Rosenverse

Log in or create a free Rosenverse account to watch this video.

Log in Create free account

100s of community videos are available to free members. Conference talks are generally available to Gold members.

To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity
Thursday, January 23, 2025 • Rosenfeld Community
Share the love for this talk
To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity
Speakers: Heidi Trost
Link:

Summary

If you design digital products, you’re already influencing the security user experience—even if you don’t realize it. Your design choices impact how users handle security and privacy decisions. We live in an ecosystem where everything increasingly relies on the security of systems: from hospitals, to our water supply, to cars and robots. So the stakes are high: disruptions to these systems mean people can get hurt. Further, technology like AI agents—services that will know nearly everything about us and will take actions on our behalf—mean security and privacy are more important than ever. As a UX designer, you understand your product better than your users ever will. This gives you the power to protect users by developing safer systems. By the end of this talk, you’ll learn how to: Apply human-centered design principles to security: human-centered security. Identify key areas where security impacts users most. Understand the dynamics of the security ecosystem. Collaborate with your security UX allies. Ask better questions to balance security and usability. You’ll leave with a human-centered security framework that you and your team can use immediately. Start asking the right questions to improve security outcomes and keep people and systems safer.

Key Insights

  • Security user experience is hindered by conflicting priorities among UX, security, engineering, compliance, and product teams.

  • Users (Alice) generally focus on their goals, not security, so security often only surfaces as friction during critical moments.

  • Charlie represents the frustrating and jargon-heavy security communications that users encounter, impacting their trust and compliance.

  • Building a positive relationship between Alice (user) and Charlie (security systems) is essential to improve security outcomes.

  • Threat actors exploit gaps in the security user experience by understanding user behavior and system vulnerabilities better than designers do.

  • Signup and onboarding are critical moments to influence lasting security behavior since users have a captive and motivated audience.

  • Clear, jargon-free communication across disciplines helps unify disparate security languages into a shared understanding.

  • AI and sophisticated social engineering attacks will intensify the challenges in user trust and security communications.

  • Cross-disciplinary collaboration involving UX, security, product, and legal teams is key to designing effective human-centered security.

  • Security solutions should anticipate user stress, confusion, and typical user behaviors to design helpful, context-aware interactions.

Notable Quotes

"The stakes are really high, from disrupting critical infrastructure to AI acting on our behalf."

"If Alice no longer believes Charlie, she’s going to resent him and change how she responds next time."

"Charlie is like the worst coworker you’ve ever had: well intentioned but painful to interact with."

"Threat actors often understand Alice and Charlie better than we do and use that to their advantage."

"Users literally swat security warnings away because the flows are so overwhelming and confusing."

"We all speak different security languages, but at some point, they have to come together."

"We can’t improve security outcomes until we improve the relationship between Alice and Charlie."

"Threat actors try to convince Alice that they are Charlie to trick her into giving up access."

"Signup and onboarding offer a fleeting but critical opportunity to influence user security behaviors."

"The user is the weakest link is an unhelpful mindset; understanding dynamics helps design better security UX."

Ask the Rosenbot
Prayag Narula
Empowering Designers to do Good Research
2022 • Advancing Research 2022
Gold
John Cutler
Prioritization for designers and product managers (1st of 3 seminars) (Videoconference)
2024 • Rosenfeld Community
Lada Gorlenko
Theme 1: Discussion
2024 • Enterprise Experience 2020
Gold
Prabhas Pokharel
Order and Chaos: New Ways of Collaborating on Synthesis and Storytelling
2022 • Advancing Research 2022
Gold
Louis Rosenfeld
Welcome / Housekeeping
2023 • Enterprise UX 2023
Gold
Kristin Skinner
Theme 1 Intro
2021 • DesignOps Summit 2021
Gold
Ted Neward
Theme 4: Enterprise Organizational Journey
2019 • Enterprise Experience 2019
Gold
John Paul de Guzman
10k Screens Later: How We Became a Data-Driven Design Organization
2024 • DesignOps 2024
Gold
Abbey Smalley
Today’s Design Ops and Programs Landscape & Career Paths
2023 • DesignOps Summit 2023
Gold
The Unspoken Complexity of “Self-Care” with Deanna Zandt
2022 • Civic Design Community
Kristin Wisnewski
Measuring What Matters
2019 • DesignOps Summit 2019
Gold
David Cronin
The GE Design System and Thoughts about Craft at Scale
2015 • Enterprise UX 2015
Gold
Bria Alexander
Day 3 Welcome
2024 • DesignOps 2024
Gold
Ops without Designers
2018 • DesignOps Summit 2018
Gold
Ashley Cortez
Shifting Toward Community-Led Innovation in Local Government
2021 • Civic Design 2021
Gold
Cassini Nazir
The Dangers of Empathy: Toward More Responsible Design Research
2023 • Advancing Research 2023
Gold

More Videos

Jack Moffett

"There’s often a disconnect because the people doing the research and conceptualization aren’t the same as those doing the development work."

Jack Moffett

SAFe or Sorry? (Videoconference)

May 29, 2019

Tricia Wang

"You need to build credibility. It’s not enough to just state that you see a problem; people need to know you will do the work and push towards it."

Tricia Wang

SCALE: Discussion

June 15, 2018

Fredrik Matheson

"You want subordinates, not helpers, because helpers can become rivals – that’s Parkinson’s Law."

Fredrik Matheson

First-time users, longtime strategies: Why Parkinson’s Law is making you less effective at work – and how to design a fix.

June 8, 2016

Laine Riley Prokay

"We had to ensure that many voices contributed because I could not be the only one making org-wide changes."

Laine Riley Prokay

How DesignOps can Drive Inclusive Career Ladders for All

September 30, 2021

Shipra Kayan

"The moment we felt customer feedback worked was when it got incorporated directly into the product roadmap."

Shipra Kayan

How we Built a VoC (Voice of the Customer) Practice at Upwork from the Ground Up

September 30, 2021

Kristen Guth, Ph.D.

"Expert intuition can be wrong or right, especially under uncertain contexts without regular practice and feedback."

Kristen Guth, Ph.D.

Out of the FOG: A Non-traditional Research Approach to Alignment

March 28, 2023

Joi Freeman

"We need to create environments where everyone's voice has a place and value—not put the burden on marginalized individuals to navigate."

Joi Freeman

A New Vantage Point: Building a Pipeline for Multifaceted Research(ers)

March 30, 2020

Victor Udoewa

"A product roadmap is a living document, it evolves with the market and users."

Victor Udoewa

Theme One Intro

March 27, 2023

Peter Merholz

"You need the courage to say no: I’m not going to spread my team so thin that we cannot deliver quality."

Peter Merholz

Customer-Centered Design Organizations

June 8, 2017