Human-Centered Security

10 Episodes
Subscribe

By: Voice+Code

Cybersecurity is complex. Its user experience doesn’t have to be. Heidi Trost interviews information security experts about how we can make it easier for people—and their organizations—to stay secure.

What UX Designers Need to Know About Privacy with Michelle Finneran Dennedy
#33
03/13/2024

When your website says, “we value your privacy,” how do users interpret that statement? How do they experience “privacy” in your product? What messages are you conveying--perhaps unintentionally? Privacy expert Michelle Finneran Dennedy helps designers think about privacy in the context of the user experience.


In this episode, we talk about:

What does privacy mean?How, as designers, we give the user ideas of what to expect around privacy—an opportunity to erode or foster trust.The approach her team took at McAfee when it came to redesigning their privacy policy.Starting with ethics—and...


Learning and Iterating Are Key to Improving the Security User Experience with Kevin Goldman
#32
02/07/2024

Designing for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to stay ahead of threat actors. In other words, what may have been relatively effective yesterday might not be effective tomorrow. Exactly why the security user experience is so exciting!


Thankfully, Kevin Goldman shares my enthusiasm. Kevin is a design executive whose most recent focus has been in identity and access management. Kevin is the...


Build a UX of AI Framework for Your Cross-Disciplinary Team with John Robertson
#31
01/10/2024

UX folks are great at asking questions about AI and that’s exactly what we do in this episode. But “questions” sounds boring so we gave the set of questions a fancy name: a UX of AI framework. UX researcher John Robertson describes the UX of AI framework he and his team helped build.


In this episode, we talk about:

The importance of a human-centered design approach to AI.The need to slow down and consider safety, privacy, and ethics as part of implementing AI.Looking beyond the data: each data point represents a huma...


Build Security and UX Into Your Product Development Process with Ali Cuthbertson and Jason Telner
#30
12/13/2023

If there’s one thing both UX teams and security teams can empathize with each other on is being involved too late in the development process. Ali Cuthbertson and Jason Telner realized that it wasn’t enough for teams to embrace the need for UX and security—they needed a method for integrating them into their agile development processes.


Throughout the interview, Ali and Jason will be referencing a project they worked on together to help develop and foster a consistent process for integrating UX and security into an agile development process for teams at IBM...


Designing for Cybersecurity Power Users with Tom Keenoy
#29
11/29/2023

Ever wonder what it’s like to design enterprise cybersecurity software? Tom Keenoy, a design leader for a cybersecurity company, explains why what you learned in design school may not apply when you’re building software for specialized power users (think: security analysts, IT administrators, devops).

How do you get up-to-speed when designing for complex domains like cybersecurity?How do you adapt your design process for enterprise power users (spoiler: stripping away information isn’t always the right answer)?How to prioritize when “everyone wants to build all the cool things.”Why Tom thinks much of a designer’s job is “de...


Security Engineers Hate CAPTCHAs, Too with Jason Puglisi
#28
11/17/2023

Ever encountered a CAPTCHA and thought to yourself, “whoever decided to put this here must really hate people”? It turns out, the people who make the decisions to use CAPTCHAs hate them as much as you do. Jason Puglisi, an application security engineer, describes what teams like his think about when evaluating potential solutions to a security issue. (Spoiler: you’ll be pleased to know these considerations include how security solutions may affect the user experience).

The surprising similarities between UX and security teams.What designers need to know about information security risks, as well as how designers can he...


Threat Modeling for UX Designers with Adam Shostack
#27
11/09/2022

In this episode, we talk about:

Questions you should be asking to uncover information security threats early on in the design process.How to account for human behavior in a structured way as part of threat modeling (spoiler: this is not so different from what you are doing now).How to collaborate with an interdisciplinary team as part of an iterative design process to improve the user experience of security.

Adam Shostack is an expert on threat modeling, having worked at Microsoft and currently running security consultancy Shostack + Associates. He is the author of The New School...


Designing Multi-Factor Authentication with Blair Shen and Bethany Sonefeld
#26
10/19/2022

In this episode we talk about:

How designing for security is different from (and the same as) designing for other types of experiences.How to tackle aspects of the user experience that may be necessary but are perceived as annoying roadblocks.How to anticipate where things might go wrong for the user.How to effectively collaborate with technical teams.


Bethany Sonefeld is the founder of Create With Conscience, a space dedicated to educating and committing to building healthier technology. Create With Conscience was something Bethany developed out of interest in creating a healthier balance...


Unintended Consequences: What Questions Should Designers Be Asking? With Bethany Sonefeld
#25
08/24/2022

In this episode, we talk about:

How do you tackle situations where business goals might be at odds with what’s ethical or what’s best for the human using the product?How can designers make a difference even if they don’t have a leadership role at their organization?How do you anticipate potentially unhealthy behaviors or unintended consequences? What are some actionable steps you can take today?


Bethany Sonefeld is the founder of Create With Conscience, a space dedicated to educating and committing to building healthier technology. Create With Conscience was something Bethany...


What Role Does the UX Team Play in Security? With Michael Snell
#24
07/20/2022

How do the UX, product, and technology teams effectively collaborate when it comes to security? How do we, as part of the UX team, take part in the security conversations and what role do we play?


In this episode, we talk about:

How Michael’s user research for dating apps helped him understand the unintended consequences of digital products on our behaviors.Why we need new frameworks for security and privacy in the digital world.How users’ perceptions and expectations for security and privacy are highly contextual and changing. How to break down the u...