Cybersecurity is complex. Its user experience doesn’t have to be. Heidi Trost interviews information security experts about how we can make it easier for people—and their organizations—to stay secure.
…
continue reading
1
Complexity Undermines Security With Bill Bonney, Gary Hayslip, and Matt Stamper
47:11
47:11
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
47:11
What do CISOs have to say about the security tools their teams use?: “When we introduce a level of complexity in the system, it undermines security. Every moment wasted trying to use a tool effectively benefits the adversary.” - Matt Stamper In this episode, we talk to cybsecurity leaders Bill Bonney, Gary Hayslip, and Matt Stamper about: The ever-…
…
continue reading
1
Security Tools Don’t Get a Free Pass When It Comes to Human-Centered Design with Jaron Mink
43:30
43:30
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
43:30
In this episode, we talk about: Security tools don’t get a free pass when it comes to involving end users as part of the design process. People studying and building ML-based security tools make a lot of assumptions. Instead of wasting time on assumptions, why not learn from security practitioners directly? Businesses (and academia) are investing a…
…
continue reading
1
Leverage UX Research to Improve the Security User Experience with Serge Egelman
31:32
31:32
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
31:32
In this episode, we talk about: The role misaligned incentives play in security behaviors. How Serge and his team approach security-focused UX research. Looking upstream at the security decisions made by software engineers and, in turn, the situations they are often placed in due to resource constraints and competing priorities at their organizatio…
…
continue reading
1
Help Security Analysts Tell the Story Behind the Threats with Shante Perrin
28:58
28:58
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
28:58
Shante Perrin, a cybersecurity leader, and her team use cybersecurity software to not only to detect and respond to cybersecurity threats but also, as Shante describes, to help paint a picture for their customers: “We like to build a timeline of events to build that picture, create that story so we can deliver it to the customer and explain why we …
…
continue reading
1
Putting Human-Centered Security Into Practice with Julie Haney
50:50
50:50
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
50:50
In this episode, we talk about: The need for human-centered security—in order for security measures to be effective, they must center around people, making usability as crucial as technology. We explore the gap between research and practice, highlighting the need to bring cybersecurity research into real-world application. Human-centered security r…
…
continue reading
1
So Much Data, So Little Time—Designing for Security Workflows with Tom Harrison
31:07
31:07
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
31:07
Security analysts respond to security detections and alerts. As part of this, they have to sift through a mountain of data and they have to do it fast. Not in hours, not in days. In minutes. Tom Harrison, security operations manager at Secureworks, explains it perfectly, “We have a time crunch and it’s exacerbated by the other big issue security an…
…
continue reading
1
Threat Modeling Parts of the User Journey That Cost Your Business Money With Adam Shostack
47:01
47:01
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
47:01
“Even though usability and security tradeoffs will always be with us, we can get much smarter. Some of the techniques are really simple. For one, write everything down a user needs to do in order to use your app securely. Yeah, keep writing.” In this episode, we talk about: What is threat modeling and why should product teams and UX designers care …
…
continue reading
1
No Room for Hype When Integrating AI Into Cybersecurity Products with John Robertson and Siddharth Hirwani
35:58
35:58
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
35:58
“UX design can enhance the overall performance, adoption, and impact in cybersecurity tools that leverage AI, making the tools more accessible to a broader range of users, including those who don’t have deep technical or security knowledge.” In this episode, Siddharth Hirwani and John Robertson talk about: Pressures and challenges security analysts…
…
continue reading
1
What Do You Know About Alert Fatigue? An Interview with John Robertson
19:31
19:31
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
19:31
“People try to talk about the technical user experience at too high of a level. You talk about alert fatigue and you kind of understand what alert fatigue is just by the name. Yeah, there’s a lot of alerts. But watching it in action is different.” In this episode, Heidi interviews John about what he’s learned about designing for security analysts. …
…
continue reading
1
How to Build Trust Through the User Experience with Carlie Hundt and Devon Hirth
45:04
45:04
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
45:04
Carlie Hundt and Devon Hirth believe a UX designer’s role is to “lift up the voices of the people trying to access and use government services.” Trust is really important. How do we build trust through the user experience, particularly when you are asking for personal information? In this episode, we talk about: Leveraging storytelling to “share wi…
…
continue reading
1
Understand the Holistic Experience to Improve Cybersecurity Products with Lindsey Wallace
50:33
50:33
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
50:33
When thinking about building products for security teams, we often emphasize the technical side: reduced false positives, new detection techniques, and automation. But what about asking things like: how do security teams work together? What excites a security analyst about their job? How can we help them do more of that? What does the experience lo…
…
continue reading
1
Include Users with Disabilities in Your Security UX Research with Joyce Oshita
49:29
49:29
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
49:29
Are you inadvertently designing a security user experience that makes it less likely your users will choose the most secure option for them? Are security-related roadblocks preventing people from using your service? In order to design inclusive experiences—including accessible experiences—you must include users with disabilities in your research. I…
…
continue reading
1
Leveraging Data Science to Help Security Teams with Serge-Olivier Paquette
41:58
41:58
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
41:58
How do you help security teams understand what happened and what to do next? Data science can help with that. Serge-Olivier Paquette, CPO at threat intelligence and analytics platform Flare, combines product, cybersecurity, and data science expertise to develop cutting-edge products and experiences that help security teams make informed decisions. …
…
continue reading
1
What Designers Need to Know About Digital Identity and Access with David Mahdi
45:27
45:27
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
45:27
What do the terms digital identity and access mean for the user experience? David Mahdi, CIO at Transmit Security and digital identity and cybersecurity expert, breaks it all down in this episode. We talk about: Access-related terms you need to understand: Digital identity, authentication, and authorization. Why so many security problems are, in fa…
…
continue reading
1
Bake Security Into the DNA of Your Product and Improve the Security User Experience with Darren Thomas and Margaret Cunningham
41:09
41:09
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
41:09
We start the episode discussing a very serious topic: emojis. Then we get back to your regularly scheduled programming. How would you approach security if you were building something from scratch? How would you address security user experience challenges? Darren Thomas and Margaret Cunningham from Wethos AI talk about how they’ve built security int…
…
continue reading
1
What UX Designers Need to Know About Privacy with Michelle Finneran Dennedy
50:13
50:13
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
50:13
When your website says, “we value your privacy,” how do users interpret that statement? How do they experience “privacy” in your product? What messages are you conveying--perhaps unintentionally? Privacy expert Michelle Finneran Dennedy helps designers think about privacy in the context of the user experience. In this episode, we talk about: What d…
…
continue reading
1
Learning and Iterating Are Key to Improving the Security User Experience with Kevin Goldman
45:16
45:16
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
45:16
Designing for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to stay ahead of threat actors. In other words, what may have bee…
…
continue reading
1
Build a UX of AI Framework for Your Cross-Disciplinary Team with John Robertson
44:08
44:08
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
44:08
UX folks are great at asking questions about AI and that’s exactly what we do in this episode. But “questions” sounds boring so we gave the set of questions a fancy name: a UX of AI framework. UX researcher John Robertson describes the UX of AI framework he and his team helped build. In this episode, we talk about: The importance of a human-centere…
…
continue reading
1
Build Security and UX Into Your Product Development Process with Ali Cuthbertson and Jason Telner
38:37
38:37
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
38:37
If there’s one thing both UX teams and security teams can empathize with each other on is being involved too late in the development process. Ali Cuthbertson and Jason Telner realized that it wasn’t enough for teams to embrace the need for UX and security—they needed a method for integrating them into their agile development processes. Throughout t…
…
continue reading
1
Designing for Cybersecurity Power Users with Tom Keenoy
33:16
33:16
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
33:16
Ever wonder what it’s like to design enterprise cybersecurity software? Tom Keenoy, a design leader for a cybersecurity company, explains why what you learned in design school may not apply when you’re building software for specialized power users (think: security analysts, IT administrators, devops). How do you get up-to-speed when designing for c…
…
continue reading
1
Security Engineers Hate CAPTCHAs, Too with Jason Puglisi
40:06
40:06
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
40:06
Ever encountered a CAPTCHA and thought to yourself, “whoever decided to put this here must really hate people”? It turns out, the people who make the decisions to use CAPTCHAs hate them as much as you do. Jason Puglisi, an application security engineer, describes what teams like his think about when evaluating potential solutions to a security issu…
…
continue reading
1
Threat Modeling for UX Designers with Adam Shostack
40:35
40:35
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
40:35
In this episode, we talk about: Questions you should be asking to uncover information security threats early on in the design process. How to account for human behavior in a structured way as part of threat modeling (spoiler: this is not so different from what you are doing now). How to collaborate with an interdisciplinary team as part of an itera…
…
continue reading
1
Designing Multi-Factor Authentication with Blair Shen and Bethany Sonefeld
38:20
38:20
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
38:20
In this episode we talk about: How designing for security is different from (and the same as) designing for other types of experiences. How to tackle aspects of the user experience that may be necessary but are perceived as annoying roadblocks. How to anticipate where things might go wrong for the user. How to effectively collaborate with technical…
…
continue reading
1
Unintended Consequences: What Questions Should Designers Be Asking? With Bethany Sonefeld
38:36
38:36
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
38:36
In this episode, we talk about: How do you tackle situations where business goals might be at odds with what’s ethical or what’s best for the human using the product? How can designers make a difference even if they don’t have a leadership role at their organization? How do you anticipate potentially unhealthy behaviors or unintended consequences? …
…
continue reading
1
What Role Does the UX Team Play in Security? With Michael Snell
37:30
37:30
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
37:30
How do the UX, product, and technology teams effectively collaborate when it comes to security? How do we, as part of the UX team, take part in the security conversations and what role do we play? In this episode, we talk about: How Michael’s user research for dating apps helped him understand the unintended consequences of digital products on our …
…
continue reading
1
Testing for Usability and Security with Jeremiah Still
33:42
33:42
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
33:42
In this episode, we talk about: Where the fields of cognitive psychology, security, and user experience meet. Why Jeremiah and his team chose to investigate graphical authentication. How they cleverly incorporated testing both usability and security in their two-part study. The importance of research around learnability: is it easy for users to lea…
…
continue reading
1
Technical Users Care About UX, Too
28:05
28:05
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
28:05
In this episode, we talk about: Why technical users expect a great user experience just like everyone else. How to find and incentivize participants who are extremely busy. How to support users in making a decision without telling them what to do. Deciding what data to show and how to show it. Tanja Venborg Hansen is a seasoned user researcher who …
…
continue reading
1
Responsible Innovation in the Technology Industry with Chloe Poynton
41:31
41:31
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
41:31
In this episode, we talk about: What is responsible innovation and where can companies get started? How can companies take guiding principles, establish a framework, and operationalize that framework in a way that “informs decision-making in a meaningful way”? How are regulations impacting responsible innovation programs? What happens when an organ…
…
continue reading
1
Why Designers Need to Learn About Security with Jared Spool
47:07
47:07
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
47:07
In this episode, we talk about: Why security UX requires “selective usability” and how that poses unique challenges for designers. Thinking about security in terms of safety systems: putting the burden on the system rather than on the user. How to work effectively with the security team. And Jared shares lots of examples. Jared Spool is the founder…
…
continue reading
1
Improve, Adapt, and Customize Cybersecurity Awareness Strategies and Metrics with Kate Brett Goldman
37:49
37:49
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
37:49
In this episode, we talk about: What’s next for the cybersecurity awareness industry. How to leverage qualitative and quantitative metrics (with similar challenges and opportunities to measuring the user experience). How to go about understanding and changing your organization’s cybersecurity culture. Kate Brett Goldman is the Founder and CEO of Cy…
…
continue reading
1
Everything You Wanted to Know About Security But Were Too Afraid to Ask with Ira Winkler
41:36
41:36
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
41:36
In this episode we talk about: Building a system in a way that, as Ira says, “a user cannot initiate a loss” What designers need to know about prevention, detection, and reaction when it comes to security What we can learn from safety science How designers can get a seat at the table when it comes to human security engineering Ira Winkler is the fo…
…
continue reading
1
IoT Devices: Establishing Trust through Transparency with Matt Wyckhouse
44:08
44:08
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
44:08
In this episode we talk about: The security risks associated with IoT devices. Why IoT devices can be less secure than, for example, a mobile device. Supply chain security. How UX designers can more effectively communicate risk to their users. Prior to founding Finite State, Matt spent 15 years leading the research and development of advanced solut…
…
continue reading
1
How an Anthropologist Approaches a Security Breach with Patricia Ensworth
40:32
40:32
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
40:32
In this episode, we talk about: How anthropology can help security teams uncover the “why” behind security breaches. Why it’s important for designers to familiarize themselves with information security risk management. What designers should know about quality assurance applied to security. How to fight for the time needed to build security into pro…
…
continue reading
1
Where do "people" fit in with process and technology? with Dr. Nikki Robinson
29:41
29:41
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
29:41
In this episode, we talk about: Why human factors is important when it comes to cybersecurity and why it’s still a relatively unexplored topic. The importance of communication and empathy in cybersecurity. Dr. Robinson’s research around low and medium vulnerabilities—and how their potential use in combination warrants additional attention. Dr. Robi…
…
continue reading
1
Adapting the Human Factors Analysis and Classification System to Cybersecurity with Robin Bylenga
34:55
34:55
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
34:55
During this episode, we talk about: How an insider threat at her own company led Robin into cybersecurity. Why looking at the human side of errors and using a framework like HFCAS can help identify the root cause of the problem. How Robin’s research challenges the idea that “humans are the weakest link.” How HFACS can be applied to cybersecurity’s …
…
continue reading
1
Avoid the Temptation to Start Cybersecurity Conversations with “You’re Doing It Wrong” with Ryan Cloutier
39:24
39:24
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
39:24
In this episode, we talk about: How security experts can more effectively communicate with end users. The issue of delayed consequences in the digital realm and how that impacts how people behave. The role accountability plays in improving information security. Ryan Cloutier is the principal security consultant for SecurityStudio. He is an experien…
…
continue reading
1
Cybersecurity Risk Management for UX Practitioners with Natalie Hill
37:44
37:44
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
37:44
In this episode we talk about: Thinking about cybersecurity risk from a UX practitioner’s perspective. Balancing ease of use while not introducing unnecessary risk. Building personas and scenarios for bad actors so you can make conscious decisions about how controls might be circumvented. The importance of content strategy and collaborating with UX…
…
continue reading
1
Expectation vs. Outcome: Accounting for Human Behavior with Dr. Alexander Stein
35:45
35:45
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
35:45
During this episode, we talk about: Why looking for a silver bullet for cybersecurity is hopeless. Like any human issue, it is a multi-dimensional and complex. Expectations versus outcomes: how we must take into account how “things will play out when you involve people.” "Changing how people think and behave is complicated, non-linear, painstaking,…
…
continue reading
1
How Do You Get People to Care About Cybersecurity? with Laura Nespoli
28:50
28:50
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
28:50
Laura Nespoli is founder of Meshin Movement, a brand strategy consultancy. Laura has spent her career serving as a strategic problem-solver and brand storyteller across the sales marketing spectrum in many facets--from agency to client-side, media to creative, market research to integrated marketing planning. Her professional focus is in helping br…
…
continue reading
1
We All Have Been the “Stupid User” at Some Point with Dr. Margaret Cunningham
34:40
34:40
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
34:40
Dr. Margaret Cunningham is an experimental psychologist and the Principal Research Scientist for Human Behavior at Forcepoint’s X-Lab. In this role, she serves as the behavioral science subject matter expert in an interdisciplinary security team driving the development of human-centric security solutions. Previously, she supported the Human Systems…
…
continue reading
1
Using Analogies to Help People Understand Information Security with Brian Murphy
21:31
21:31
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
21:31
Brian Murphy, a security specialist at GreyCastle Security, is a technology, information security, and risk management professional. He assists with the development and implementation of cybersecurity solutions for a variety of industries. Brian has knowledge of PCI, SOX, GLBA compliance requirements, as well as ISO and NIST standards and regulatio…
…
continue reading
1
What can we learn from human factors programs in other industries? with Dr. Calvin Nobles
41:02
41:02
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
41:02
Dr. Nobles is a cybersecurity scientist and human factors practitioner with more than 25 years of experience. He retired from the U.S. Navy and currently works in the financial services industry. Dr. Nobles recently completed a Cybersecurity Policy Fellowship with the New America Think Tank in Washington, D.C. In this episode we talk about: What hu…
…
continue reading
1
Managing Risk Through Two-Way Communication with Alexandra Panaretos
31:49
31:49
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
31:49
Alex is the EY Americas Cybersecurity Lead for Secure Culture Activation. With a background in sports broadcasting and operational security, she is experienced in security communications and education, awareness program development, the psychology of social engineering, and behavior analytics. In her free time, she is a mother of three and she volu…
…
continue reading
1
Improving the User Experience with Passwordless Security with Yan Grinshtein
34:45
34:45
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
34:45
Yan Grinshtein is an HCI and accessibility certified human-centered design leader, speaker, and mentor. Currently the head of design at HYPR, Yan has over 20 years of experience as a creative and design leader. He has worked on three different continents across four countries with companies ranging from Fortune 500 to startups, some of which have b…
…
continue reading
1
How to Design Great User Experiences in a Complicated Cybersecurity Ecosystem with Christian Rohrer
42:50
42:50
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
42:50
Christian Rohrer is Senior Director, User Experience at McAfee, returning to the company after a 5-year hiatus during which he was Founder and Principal at XD Strategy, a UX strategy consultancy, and former Vice President of Design, Research and Enterprise Services at Capital One. He has also led UX teams at Realtor.com, eBay, and Yahoo!. Christian…
…
continue reading
1
Using Self-Sovereign Identity as the Foundation for Secure, Trusted Digital Relationships with Kaliya Young
30:26
30:26
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
30:26
In this episode we talk about: What Kaliya describes as a new “layer” to the Internet to support decentralized identity, much like how html or email supported what came next. The importance of open standards. How to build a “digital wallet” paradigm that makes sense to people. What SSI means for businesses/business models. Kaliya is the co-author o…
…
continue reading
1
Reframing the Information Security Conversation for Business Owners with Jim Nelson
40:44
40:44
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
40:44
Jim Nelson, Senior Security Consultant for Innovative Solutions, has been working with organizations to help raise their security posture based on their risk for the last 17 years. In this episode, we talk about: How to reframe the security conversation so business owners understand that an investment in security is taking a proactive stance. Ultim…
…
continue reading
1
The Role of Storytelling in Cybersecurity Awareness Training with Gabriel Friedlander
44:18
44:18
Lire Plus Tard
Lire Plus Tard
Des listes
J'aime
Aimé
44:18
Gabriel has been studying human behavior for a long time. His first company, ObserveIT, an insider threat management platform recently acquired by Proofpoint, dealt with monitoring and reporting on out-of-policy employee behavior. Today, as the founder of Wizer, a security awareness training platform, Gabriel is focused on ensuring, as he put it, “…
…
continue reading