Sign up to save your podcasts
Or
Share UX in Cybersecurity
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
UX in Cybersecurity
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ux-in-cybersecurity/)
Security products and programs may be functional and work correctly, but are they usable in the sense that it fits into the work patterns of our users?
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Rakesh Patwari (@rakeshpatwari), UX lead, Salesforce and UX instructor at UC Berkeley Extension.
Thanks to this week's podcast sponsor, Enzoic.
Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed username and password combinations to identity accounts at risk and mitigate unauthorized access. Learn more about Enzoic.
On this episode of Defense in Depth, you'll learn:
- There is the path to security you create and the path that your users take, or the desired path. As a security and UX professional you should plan to make those two the same path. If not, your users will take the simpler route and circumvent your security controls.
- Users will always choose the easier path which is not necessarily the most secure path.
- Security is an "ask." You're requesting users do something, but it's hard to get them to keep doing that "ask" if you don't give them feedback as to the reason or value of the ask.
- Error messages historically provide little to no information to the user and thus no guidance to solve the problem. We often have to go outside of the environment (a search engine) to find a solution.
- Security professionals need to take on the role of a UX designer which requires defining work processes by interviewing users, not deciding what you want those processes to be.
- Creating a simple process is far more difficult than creating a complex process. Secure processes don't require users to constantly turn functions on and off or go through additional unnecessary steps to get their job done.
- View your users as customers where you're trying to sell them on your process rather than dictating which will eventually be avoided.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ux-in-cybersecurity/)
Security products and programs may be functional and work correctly, but are they usable in the sense that it fits into the work patterns of our users?
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Rakesh Patwari (@rakeshpatwari), UX lead, Salesforce and UX instructor at UC Berkeley Extension.
Thanks to this week's podcast sponsor, Enzoic.
Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed username and password combinations to identity accounts at risk and mitigate unauthorized access. Learn more about Enzoic.
On this episode of Defense in Depth, you'll learn:
- There is the path to security you create and the path that your users take, or the desired path. As a security and UX professional you should plan to make those two the same path. If not, your users will take the simpler route and circumvent your security controls.
- Users will always choose the easier path which is not necessarily the most secure path.
- Security is an "ask." You're requesting users do something, but it's hard to get them to keep doing that "ask" if you don't give them feedback as to the reason or value of the ask.
- Error messages historically provide little to no information to the user and thus no guidance to solve the problem. We often have to go outside of the environment (a search engine) to find a solution.
- Security professionals need to take on the role of a UX designer which requires defining work processes by interviewing users, not deciding what you want those processes to be.
- Creating a simple process is far more difficult than creating a complex process. Secure processes don't require users to constantly turn functions on and off or go through additional unnecessary steps to get their job done.
- View your users as customers where you're trying to sell them on your process rather than dictating which will eventually be avoided.
More shows like Defense in Depth
View all
Hacked
186 Listeners
Security Now (Audio)
2,011 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
652 Listeners
CyberWire Daily
1,026 Listeners
Smashing Security
318 Listeners
Click Here
419 Listeners
Darknet Diaries
8,075 Listeners
Cybersecurity Today
177 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
195 Listeners
Cybersecurity Headlines
139 Listeners
Risky Bulletin
45 Listeners
Hacker And The Fed
167 Listeners