bake Security Into the DNA of Your Product and Improve the Security User Experience with Darren Thomas and Margaret Cunningham 41:09
41:09 Play Later Play Later Lists Like Liked41:09
Play Later Play Later Lists Like LikedWe start the episode discussing a very serious topic: emojis. Then we get back to your regularly scheduled programming. How would you approach security if you were building something from scratch? How would you address security user experience challenges? Darren Thomas and Margaret Cunningham from Wethos AI talk about how they’ve built security into their product and how cross-disciplinary collaboration helps them improve the security user experience. In this episode, we talk about: How to build security into your product development lifecycle when you need move quickly. How to anticipate—and design for—security and privacy concerns. Why getting users to the product’s value faster and relates to the security user experience. Darren Thomas is the co-founder and Chief Product Officer at Wethos AI, a platform that helps people and teams connect and understand one another to improve both individual and team performance. Darren is also the founding team member and head of product at NumberOne AI. A veteran in product management within the security industry, Darren has previously worked at Tenable and McAfee. Margaret Cunningham is an experimental psychologist and is Chief Scientist at Wethos AI. Previously, Margaret was Senior Staff Behavioral Engineer, Security & Privacy at Robinhood and Principal Research Scientist for Human Behavior at Forcepoint’s X-Lab. Check out the Margaret’s first interview on the Human-Centered Security podcast (Episode 9) .…
H
Human-Centered Security
1 What UX Designers Need to Know About Privacy with Michelle Finneran Dennedy 50:13
50:13 Play Later Play Later Lists Like Liked50:13
Play Later Play Later Lists Like LikedWhen your website says, “we value your privacy,” how do users interpret that statement? How do they experience “privacy” in your product? What messages are you conveying--perhaps unintentionally? Privacy expert Michelle Finneran Dennedy helps designers think about privacy in the context of the user experience. In this episode, we talk about: What does privacy mean? How, as designers, we give the user ideas of what to expect around privacy—an opportunity to erode or foster trust. The approach her team took at McAfee when it came to redesigning their privacy policy. Starting with ethics—and revving that “ethical engine.” Who should designers reach out to about privacy at their organization? What should they ask? Michelle Finneran Dennedy is a privacy expert, the co-founder of Privacy Code, and was formerly Chief Privacy Officer at McAfee. She is the co-author of The Privacy Engineer’s Manifesto .…
H
Human-Centered Security
1 Learning and Iterating Are Key to Improving the Security User Experience with Kevin Goldman 45:16
45:16 Play Later Play Later Lists Like Liked45:16
Play Later Play Later Lists Like LikedDesigning for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to stay ahead of threat actors. In other words, what may have been relatively effective yesterday might not be effective tomorrow. Exactly why the security user experience is so exciting! Thankfully, Kevin Goldman shares my enthusiasm. Kevin is a design executive whose most recent focus has been in identity and access management. Kevin is the Chair of the UX Working Group at the FIDO Alliance, a nonprofit global industry organization that has developed the standards for passkeys. During this episode, Kevin and I talk about: How to get buy-in for a human-centered approach to the security user experience. A key moment when Kevin and in his team faced a UX challenge with passkeys that forced them to take a step back and re-evaluate their approach. The surprising findings and resolution after they dug deeper to understand the problem. How Kevin worked with his cross-disciplinary team members to identify tradeoffs in usability and security and how they worked through them.…
H
Human-Centered Security
1 Build a UX of AI Framework for Your Cross-Disciplinary Team with John Robertson 44:08
44:08 Play Later Play Later Lists Like Liked44:08
Play Later Play Later Lists Like LikedUX folks are great at asking questions about AI and that’s exactly what we do in this episode. But “questions” sounds boring so we gave the set of questions a fancy name: a UX of AI framework. UX researcher John Robertson describes the UX of AI framework he and his team helped build. In this episode, we talk about: The importance of a human-centered design approach to AI. The need to slow down and consider safety, privacy, and ethics as part of implementing AI. Looking beyond the data: each data point represents a human. The need to build and maintain trust in the AI user experience. Understanding how humans and AI can work as teammates and how that dynamic might play out. John Robertson is a skilled UX researcher with a background in neuroscience and experience working at organizations such as American Airlines, IBM, and Visa. Currently he is a Senior Principal UX Researcher for a cybersecurity software company implementing quantitative and qualitative methods to create human centered security analyst experiences. In the episode, we reference: Analyzing Qualitative User Data at Enterprise Scale with AI: The GE Case Study by Jakob Nielsen Do Users Write More Insecure Code With AI Assistants?…
H
Human-Centered Security
1 Build Security and UX Into Your Product Development Process with Ali Cuthbertson and Jason Telner 38:37
38:37 Play Later Play Later Lists Like Liked38:37
Play Later Play Later Lists Like LikedIf there’s one thing both UX teams and security teams can empathize with each other on is being involved too late in the development process. Ali Cuthbertson and Jason Telner realized that it wasn’t enough for teams to embrace the need for UX and security—they needed a method for integrating them into their agile development processes. Throughout the interview, Ali and Jason will be referencing a project they worked on together to help develop and foster a consistent process for integrating UX and security into an agile development process for teams at IBM. As a result of their work, they developed a set of principles and best practices. They talk about: How a set of principles can serve as a guide for teams. Why integrating UX and security involved a cultural shift for teams in order to be successful. Why support from leadership is instrumental for new processes to be effective. Tips for leveraging mixed methods user research to look at problems from different angles. How to measure the success of embedding UX and security into existing processes. Ali and Jason presented some of their research and recommendations at the 2023 UXPA presentation called “How to balance strong user experiences with enhanced security within an agile framework? Lessons learned and best practices.” Ali Cuthbertson is the Technical Vitality Development Manager and CIO Design Program Manager at IBM. Ali brings over 20 years of seasoned expertise navigating software and hardware engineering. She has become the Indiana Jones of life sciences, user experience, talent management, vitality optimization, security protocols, AI advancements, data analytics, scientific exploration, and cutting edge cloud technologies. Jason Telner, PhD, is a senior user researcher within IBM’s CIO design user research and data analytics team. Jason has over 15 years of experience working within the field of user research. In his current role at IBM, Jason’s focus has been on improving the user experience of employee support applications such as chatbots, web support, and voice interface support.…
H
Human-Centered Security
1 Designing for Cybersecurity Power Users with Tom Keenoy 33:16
33:16 Play Later Play Later Lists Like Liked33:16
Play Later Play Later Lists Like LikedEver wonder what it’s like to design enterprise cybersecurity software? Tom Keenoy, a design leader for a cybersecurity company, explains why what you learned in design school may not apply when you’re building software for specialized power users (think: security analysts, IT administrators, devops). How do you get up-to-speed when designing for complex domains like cybersecurity? How do you adapt your design process for enterprise power users (spoiler: stripping away information isn’t always the right answer)? How to prioritize when “everyone wants to build all the cool things.” Why Tom thinks much of a designer’s job is “de-risking.” The most important skills designers need to be successful in building enterprise security software. Tom Keenoy is a design leader who loves building technical products for power users. At various points in his career he’s been a designer, an educator, an engineer, a product manager, and a startup founder. He’s currently leading a design team at a cybersecurity company and advising growth stage startups to help right-size their UX and product design programs.…
H
Human-Centered Security
1 Security Engineers Hate CAPTCHAs, Too with Jason Puglisi 40:06
40:06 Play Later Play Later Lists Like Liked40:06
Play Later Play Later Lists Like LikedEver encountered a CAPTCHA and thought to yourself, “whoever decided to put this here must really hate people”? It turns out, the people who make the decisions to use CAPTCHAs hate them as much as you do. Jason Puglisi, an application security engineer, describes what teams like his think about when evaluating potential solutions to a security issue. (Spoiler: you’ll be pleased to know these considerations include how security solutions may affect the user experience). The surprising similarities between UX and security teams. What designers need to know about information security risks, as well as how designers can help security teams understand the UX tradeoffs they may be making. What designers can do to more effectively collaborate with their cross-disciplinary teams, including the security engineering team. What to consider when designing for users in higher-risk scenarios—users who have privileged access and are operating at scale (for example, if your end users are engineers, IT professionals, or security analysts). Jason Puglisi is an application security engineer at a financial technology company. He performs ethical hacking to discover vulnerabilities, guide solutions, and inform organization-wide security measures. Human security is a particular passion of his, including security culture, awareness, and various aspects of social engineering.…
H
Human-Centered Security
1 Threat Modeling for UX Designers with Adam Shostack 40:35
40:35 Play Later Play Later Lists Like Liked40:35
Play Later Play Later Lists Like LikedIn this episode, we talk about: Questions you should be asking to uncover information security threats early on in the design process. How to account for human behavior in a structured way as part of threat modeling (spoiler: this is not so different from what you are doing now). How to collaborate with an interdisciplinary team as part of an iterative design process to improve the user experience of security. Adam Shostack is an expert on threat modeling, having worked at Microsoft and currently running security consultancy Shostack + Associates . He is the author of The New School of Information Security , Threat Modeling: Designing for Security and the forthcoming Threats: What Every Engineer Should Learn From Star Wars . Adam’s YouTube channel has entertaining videos that are also excellent resources for learning about threat modeling.…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Similar to Human-Centered Security
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Big tech is transforming every aspect of our world. But how, and at what cost? This season of Land of the Giants – The Disney Dilemma – focuses on Disney’s ability to weather the ups and downs of the business cycle and changing tastes and explores what has kept it successful for over 100 years. The entertainment giant has leveraged nostalgia and its intellectual property to build a beloved brand, but after an acquisition spree that included Marvel, Lucasfilm, and 20th Century Fox, can it sus ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
