Human-Centered Security

In this episode, we talk about: * Questions you should be asking to uncover information security threats early on in the design process. * How to account for human behavior in a structured way as part of threat modeling (spoiler: this is not so different from what you are doing now). * How to collaborate with an interdisciplinary team as part of an iterative design process to improve the user experience of security. Adam Shostack is an expert on threat modeling, having worked at Microsoft and currently running security consultancy Shostack + Associates [https://shostack.org/]. He is the author of The New School of Information Security, Threat Modeling: Designing for Security and the forthcoming Threats: What Every Engineer Should Learn From Star Wars. Adam’s YouTube channel [https://www.youtube.com/c/Shostack] has entertaining videos that are also excellent resources for learning about threat modeling.

In this episode we talk about: * How designing for security is different from (and the same as) designing for other types of experiences. * How to tackle aspects of the user experience that may be necessary but are perceived as annoying roadblocks. * How to anticipate where things might go wrong for the user. * How to effectively collaborate with technical teams. Bethany Sonefeld is the founder of Create With Conscience [https://www.CreatewithConscience.com], a space dedicated to educating and committing to building healthier technology. Create With Conscience was something Bethany developed out of interest in creating a healthier balance of technology in her own life. Bethany is a design manager at Duo Security and was previously at Cloudflare, RetailMeNot, and IBM. Blair Shen is a product designer at Duo Security and was previously at Cloudflare and Harry&David. She is also a YouTube content creator, where she mentors and coaches aspiring UX designers.

In this episode, we talk about: * How do you tackle situations where business goals might be at odds with what’s ethical or what’s best for the human using the product? * How can designers make a difference even if they don’t have a leadership role at their organization? * How do you anticipate potentially unhealthy behaviors or unintended consequences? * What are some actionable steps you can take today? Bethany Sonefeld is the founder of Create With Conscience [https://www.CreatewithConscience.com], a space dedicated to educating and committing to building healthier technology. Create With Conscience was something Bethany developed out of interest in creating a healthier balance of technology in her own life. Bethany is a design manager at Duo Security and was previously at Cloudflare, RetailMeNot, and IBM.

How do the UX, product, and technology teams effectively collaborate when it comes to security? How do we, as part of the UX team, take part in the security conversations and what role do we play? In this episode, we talk about: * How Michael’s user research for dating apps helped him understand the unintended consequences of digital products on our behaviors. * Why we need new frameworks for security and privacy in the digital world. * How users’ perceptions and expectations for security and privacy are highly contextual and changing. * How to break down the user experience of security so your team isn’t treading water in the abstract and can take steps to improve security outcomes. Michael Snell is the UX research team lead at JPMorgan Chase managing research focused on security and authentication. He previously worked at Microsoft and Verizon Connect. He has a PhD in psychology from the University of Georgia.

In this episode, we talk about: * Where the fields of cognitive psychology, security, and user experience meet. * Why Jeremiah and his team chose to investigate graphical authentication. * How they cleverly incorporated testing both usability and security in their two-part study. * The importance of research around learnability: is it easy for users to learn how to use your new authentication schema? Read Jeremiah’s research: Usability Comparison of Over-the-Shoulder Attack Resistant Authentication Schemes [https://uxpajournal.org/usability-osa-resistant-authentication/]. Jeremiah is the Director of Human Factors, Ph.D. Track and Associate Professor of Psychology and the School of Cybersecurity at Old Dominion University. He runs the Psychology of Design Laboratory, which focuses on human cognition and technology, including usable security.