Voice+Code
Human-Centered Security
Cybersecurity is complex. Its user experience doesn’t have to be. Heidi Trost interviews information security experts about how we can make it easier for people—and their organizations—to stay secure.
Wo hören?
Podcasts in der App Replaio Radio Bald verfügbarPodcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts
Folgen
No Threat Intel Team? No Problem. Let’s Pretend You Do! with Mike Kosak 25.08.2025 50:19
In this episode, Mike Kosak explains what threat intelligence really is (Mike’s former boss said you have to “rub some thinking on it.”), how to define priority intelligence requirements (PIRs), how to treat model, where to find threat intel, and how to keep in actionable with tight feedback loops—not panic. Key takeaways: Threat intel ≠ data. It’s analyzed info focused “ walls-out ” (what’s outs...
We Regret to Inform You: Your Phishing Training Did Nothing with Ariana Mirian 16.07.2025 46:52
You click on a link in an email—as one does. Suddenly you see a message from your organization, “You’ve been phished! Now you need some training!” What do you do next? If you’re like most busy humans, you skip it and move on. Researcher Ariana Mirian (and co-authors Grant Ho, Elisa Luo, Khang Tong, Euyhyun Lee, Lin Liu, Christopher A. Longhurst, Christian Dameff, Stefan Savage, Geoffrey M. Voelker...
Trust Me Maybe: Building Trust in Human-AI Partnerships in Security 30.06.2025 43:58
In this episode, I speak with three guests from diverse backgrounds who share a common goal: Building trust in human-AI partnerships in security. We originally came together for a panel at the Institute of Electrical and Electronics Engineers (IEEE) Conference on AI in May 2025, and this episode recaps that discussion. Key takeaways: Security practitioners tend to be natural-born skeptics (can you...
XDR, EDR, SIEM, SOAR…Snooze: Cybersecurity Marketing Real Talk with Gianna Whitver 29.05.2025 34:09
You're a founder with a great cybersecurity product—but no one knows or cares. Or you're a marketer drowning in jargon (hey, customers hate acronyms, too), trying to figure out what works and what doesn’t. Gianna Whitver, co-founder of the Cybersecurity Marketing Society, breaks down what the cybersecurity industry is getting wrong—and right—about marketing. In this episode, we talk about: Cyber m...
Here Comes the Sludge with Kelly Shortridge and Josiah Dykstra 15.05.2025 43:23
Users, threat actors, and the system design all influence—and are influenced by—one another. To design safer systems, we first need to understand the players who operate within those systems. Kelly Shortridge and Josiah Dykstra exemplify this human-centered approach in their work. In this episode we talk about: The vital role of human factors in cyber-resilience—how Josiah and Kelly apply a behavi...
Human-Centered Security In the Wild: Jordan Girman and Mike Kosak On Security and Product Team Collaboration at Lastpass 07.04.2025 40:04
Imagine a world where product teams collaborate with security teams. Where product designers can shadow their security peers. A place where security team members believe communication is one of the most important skillsets they have. These are key attributes of human-centered security—the type of dynamics Jordan Girman and Mike Kosak are fostering at Lastpass. In this episode, we talk about: What...
Dear Security Vendors, Here’s What Security Teams Want You to Know with Paul Robinson 19.02.2025 36:41
Where are security tools failing security teams? What are security teams looking for when they visit a security vendor marketing website? Paul Robinson, security expert and founder of Tempus Network, says, “Over-promising and under-delivering is a major factor in these tools. The tool can look great in a demo—proof of concepts are great, but often the security vendor is just putting their best foo...
From Tools to Teammates: (Dis)Trust in AI for Cybersecurity with Neele Roch 02.01.2025 36:47
When we collaborate with people, we build trust over time. In many ways, this relationship building is similar to how we work with tools that leverage AI. As usable security and privacy researcher Neele Roch found, “on the one hand, when you ask the [security] experts directly, they are very rational and they explain that AI is a tool. AI is based on algorithms and it's mathematical. And while th...
Introducing Human-Centered Security: The Book 11.12.2024 32:08
In this episode, Heidi gets a taste of her own medicine and is interviewed by co-host John Robertson about her newly-released book Human-Centered Security: How to Design Systems That Are Both Safe and Usable . We talk about: Why Heidi’s experience as a UX researcher prompted her to write Human-Centered Security . Places in the user journey where security impacts users the most. Why cross-disciplin...
Threat Actors Leverage Behavioral Science; Security Teams Should, Too with Matt Wallaert 05.12.2024 39:21
The cybersecurity industry often fixates on “behavior change,” expecting users to take on unrealistic tasks instead of designing safer, smarter systems. Matt Wallaert (founder of BeSci.io and author of Start at the End: How to Build Products that Create Change ) explains behavioral science isn't about forcing behavior change. Instead, it's about understanding people so a thoughtfully-designed sys...
Tech & Law: The Power of Understanding Both With Justine Phillips 14.11.2024 45:24
“Technical people need to better understand the laws and regulations and lawyers need to better understand the technology and processes in place. When that happens, when those worlds come together, that’s where you can meaningfully make things happen.” -Justine Phillips, Partner at Baker McKenzie In this episode, we talk about: Essential questions product teams should ask legal experts when integr...
Complexity Undermines Security With Bill Bonney, Gary Hayslip, and Matt Stamper 30.10.2024 47:11
What do CISOs have to say about the security tools their teams use?: “When we introduce a level of complexity in the system, it undermines security. Every moment wasted trying to use a tool effectively benefits the adversary.” - Matt Stamper In this episode, we talk to cybsecurity leaders Bill Bonney, Gary Hayslip, and Matt Stamper about: The ever-evolving role of the CISO and what CISOs care abou...
Security Tools Don’t Get a Free Pass When It Comes to Human-Centered Design with Jaron Mink 23.10.2024 43:30
In this episode, we talk about: Security tools don’t get a free pass when it comes to involving end users as part of the design process. People studying and building ML-based security tools make a lot of assumptions. Instead of wasting time on assumptions, why not learn from security practitioners directly? Businesses (and academia) are investing a great deal in building ML-based security tools....
Leverage UX Research to Improve the Security User Experience with Serge Egelman 02.10.2024 31:32
In this episode, we talk about: The role misaligned incentives play in security behaviors. How Serge and his team approach security-focused UX research. Looking upstream at the security decisions made by software engineers and, in turn, the situations they are often placed in due to resource constraints and competing priorities at their organizations. Learning from other industries with highly-sk...
Help Security Analysts Tell the Story Behind the Threats with Shante Perrin 23.09.2024 28:58
Shante Perrin, a cybersecurity leader, and her team use cybersecurity software to not only to detect and respond to cybersecurity threats but also, as Shante describes, to help paint a picture for their customers: “We like to build a timeline of events to build that picture, create that story so we can deliver it to the customer and explain why we felt it is suspicious. In other words, why are we...
Putting Human-Centered Security Into Practice with Julie Haney 11.09.2024 50:50
In this episode, we talk about: The need for human-centered security—in order for security measures to be effective, they must center around people, making usability as crucial as technology. We explore the gap between research and practice, highlighting the need to bring cybersecurity research into real-world application. Human-centered security research can’t possible be effective if no one kn...
So Much Data, So Little Time—Designing for Security Workflows with Tom Harrison 05.09.2024 31:07
Security analysts respond to security detections and alerts. As part of this, they have to sift through a mountain of data and they have to do it fast. Not in hours, not in days. In minutes. Tom Harrison, security operations manager at Secureworks, explains it perfectly, “We have a time crunch and it’s exacerbated by the other big issue security analysts have: we have an absolute ton of data that...
Threat Modeling Parts of the User Journey That Cost Your Business Money With Adam Shostack 22.08.2024 47:01
“Even though usability and security tradeoffs will always be with us, we can get much smarter. Some of the techniques are really simple. For one, write everything down a user needs to do in order to use your app securely. Yeah, keep writing.” In this episode, we talk about: What is threat modeling and why should product teams and UX designers care about it? (Also check out Adam’s first episode on...
No Room for Hype When Integrating AI Into Cybersecurity Products with John Robertson and Siddharth Hirwani 07.08.2024 35:58
“UX design can enhance the overall performance, adoption, and impact in cybersecurity tools that leverage AI, making the tools more accessible to a broader range of users, including those who don’t have deep technical or security knowledge.” In this episode, Siddharth Hirwani and John Robertson talk about: Pressures and challenges security analysts face and how AI can help. Moving beyond AI hype a...
What Do You Know About Alert Fatigue? An Interview with John Robertson 31.07.2024 19:31
“People try to talk about the technical user experience at too high of a level. You talk about alert fatigue and you kind of understand what alert fatigue is just by the name. Yeah, there’s a lot of alerts. But watching it in action is different.” In this episode, Heidi interviews John about what he’s learned about designing for security analysts. We talk about: The importance of understanding use...
How to Build Trust Through the User Experience with Carlie Hundt and Devon Hirth 18.06.2024 45:04
Carlie Hundt and Devon Hirth believe a UX designer’s role is to “lift up the voices of the people trying to access and use government services.” Trust is really important. How do we build trust through the user experience, particularly when you are asking for personal information? In this episode, we talk about: Leveraging storytelling to “share with our government partners the real experience of...
Understand the Holistic Experience to Improve Cybersecurity Products with Lindsey Wallace 05.06.2024 50:33
When thinking about building products for security teams, we often emphasize the technical side: reduced false positives, new detection techniques, and automation. But what about asking things like: how do security teams work together? What excites a security analyst about their job? How can we help them do more of that? What does the experience look like across a suite of cybersecurity products?...
Include Users with Disabilities in Your Security UX Research with Joyce Oshita 22.05.2024 49:29
Are you inadvertently designing a security user experience that makes it less likely your users will choose the most secure option for them? Are security-related roadblocks preventing people from using your service? In order to design inclusive experiences—including accessible experiences—you must include users with disabilities in your research. In this episode, we talk about: Including users wit...
Leveraging Data Science to Help Security Teams with Serge-Olivier Paquette 08.05.2024 41:58
How do you help security teams understand what happened and what to do next? Data science can help with that. Serge-Olivier Paquette, CPO at threat intelligence and analytics platform Flare, combines product, cybersecurity, and data science expertise to develop cutting-edge products and experiences that help security teams make informed decisions. In this episode: The best explanation of data scie...
What Designers Need to Know About Digital Identity and Access with David Mahdi 24.04.2024 45:27
What do the terms digital identity and access mean for the user experience? David Mahdi, CIO at Transmit Security and digital identity and cybersecurity expert, breaks it all down in this episode. We talk about: Access-related terms you need to understand: Digital identity, authentication, and authorization. Why so many security problems are, in fact, access problems. User experience implications....
Ähnliche Podcasts
Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet