Human-Centered Security Voice+Code

Carlie Hundt and Devon Hirth believe a UX designer’s role is to “lift up the voices of the people trying to access and use government services.” Trust is really important. How do we build trust through the user experience, particularly when you are asking for personal information?

In this episode, we talk about:
Leveraging storytelling to “share with our government partners the real experience of real people who are trying ot access government services.”Why you need to anticipate where users might question, “Why are you asking for this? What are you going to do with this information?”Providing flexibility in the user experience. Carlie refers to this as “many welcoming doors.”When and why you might give users the option to sign up for services without requiring them to create an account.Both Carlie Hundt and Devon Hirth work for Code for America, a civic tech non-profit, in the Safety Net Innovation Lab. Carlie is Staff Product Designer and Devon is Staff User Experience Designer.

When thinking about building products for security teams, we often emphasize the technical side: reduced false positives, new detection techniques, and automation. But what about asking things like: how do security teams work together? What excites a security analyst about their job? How can we help them do more of that? What does the experience look like across a suite of cybersecurity products? To improve the user experience for security teams—and improve security outcomes—you have to think holistically.

In this episode, we talk about:
How a centralized UX research team fosters meta-analysis across different personas, workflows, and a suite of products.Why in-person research—like visiting a security operations center (SOC)—is so important for UX researchers building security products.Creative ways of engaging with customers and learning from them.Why her UX research team has taken ownership over UX metrics and analytics.Why asking stakeholders a simple question: “What kind of evidence are you looking for?” can save you a lot of time and frustration.Lindsey Wallace is the Director of Design Research and Strategy at Cisco Security Design. She has a PhD in Anthropology and previously worked at Adobe. 

Are you inadvertently designing a security user experience that makes it less likely your users will choose the most secure option for them? Are security-related roadblocks preventing people from using your service? In order to design inclusive experiences—including accessible experiences—you must include users with disabilities in your research.

In this episode, we talk about:
Including users with disabilities as a co-creation exercise—not something you “check off” as part of your UX research.Why flexibility is so important when it comes to the security user experience.The importance of storytelling to help teams design accessible experiences.Joyce’s experience when encountering a CAPTCHA using a screen reader (and listen to an example), where she is prevented from completing a form.Why Joyce believes “today’s frustration will be the field for tomorrow’s innovation.”Joyce Oshita is a Certified Professional in Web Accessibility, accessibility trainer and educator, and advisor for the FIDO Alliance task force. Joyce created the Digital Overload series, which documents her experiences using digital services while using a screen reader.
Also check out the W3C Web Accessibility Initiative (WAI) Web Accessibility Perspective Videos.

How do you help security teams understand what happened and what to do next? Data science can help with that. Serge-Olivier Paquette, CPO at threat intelligence and analytics platform Flare, combines product, cybersecurity, and data science expertise to develop cutting-edge products and experiences that help security teams make informed decisions.
In this episode:
The best explanation of data science you’ve ever heard.Why you need to skeptical of data science models.How to leverage data science to be more helpful to security teams.How to build trust—particularly when tools can increasing perform actions on behalf of users.Serge-Olivier Paquette is CPO at Flare, a cybersecurity platform that helps organizations proactively identify security threats. He works at the intersection of product management, data science, cybersecurity, and platform engineering. Serge-Olivier was previously tech lead and senior manager at Secureworks.
 

What do the terms digital identity and access mean for the user experience? David Mahdi, CIO at Transmit Security and digital identity and cybersecurity expert, breaks it all down in this episode.
We talk about:
Access-related terms you need to understand: Digital identity, authentication, and authorization.Why so many security problems are, in fact, access problems.User experience implications.The future of digital identity and what it might mean for your product and your users.David Mahdi is the CIO at Transmit Security, former Gartner research VP, and was previously CSO at Sectigo. An IAM leader and visionary, David is an expert in digital identity, cryptography, and cybersecurity. 

We start the episode discussing a very serious topic: emojis. Then we get back to your regularly scheduled programming.

How would you approach security if you were building something from scratch? How would you address security user experience challenges? Darren Thomas and Margaret Cunningham from Wethos AI talk about how they’ve built security into their product and how cross-disciplinary collaboration helps them improve the security user experience.

In this episode, we talk about:
How to build security into your product development lifecycle when you need move quickly.How to anticipate—and design for—security and privacy concerns.Why getting users to the product’s value faster and relates to the security user experience.Darren Thomas is the co-founder and Chief Product Officer at Wethos AI, a platform that helps people and teams connect and understand one another to improve both individual and team performance. Darren is also the founding team member and head of product at NumberOne AI. A veteran in product management within the security industry, Darren has previously worked at Tenable and McAfee.

Margaret Cunningham is an experimental psychologist and is Chief Scientist at Wethos AI. Previously, Margaret was Senior Staff Behavioral Engineer, Security & Privacy at Robinhood and Principal Research Scientist for Human Behavior at Forcepoint’s X-Lab. Check out the Margaret’s first interview on the Human-Centered Security podcast (Episode 9).