Rosenverse

Log in or create a free Rosenverse account to watch this video.

Log in Create free account

100s of community videos are available to free members. Conference talks are generally available to Gold members.

To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity
Thursday, January 23, 2025 • Rosenfeld Community
Share the love for this talk
To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity
Speakers: Heidi Trost

Summary

If you design digital products, you’re already influencing the security user experience—even if you don’t realize it. Your design choices impact how users handle security and privacy decisions. We live in an ecosystem where everything increasingly relies on the security of systems: from hospitals, to our water supply, to cars and robots. So the stakes are high: disruptions to these systems mean people can get hurt. Further, technology like AI agents—services that will know nearly everything about us and will take actions on our behalf—mean security and privacy are more important than ever. As a UX designer, you understand your product better than your users ever will. This gives you the power to protect users by developing safer systems. By the end of this talk, you’ll learn how to: Apply human-centered design principles to security: human-centered security. Identify key areas where security impacts users most. Understand the dynamics of the security ecosystem. Collaborate with your security UX allies. Ask better questions to balance security and usability. You’ll leave with a human-centered security framework that you and your team can use immediately. Start asking the right questions to improve security outcomes and keep people and systems safer.

Key Insights

  • Security user experience (UX) has significant implications for personal safety and operational integrity.

  • Collaboration across disciplines—UX design, engineering, compliance, and security—is necessary for effective security practices.

  • Users often have different definitions and perceptions of security that need to be understood by designers and security professionals.

  • Alice (user persona) represents the end user who often finds security measures cumbersome or confusing.

  • Charlie (personification of security systems) embodies the frustration users feel when interacting with security protocols.

  • Threat actors possess a deep understanding of user weaknesses and often have better insight into user behaviors than the designers themselves.

  • Effective security measures should be integrated seamlessly into user experiences to minimize disruption.

  • Initial stages like onboarding and signup are critical for shaping long-term user security practices.

  • Clear language and communication strategies are essential to help users navigate security complexities.

  • User education about security is paramount, especially given the increasing sophistication of threats.

Notable Quotes

"I have become even more worried about the state of the security user experience and the impact that it may have on all of us."

"We all need to collaborate to understand the complex security ecosystem and improve security outcomes."

"When security impacts the user experience, that's where Alice meets Charlie."

"The dynamic between Alice and Charlie is really important."

"If Alice doesn't believe Charlie, she's going to resent him."

"We're often unhelpful, right? The way that Charlie comes across is complicated."

"You cannot improve security outcomes until you improve the relationship between Alice and Charlie."

"Threat actors are constantly adapting, and we need to be as good as them at understanding the dynamics of security and users."

"We have to understand that dynamic in order to improve security outcomes."

"Saying we want to be more secure is not enough. What are the behaviors that lead to more secure?"

More Videos

Robin Beers

"What’s actionable is what makes my client look good, what gives them confidence."

Robin Beers Sonja Bobrowska Mujtaba Hameed Josh Morales

How to create actionable insight in the face of politics and silos [Advancing Research Community Workshop Series]

October 12, 2023

Sarah Barrett

"It's critical to evaluate AI outputs; otherwise, we operate based on gut feelings."

Sarah Barrett

AI in Real Life: Using LLMs to Turbocharge Microsoft Learn

February 13, 2025

Dan Mall

"I'm not a content expert, I like working with folks who have that specialty."

Dan Mall

“Ask Me Anything” with Dan Mall, Author of Upcoming Rosenfeld Title, Design that Scales

October 2, 2023

Bassel Deeb

"We should never forget that design ops is often seen as a cost unit."

Bassel Deeb Will Osborn

Do More With Less: Equip and Lead Design Orgs Through Adversity

October 2, 2023

Sam Proulx

"The accessible solution is often the better solution for everyone"

Sam Proulx

Accessibility: An Opportunity to Innovate

November 16, 2022

"I feel like I play more of a chief of staff type role nowadays."

Panel Discussion: Communicating the Value of DesignOps

November 7, 2018

Laura Schaefer

"Don’t be afraid to keep knocking on their door."

Laura Schaefer

DesignOps: A Conduit for Inclusion

September 9, 2022

Frances Yllana

"Design ops is essential in helping creative teams pivot and adapt effectively."

Frances Yllana

DesignOps–Leading the Path to Parity

April 27, 2023

Liam Thurston

"A surprising part of managing is chasing the right conditions for results and retention."

Liam Thurston

Why Your Design Team Is Quitting, And How To Fix It

June 10, 2022