Voice+Code
Human-Centered Security
Cybersecurity is complex. Its user experience doesn’t have to be. Heidi Trost interviews information security experts about how we can make it easier for people—and their organizations—to stay secure.
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Bake Security Into the DNA of Your Product and Improve the Security User Experience with Darren Thomas and Margaret Cunningham 03.04.2024 41:09
We start the episode discussing a very serious topic: emojis. Then we get back to your regularly scheduled programming. How would you approach security if you were building something from scratch? How would you address security user experience challenges? Darren Thomas and Margaret Cunningham from Wethos AI talk about how they’ve built security into their product and how cross-disciplinary collabo...
What UX Designers Need to Know About Privacy with Michelle Finneran Dennedy 13.03.2024 50:13
When your website says, “we value your privacy,” how do users interpret that statement? How do they experience “privacy” in your product? What messages are you conveying--perhaps unintentionally? Privacy expert Michelle Finneran Dennedy helps designers think about privacy in the context of the user experience. In this episode, we talk about: What does privacy mean? How, as designers, we give the u...
Learning and Iterating Are Key to Improving the Security User Experience with Kevin Goldman 07.02.2024 45:16
Designing for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to stay ahead of threat actors. In other words, what may have been relatively effective yesterday might not be effe...
Build a UX of AI Framework for Your Cross-Disciplinary Team with John Robertson 10.01.2024 44:08
UX folks are great at asking questions about AI and that’s exactly what we do in this episode. But “questions” sounds boring so we gave the set of questions a fancy name: a UX of AI framework. UX researcher John Robertson describes the UX of AI framework he and his team helped build. In this episode, we talk about: The importance of a human-centered design approach to AI. The need to slow down and...
Build Security and UX Into Your Product Development Process with Ali Cuthbertson and Jason Telner 13.12.2023 38:37
If there’s one thing both UX teams and security teams can empathize with each other on is being involved too late in the development process. Ali Cuthbertson and Jason Telner realized that it wasn’t enough for teams to embrace the need for UX and security—they needed a method for integrating them into their agile development processes. Throughout the interview, Ali and Jason will be referencing a...
Designing for Cybersecurity Power Users with Tom Keenoy 29.11.2023 33:16
Ever wonder what it’s like to design enterprise cybersecurity software? Tom Keenoy, a design leader for a cybersecurity company, explains why what you learned in design school may not apply when you’re building software for specialized power users (think: security analysts, IT administrators, devops). How do you get up-to-speed when designing for complex domains like cybersecurity? How do you adap...
Security Engineers Hate CAPTCHAs, Too with Jason Puglisi 17.11.2023 40:06
Ever encountered a CAPTCHA and thought to yourself, “whoever decided to put this here must really hate people”? It turns out, the people who make the decisions to use CAPTCHAs hate them as much as you do. Jason Puglisi, an application security engineer, describes what teams like his think about when evaluating potential solutions to a security issue. (Spoiler: you’ll be pleased to know these consi...
Threat Modeling for UX Designers with Adam Shostack 09.11.2022 40:35
In this episode, we talk about: Questions you should be asking to uncover information security threats early on in the design process. How to account for human behavior in a structured way as part of threat modeling (spoiler: this is not so different from what you are doing now). How to collaborate with an interdisciplinary team as part of an iterative design process to improve the user experience...
Designing Multi-Factor Authentication with Blair Shen and Bethany Sonefeld 19.10.2022 38:20
In this episode we talk about: How designing for security is different from (and the same as) designing for other types of experiences. How to tackle aspects of the user experience that may be necessary but are perceived as annoying roadblocks. How to anticipate where things might go wrong for the user. How to effectively collaborate with technical teams. Bethany Sonefeld is the founder of Create...
Unintended Consequences: What Questions Should Designers Be Asking? With Bethany Sonefeld 24.08.2022 38:36
In this episode, we talk about: How do you tackle situations where business goals might be at odds with what’s ethical or what’s best for the human using the product? How can designers make a difference even if they don’t have a leadership role at their organization? How do you anticipate potentially unhealthy behaviors or unintended consequences? What are some actionable steps you can take today...
What Role Does the UX Team Play in Security? With Michael Snell 20.07.2022 37:30
How do the UX, product, and technology teams effectively collaborate when it comes to security? How do we, as part of the UX team, take part in the security conversations and what role do we play? In this episode, we talk about: How Michael’s user research for dating apps helped him understand the unintended consequences of digital products on our behaviors. Why we need new frameworks for security...
Testing for Usability and Security with Jeremiah Still 25.05.2022 33:42
In this episode, we talk about: Where the fields of cognitive psychology, security, and user experience meet. Why Jeremiah and his team chose to investigate graphical authentication. How they cleverly incorporated testing both usability and security in their two-part study. The importance of research around learnability: is it easy for users to learn how to use your new authentication schema? Read...
Technical Users Care About UX, Too 09.03.2022 28:05
In this episode, we talk about: Why technical users expect a great user experience just like everyone else. How to find and incentivize participants who are extremely busy. How to support users in making a decision without telling them what to do. Deciding what data to show and how to show it. Tanja Venborg Hansen is a seasoned user researcher who has worked in both the enterprise cybersecurity (F...
Responsible Innovation in the Technology Industry with Chloe Poynton 08.12.2021 41:31
In this episode, we talk about: What is responsible innovation and where can companies get started? How can companies take guiding principles, establish a framework, and operationalize that framework in a way that “informs decision-making in a meaningful way”? How are regulations impacting responsible innovation programs? What happens when an organization’s business model conflicts with responsibl...
Why Designers Need to Learn About Security with Jared Spool 10.11.2021 47:07
In this episode, we talk about: Why security UX requires “selective usability” and how that poses unique challenges for designers. Thinking about security in terms of safety systems: putting the burden on the system rather than on the user. How to work effectively with the security team. And Jared shares lots of examples. Jared Spool is the founder of UX consultancy UIE and the co-founder of UX de...
Improve, Adapt, and Customize Cybersecurity Awareness Strategies and Metrics with Kate Brett Goldman 27.10.2021 37:49
In this episode, we talk about: What’s next for the cybersecurity awareness industry. How to leverage qualitative and quantitative metrics (with similar challenges and opportunities to measuring the user experience). How to go about understanding and changing your organization’s cybersecurity culture. Kate Brett Goldman is the Founder and CEO of Cybermaniacs, an innovative cybersecurity awareness...
Everything You Wanted to Know About Security But Were Too Afraid to Ask with Ira Winkler 15.09.2021 41:36
In this episode we talk about: Building a system in a way that, as Ira says, “a user cannot initiate a loss” What designers need to know about prevention, detection, and reaction when it comes to security What we can learn from safety science How designers can get a seat at the table when it comes to human security engineering Ira Winkler is the founder of Secure Mentem and Chief Information Sec...
IoT Devices: Establishing Trust through Transparency with Matt Wyckhouse 24.08.2021 44:08
In this episode we talk about: The security risks associated with IoT devices. Why IoT devices can be less secure than, for example, a mobile device. Supply chain security. How UX designers can more effectively communicate risk to their users. Prior to founding Finite State , Matt spent 15 years leading the research and development of advanced solutions to some of the hardest problems in cyber sec...
How an Anthropologist Approaches a Security Breach with Patricia Ensworth 11.08.2021 40:32
In this episode, we talk about: How anthropology can help security teams uncover the “why” behind security breaches. Why it’s important for designers to familiarize themselves with information security risk management. What designers should know about quality assurance applied to security. How to fight for the time needed to build security into products. Patricia Ensworth is a business anthropolo...
Where do "people" fit in with process and technology? with Dr. Nikki Robinson 14.07.2021 29:41
In this episode, we talk about: Why human factors is important when it comes to cybersecurity and why it’s still a relatively unexplored topic. The importance of communication and empathy in cybersecurity. Dr. Robinson’s research around low and medium vulnerabilities—and how their potential use in combination warrants additional attention. Dr. Robinson’s most recent research around “vulnerability...
Adapting the Human Factors Analysis and Classification System to Cybersecurity with Robin Bylenga 30.06.2021 34:55
During this episode, we talk about: How an insider threat at her own company led Robin into cybersecurity. Why looking at the human side of errors and using a framework like HFCAS can help identify the root cause of the problem. How Robin’s research challenges the idea that “humans are the weakest link.” How HFACS can be applied to cybersecurity’s existing frameworks. Robin Bylenga is a seasoned c...
Avoid the Temptation to Start Cybersecurity Conversations with “You’re Doing It Wrong” with Ryan Cloutier 16.06.2021 39:24
In this episode, we talk about: How security experts can more effectively communicate with end users. The issue of delayed consequences in the digital realm and how that impacts how people behave. The role accountability plays in improving information security. Ryan Cloutier is the principal security consultant for SecurityStudio . He is an experienced IT/cybersecurity professional with over 15 ye...
Cybersecurity Risk Management for UX Practitioners with Natalie Hill 19.05.2021 37:44
In this episode we talk about: Thinking about cybersecurity risk from a UX practitioner’s perspective. Balancing ease of use while not introducing unnecessary risk. Building personas and scenarios for bad actors so you can make conscious decisions about how controls might be circumvented. The importance of content strategy and collaborating with UX writers. Tips for conducting user research when i...
Expectation vs. Outcome: Accounting for Human Behavior with Dr. Alexander Stein 05.05.2021 35:45
During this episode, we talk about: Why looking for a silver bullet for cybersecurity is hopeless. Like any human issue, it is a multi-dimensional and complex. Expectations versus outcomes: how we must take into account how “things will play out when you involve people.” "Changing how people think and behave is complicated, non-linear, painstaking, and does not conform to your expectations.” Despi...
How Do You Get People to Care About Cybersecurity? with Laura Nespoli 24.02.2021 28:50
Laura Nespoli is founder of Meshin Movement, a brand strategy consultancy. Laura has spent her career serving as a strategic problem-solver and brand storyteller across the sales marketing spectrum in many facets--from agency to client-side, media to creative, market research to integrated marketing planning. Her professional focus is in helping brands and teams reveal business opportunity and adv...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.