Human-Centered Security

By Voice+Code

What's Human-Centered Security about?

Cybersecurity is complex. Its user experience doesn’t have to be. Heidi Trost interviews information security experts about how we can make it easier for people—and their organizations—to stay secure.

Download our free app to listen on your phone

Human-Centered Security episodes:

06.18.2024
How to Build Trust Through the User Experience with Carlie Hundt and Devon Hirth
Carlie Hundt and Devon Hirth believe a UX designer’s role is to “lift up the voices of the people trying to access and use government services.” Trust is really important. How do we build trust through the user experience, particularly...
06.05.2024
Understand the Holistic Experience to Improve Cybersecurity Products with Lindsey Wallace
When thinking about building products for security teams, we often emphasize the technical side: reduced false positives, new detection techniques, and automation. But what about asking things like: how do security teams work together? What excites a security analyst about...
05.22.2024
Include Users with Disabilities in Your Security UX Research with Joyce Oshita
Are you inadvertently designing a security user experience that makes it less likely your users will choose the most secure option for them? Are security-related roadblocks preventing people from using your service? In order to design inclusive experiences—including accessible experiences—you...
05.08.2024
Leveraging Data Science to Help Security Teams with Serge-Olivier Paquette
How do you help security teams understand what happened and what to do next? Data science can help with that. Serge-Olivier Paquette, CPO at threat intelligence and analytics platform Flare, combines product, cybersecurity, and data science expertise to develop cutting-edge...
04.24.2024
What Designers Need to Know About Digital Identity and Access with David Mahdi
What do the terms digital identity and access mean for the user experience? David Mahdi, CIO at Transmit Security and digital identity and cybersecurity expert, breaks it all down in this episode. We talk about:Access-related terms you need to understand:...
04.03.2024
Bake Security Into the DNA of Your Product and Improve the Security User Experience with Darren Thomas and Margaret Cunningham
We start the episode discussing a very serious topic: emojis. Then we get back to your regularly scheduled programming. How would you approach security if you were building something from scratch? How would you address security user experience challenges?...
03.13.2024
What UX Designers Need to Know About Privacy with Michelle Finneran Dennedy
When your website says, “we value your privacy,” how do users interpret that statement? How do they experience “privacy” in your product? What messages are you conveying--perhaps unintentionally? Privacy expert Michelle Finneran Dennedy helps designers think about privacy in the...
02.07.2024
Learning and Iterating Are Key to Improving the Security User Experience with Kevin Goldman
Designing for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to...
01.10.2024
Build a UX of AI Framework for Your Cross-Disciplinary Team with John Robertson
UX folks are great at asking questions about AI and that’s exactly what we do in this episode. But “questions” sounds boring so we gave the set of questions a fancy name: a UX of AI framework. UX researcher John...
12.13.2023
Build Security and UX Into Your Product Development Process with Ali Cuthbertson and Jason Telner
If there’s one thing both UX teams and security teams can empathize with each other on is being involved too late in the development process. Ali Cuthbertson and Jason Telner realized that it wasn’t enough for teams to embrace the...
11.29.2023
Designing for Cybersecurity Power Users with Tom Keenoy
Ever wonder what it’s like to design enterprise cybersecurity software? Tom Keenoy, a design leader for a cybersecurity company, explains why what you learned in design school may not apply when you’re building software for specialized power users (think: security...
11.17.2023
Security Engineers Hate CAPTCHAs, Too with Jason Puglisi
Ever encountered a CAPTCHA and thought to yourself, “whoever decided to put this here must really hate people”? It turns out, the people who make the decisions to use CAPTCHAs hate them as much as you do. Jason Puglisi, an...
11.09.2022
Threat Modeling for UX Designers with Adam Shostack
In this episode, we talk about:Questions you should be asking to uncover information security threats early on in the design process.How to account for human behavior in a structured way as part of threat modeling (spoiler: this is not so...
10.19.2022
Designing Multi-Factor Authentication with Blair Shen and Bethany Sonefeld
In this episode we talk about:How designing for security is different from (and the same as) designing for other types of experiences.How to tackle aspects of the user experience that may be necessary but are perceived as annoying roadblocks.How to...
08.24.2022
Unintended Consequences: What Questions Should Designers Be Asking? With Bethany Sonefeld
In this episode, we talk about:How do you tackle situations where business goals might be at odds with what’s ethical or what’s best for the human using the product?How can designers make a difference even if they don’t have a...
07.20.2022
What Role Does the UX Team Play in Security? With Michael Snell
How do the UX, product, and technology teams effectively collaborate when it comes to security? How do we, as part of the UX team, take part in the security conversations and what role do we play? In this episode,...
05.25.2022
Testing for Usability and Security with Jeremiah Still
In this episode, we talk about:Where the fields of cognitive psychology, security, and user experience meet.Why Jeremiah and his team chose to investigate graphical authentication.How they cleverly incorporated testing both usability and security in their two-part study.The importance of research...
03.09.2022
Technical Users Care About UX, Too
In this episode, we talk about:Why technical users expect a great user experience just like everyone else.How to find and incentivize participants who are extremely busy.How to support users in making a decision without telling them what to do.Deciding what...
12.08.2021
Responsible Innovation in the Technology Industry with Chloe Poynton
In this episode, we talk about:What is responsible innovation and where can companies get started?How can companies take guiding principles, establish a framework, and operationalize that framework in a way that “informs decision-making in a meaningful way”?How are regulations impacting...
11.10.2021
Why Designers Need to Learn About Security with Jared Spool
In this episode, we talk about:Why security UX requires “selective usability” and how that poses unique challenges for designers.Thinking about security in terms of safety systems: putting the burden on the system rather than on the user.How to work effectively...
10.27.2021
Improve, Adapt, and Customize Cybersecurity Awareness Strategies and Metrics with Kate Brett Goldman
In this episode, we talk about:What’s next for the cybersecurity awareness industry.How to leverage qualitative and quantitative metrics (with similar challenges and opportunities to measuring the user experience).How to go about understanding and changing your organization’s cybersecurity culture. Kate Brett Goldman...
09.15.2021
Everything You Wanted to Know About Security But Were Too Afraid to Ask with Ira Winkler
In this episode we talk about:Building a system in a way that, as Ira says, “a user cannot initiate a loss”What designers need to know about prevention, detection, and reaction when it comes to security What we can learn from safety...
08.24.2021
IoT Devices: Establishing Trust through Transparency with Matt Wyckhouse
In this episode we talk about:The security risks associated with IoT devices.Why IoT devices can be less secure than, for example, a mobile device.Supply chain security.How UX designers can more effectively communicate risk to their users. Prior to founding Finite...
08.11.2021
How an Anthropologist Approaches a Security Breach with Patricia Ensworth
In this episode, we talk about:How anthropology can help security teams uncover the “why” behind security breaches.Why it’s important for designers to familiarize themselves with information security risk management. What designers should know about quality assurance applied to security.How to fight...
07.14.2021
Where do "people" fit in with process and technology? with Dr. Nikki Robinson
In this episode, we talk about: Why human factors is important when it comes to cybersecurity and why it’s still a relatively unexplored topic.The importance of communication and empathy in cybersecurity.Dr. Robinson’s research around low and medium vulnerabilities—and how their...
06.30.2021
Adapting the Human Factors Analysis and Classification System to Cybersecurity with Robin Bylenga
During this episode, we talk about:How an insider threat at her own company led Robin into cybersecurity.Why looking at the human side of errors and using a framework like HFCAS can help identify the root cause of the problem.How Robin’s...
06.16.2021
Avoid the Temptation to Start Cybersecurity Conversations with “You’re Doing It Wrong” with Ryan Cloutier
In this episode, we talk about:How security experts can more effectively communicate with end users.The issue of delayed consequences in the digital realm and how that impacts how people behave.The role accountability plays in improving information security. Ryan Cloutier is the...
05.19.2021
Cybersecurity Risk Management for UX Practitioners with Natalie Hill
In this episode we talk about:Thinking about cybersecurity risk from a UX practitioner’s perspective.Balancing ease of use while not introducing unnecessary risk.Building personas and scenarios for bad actors so you can make conscious decisions about how controls might be circumvented.The...
05.05.2021
Expectation vs. Outcome: Accounting for Human Behavior with Dr. Alexander Stein
During this episode, we talk about:Why looking for a silver bullet for cybersecurity is hopeless. Like any human issue, it is a multi-dimensional and complex.Expectations versus outcomes: how we must take into account how “things will play out when you...
02.24.2021
How Do You Get People to Care About Cybersecurity? with Laura Nespoli
Laura Nespoli is founder of Meshin Movement, a brand strategy consultancy. Laura has spent her career serving as a strategic problem-solver and brand storyteller across the sales marketing spectrum in many facets--from agency to client-side, media to creative, market research...
02.10.2021
We All Have Been the “Stupid User” at Some Point with Dr. Margaret Cunningham
Dr. Margaret Cunningham is an experimental psychologist and the Principal Research Scientist for Human Behavior at Forcepoint’s X-Lab. In this role, she serves as the behavioral science subject matter expert in an interdisciplinary security team driving the development of human-centric...
02.03.2021
Using Analogies to Help People Understand Information Security with Brian Murphy
Brian Murphy, a security specialist at GreyCastle Security, is a technology, information security, and risk management professional. He assists with the development and implementation of cybersecurity solutions for a variety of industries. Brian has knowledge of PCI, SOX, GLBA compliance...
01.27.2021
What can we learn from human factors programs in other industries? with Dr. Calvin Nobles
Dr. Nobles is a cybersecurity scientist and human factors practitioner with more than 25 years of experience. He retired from the U.S. Navy and currently works in the financial services industry. Dr. Nobles recently completed a Cybersecurity Policy Fellowship with...
01.20.2021
Managing Risk Through Two-Way Communication with Alexandra Panaretos
Alex is the EY Americas Cybersecurity Lead for Secure Culture Activation. With a background in sports broadcasting and operational security, she is experienced in security communications and education, awareness program development, the psychology of social engineering, and behavior analytics. In...
01.13.2021
Improving the User Experience with Passwordless Security with Yan Grinshtein
Yan Grinshtein is an HCI and accessibility certified human-centered design leader, speaker, and mentor. Currently the head of design at HYPR, Yan has over 20 years of experience as a creative and design leader. He has worked on three different...
01.06.2021
How to Design Great User Experiences in a Complicated Cybersecurity Ecosystem with Christian Rohrer
Christian Rohrer is Senior Director, User Experience at McAfee, returning to the company after a 5-year hiatus during which he was Founder and Principal at XD Strategy, a UX strategy consultancy, and former Vice President of Design, Research and Enterprise...
12.23.2020
Using Self-Sovereign Identity as the Foundation for Secure, Trusted Digital Relationships with Kaliya Young
In this episode we talk about:What Kaliya describes as a new “layer” to the Internet to support decentralized identity, much like how html or email supported what came next.The importance of open standards.How to build a “digital wallet” paradigm that...
12.16.2020
Reframing the Information Security Conversation for Business Owners with Jim Nelson
Jim Nelson, Senior Security Consultant for Innovative Solutions, has been working with organizations to help raise their security posture based on their risk for the last 17 years. In this episode, we talk about:How to reframe the security conversation so...
12.08.2020
The Role of Storytelling in Cybersecurity Awareness Training with Gabriel Friedlander
Gabriel has been studying human behavior for a long time. His first company, ObserveIT, an insider threat management platform recently acquired by Proofpoint, dealt with monitoring and reporting on out-of-policy employee behavior. Today, as the founder of Wizer, a security...

What's Human-Centered Security about?

Download our free app to listen on your phone

Human-Centered Security episodes:

How to Build Trust Through the User Experience with Carlie Hundt and Devon Hirth

Understand the Holistic Experience to Improve Cybersecurity Products with Lindsey Wallace

Include Users with Disabilities in Your Security UX Research with Joyce Oshita

Leveraging Data Science to Help Security Teams with Serge-Olivier Paquette

What Designers Need to Know About Digital Identity and Access with David Mahdi

Bake Security Into the DNA of Your Product and Improve the Security User Experience with Darren Thomas and Margaret Cunningham

What UX Designers Need to Know About Privacy with Michelle Finneran Dennedy

Learning and Iterating Are Key to Improving the Security User Experience with Kevin Goldman

Build a UX of AI Framework for Your Cross-Disciplinary Team with John Robertson

Build Security and UX Into Your Product Development Process with Ali Cuthbertson and Jason Telner

Designing for Cybersecurity Power Users with Tom Keenoy

Security Engineers Hate CAPTCHAs, Too with Jason Puglisi

Threat Modeling for UX Designers with Adam Shostack

Designing Multi-Factor Authentication with Blair Shen and Bethany Sonefeld

Unintended Consequences: What Questions Should Designers Be Asking? With Bethany Sonefeld

What Role Does the UX Team Play in Security? With Michael Snell

Testing for Usability and Security with Jeremiah Still

Technical Users Care About UX, Too

Responsible Innovation in the Technology Industry with Chloe Poynton

Why Designers Need to Learn About Security with Jared Spool

Improve, Adapt, and Customize Cybersecurity Awareness Strategies and Metrics with Kate Brett Goldman

Everything You Wanted to Know About Security But Were Too Afraid to Ask with Ira Winkler

IoT Devices: Establishing Trust through Transparency with Matt Wyckhouse

How an Anthropologist Approaches a Security Breach with Patricia Ensworth

Where do "people" fit in with process and technology? with Dr. Nikki Robinson

Adapting the Human Factors Analysis and Classification System to Cybersecurity with Robin Bylenga

Avoid the Temptation to Start Cybersecurity Conversations with “You’re Doing It Wrong” with Ryan Cloutier

Cybersecurity Risk Management for UX Practitioners with Natalie Hill

Expectation vs. Outcome: Accounting for Human Behavior with Dr. Alexander Stein

How Do You Get People to Care About Cybersecurity? with Laura Nespoli

We All Have Been the “Stupid User” at Some Point with Dr. Margaret Cunningham

Using Analogies to Help People Understand Information Security with Brian Murphy

What can we learn from human factors programs in other industries? with Dr. Calvin Nobles

Managing Risk Through Two-Way Communication with Alexandra Panaretos

Improving the User Experience with Passwordless Security with Yan Grinshtein

How to Design Great User Experiences in a Complicated Cybersecurity Ecosystem with Christian Rohrer

Using Self-Sovereign Identity as the Foundation for Secure, Trusted Digital Relationships with Kaliya Young

Reframing the Information Security Conversation for Business Owners with Jim Nelson

The Role of Storytelling in Cybersecurity Awareness Training with Gabriel Friedlander

Other shows like Human-Centered Security: