Human-Centered Security Voice+Code

What do the terms digital identity and access mean for the user experience? David Mahdi, CIO at Transmit Security and digital identity and cybersecurity expert, breaks it all down in this episode.
We talk about:
Access-related terms you need to understand: Digital identity, authentication, and authorization.Why so many security problems are, in fact, access problems.User experience implications.The future of digital identity and what it might mean for your product and your users.David Mahdi is the CIO at Transmit Security, former Gartner research VP, and was previously CSO at Sectigo. An IAM leader and visionary, David is an expert in digital identity, cryptography, and cybersecurity. 

We start the episode discussing a very serious topic: emojis. Then we get back to your regularly scheduled programming.

How would you approach security if you were building something from scratch? How would you address security user experience challenges? Darren Thomas and Margaret Cunningham from Wethos AI talk about how they’ve built security into their product and how cross-disciplinary collaboration helps them improve the security user experience.

In this episode, we talk about:
How to build security into your product development lifecycle when you need move quickly.How to anticipate—and design for—security and privacy concerns.Why getting users to the product’s value faster and relates to the security user experience.Darren Thomas is the co-founder and Chief Product Officer at Wethos AI, a platform that helps people and teams connect and understand one another to improve both individual and team performance. Darren is also the founding team member and head of product at NumberOne AI. A veteran in product management within the security industry, Darren has previously worked at Tenable and McAfee.

Margaret Cunningham is an experimental psychologist and is Chief Scientist at Wethos AI. Previously, Margaret was Senior Staff Behavioral Engineer, Security & Privacy at Robinhood and Principal Research Scientist for Human Behavior at Forcepoint’s X-Lab. Check out the Margaret’s first interview on the Human-Centered Security podcast (Episode 9).

When your website says, “we value your privacy,” how do users interpret that statement? How do they experience “privacy” in your product? What messages are you conveying--perhaps unintentionally? Privacy expert Michelle Finneran Dennedy helps designers think about privacy in the context of the user experience.

In this episode, we talk about:
What does privacy mean?How, as designers, we give the user ideas of what to expect around privacy—an opportunity to erode or foster trust.The approach her team took at McAfee when it came to redesigning their privacy policy.Starting with ethics—and revving that “ethical engine.”Who should designers reach out to about privacy at their organization? What should they ask?Michelle Finneran Dennedy is a privacy expert, the co-founder of Privacy Code, and was formerly Chief Privacy Officer at McAfee. She is the co-author of The Privacy Engineer’s Manifesto.

Designing for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to stay ahead of threat actors. In other words, what may have been relatively effective yesterday might not be effective tomorrow. Exactly why the security user experience is so exciting!

Thankfully, Kevin Goldman shares my enthusiasm. Kevin is a design executive whose most recent focus has been in identity and access management. Kevin is the Chair of the UX Working Group at the FIDO Alliance, a nonprofit global industry organization that has developed the standards for passkeys.

During this episode, Kevin and I talk about: 
How to get buy-in for a human-centered approach to the security user experience.A key moment when Kevin and in his team faced a UX challenge with passkeys that forced them to take a step back and re-evaluate their approach.The surprising findings and resolution after they dug deeper to understand the problem.How Kevin worked with his cross-disciplinary team members to identify tradeoffs in usability and security and how they worked through them.

UX folks are great at asking questions about AI and that’s exactly what we do in this episode. But “questions” sounds boring so we gave the set of questions a fancy name: a UX of AI framework. UX researcher John Robertson describes the UX of AI framework he and his team helped build.

In this episode, we talk about:
The importance of a human-centered design approach to AI.The need to slow down and consider safety, privacy, and ethics as part of implementing AI.Looking beyond the data: each data point represents a human.The need to build and maintain trust in the AI user experience.Understanding how humans and AI can work as teammates and how that dynamic might play out.
John Robertson is a skilled UX researcher with a background in neuroscience and experience working at organizations such as American Airlines, IBM, and Visa. Currently he is a Senior Principal UX Researcher for a cybersecurity software company implementing quantitative and qualitative methods to create human centered security analyst experiences.
In the episode, we reference:
Analyzing Qualitative User Data at Enterprise Scale with AI: The GE Case Study by Jakob Nielsen
Do Users Write More Insecure Code With AI Assistants?

If there’s one thing both UX teams and security teams can empathize with each other on is being involved too late in the development process. Ali Cuthbertson and Jason Telner realized that it wasn’t enough for teams to embrace the need for UX and security—they needed a method for integrating them into their agile development processes.

Throughout the interview, Ali and Jason will be referencing a project they worked on together to help develop and foster a consistent process for integrating UX and security into an agile development process for teams at IBM. As a result of their work, they developed a set of principles and best practices. They talk about:
How a set of principles can serve as a guide for teams.Why integrating UX and security involved a cultural shift for teams in order to be successful.Why support from leadership is instrumental for new processes to be effective.Tips for leveraging mixed methods user research to look at problems from different angles.How to measure the success of embedding UX and security into existing processes.Ali and Jason presented some of their research and recommendations at the 2023 UXPA presentation called “How to balance strong user experiences with enhanced security within an agile framework? Lessons learned and best practices.”

Ali Cuthbertson is the Technical Vitality Development Manager and CIO Design Program Manager at IBM. Ali brings over 20 years of seasoned expertise navigating software and hardware engineering. She has become the Indiana Jones of life sciences, user experience, talent management, vitality optimization, security protocols, AI advancements, data analytics, scientific exploration, and cutting edge cloud technologies.

Jason Telner, PhD, is a senior user researcher within IBM’s CIO design user research and data analytics team. Jason has over 15 years of experience working within the field of user research. In his current role at IBM, Jason’s focus has been on improving the user experience of employee support applications such as chatbots, web support, and voice interface support.