Rosenverse

Log in or create a free Rosenverse account to watch this video.

Log in Create free account

100s of community videos are available to free members. Conference talks are generally available to Gold members.

To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity
Thursday, January 23, 2025 • Rosenfeld Community
Share the love for this talk
To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity
Speakers: Heidi Trost
Link:

Summary

If you design digital products, you’re already influencing the security user experience—even if you don’t realize it. Your design choices impact how users handle security and privacy decisions. We live in an ecosystem where everything increasingly relies on the security of systems: from hospitals, to our water supply, to cars and robots. So the stakes are high: disruptions to these systems mean people can get hurt. Further, technology like AI agents—services that will know nearly everything about us and will take actions on our behalf—mean security and privacy are more important than ever. As a UX designer, you understand your product better than your users ever will. This gives you the power to protect users by developing safer systems. By the end of this talk, you’ll learn how to: Apply human-centered design principles to security: human-centered security. Identify key areas where security impacts users most. Understand the dynamics of the security ecosystem. Collaborate with your security UX allies. Ask better questions to balance security and usability. You’ll leave with a human-centered security framework that you and your team can use immediately. Start asking the right questions to improve security outcomes and keep people and systems safer.

Key Insights

  • Security user experience is hindered by conflicting priorities among UX, security, engineering, compliance, and product teams.

  • Users (Alice) generally focus on their goals, not security, so security often only surfaces as friction during critical moments.

  • Charlie represents the frustrating and jargon-heavy security communications that users encounter, impacting their trust and compliance.

  • Building a positive relationship between Alice (user) and Charlie (security systems) is essential to improve security outcomes.

  • Threat actors exploit gaps in the security user experience by understanding user behavior and system vulnerabilities better than designers do.

  • Signup and onboarding are critical moments to influence lasting security behavior since users have a captive and motivated audience.

  • Clear, jargon-free communication across disciplines helps unify disparate security languages into a shared understanding.

  • AI and sophisticated social engineering attacks will intensify the challenges in user trust and security communications.

  • Cross-disciplinary collaboration involving UX, security, product, and legal teams is key to designing effective human-centered security.

  • Security solutions should anticipate user stress, confusion, and typical user behaviors to design helpful, context-aware interactions.

Notable Quotes

"The stakes are really high, from disrupting critical infrastructure to AI acting on our behalf."

"If Alice no longer believes Charlie, she’s going to resent him and change how she responds next time."

"Charlie is like the worst coworker you’ve ever had: well intentioned but painful to interact with."

"Threat actors often understand Alice and Charlie better than we do and use that to their advantage."

"Users literally swat security warnings away because the flows are so overwhelming and confusing."

"We all speak different security languages, but at some point, they have to come together."

"We can’t improve security outcomes until we improve the relationship between Alice and Charlie."

"Threat actors try to convince Alice that they are Charlie to trick her into giving up access."

"Signup and onboarding offer a fleeting but critical opportunity to influence user security behaviors."

"The user is the weakest link is an unhelpful mindset; understanding dynamics helps design better security UX."

Ask the Rosenbot
Jon Fukuda
Theme 3 Intro
2024 • DesignOps 2024
Gold
Kate Towsey
The State of ResearchOps: More Than Just Theory (Videoconference)
2019 • DesignOps Community
Marc Majers
Interrupted UX - Add A Dose of Reality To Usability Testing
2022 • Advancing Research 2022
Gold
Gabrielle Verderber
Documentation Your Team Will Actually Use
2023 • DesignOps Summit 2023
Gold
Ashley Cortez
Shifting Toward Community-Led Innovation in Local Government
2021 • Civic Design 2021
Gold
Bob Baxley
Leading with Design Operations Past and Present (Videoconference)
2019 • DesignOps Community
Barb Spanton
Doing Work That Matters: A Look Beyond The Idealistic Notion of 'Doing Meaningful Work'
2022 • Design at Scale 2022
Gold
Kara Kane
Theme One Intro
2022 • Civic Design 2022
Gold
Christian Madsbjerg
Influencing Strategy
2020 • Advancing Research 2020
Gold
Tutti Taygerly
Videconference: How to Work with Difficult People with Tutti Taygerly
2020 • Enterprise Community
Stop Talking, Start Doing
2017 • Enterprise Experience 2017
Gold
Sahibzada Mayed
Cultivating Design Ecologies of Care, Community, and Collaboration
2023 • DesignOps Summit 2023
Gold
Amy Jiménez Márquez
The Atypical UX Manager Path (Videoconference)
2020 • Enterprise Community
Doug Powell
Closing Keynote: Design at Scale
2018 • DesignOps Summit 2018
Gold
Iram Shah
Closing Keynote: The View from the Top
2019 • Enterprise Experience 2019
Gold
Terry Buckman
Wargaming (An Introduction) (Videoconference)
2023 • Enterprise Community

More Videos

"Scale isn’t just about quantity, it’s about the quality and impact you have on the outcomes of the organization."

Standardizing Product Merits for Leaders, Designers, and Everyone

June 15, 2018

Simon Wardley

"The only people who can effectively map a space are those who work and understand that space intimately."

Simon Wardley

Maps and Topographical Intelligence (Videoconference)

January 31, 2019

Sandra Camacho

"We can’t solve systemic problems with surface-level solutions or checklists."

Sandra Camacho

Creating More Bias-Proof Designs

January 22, 2025

Darian Davis

"Appealing to stakeholders’ best interests helps build trust and rapport."

Darian Davis

Lessons from a Toxic Work Relationship

January 8, 2024

Fisayo Osilaja

"I challenge everyone to create a strategic AI integration plan that goes beyond everyday tasks to achieve career and company goals."

Fisayo Osilaja

[Demo] The AI edge: From researcher to strategist

June 4, 2024

Uday Gajendar

"Creating tangible artifacts forces reaction and debate, helping break enterprise paralysis and drive decisions."

Uday Gajendar

The Wicked Craft of Enterprise UX

May 13, 2015

Davis Neable

"What’s so difficult about designing a login? On the surface, it’s simple, but the real challenge was cultural alignment across business units."

Davis Neable Guy Segal

How to Drive a Design Project When you Don’t Have a Design Team

June 10, 2021

Eniola Oluwole

"If you come with a big idea, they’ll try to dial you back to the smallest iota you can test first."

Eniola Oluwole

Lessons From the DesignOps Journey of the World's Largest Travel Site

October 24, 2019

Aurobinda Pradhan

"At Qubits, you can customize or copy standard design processes like Lean UX and add or remove activities easily."

Aurobinda Pradhan Shashank Deshpande

Introduction to Collaborative DesignOps using Cubyts

September 9, 2022