Carlie Hundt and Devon Hirth believe a UX designer’s role is to “lift up the voices of the people trying to access and use government services.” Trust is really important. How do we build trust through the user experience, particularly when you are asking for personal information? In this episode, we talk about: Leveraging storytelling to “share wi…

When thinking about building products for security teams, we often emphasize the technical side: reduced false positives, new detection techniques, and automation. But what about asking things like: how do security teams work together? What excites a security analyst about their job? How can we help them do more of that? What does the experience lo…

Are you inadvertently designing a security user experience that makes it less likely your users will choose the most secure option for them? Are security-related roadblocks preventing people from using your service? In order to design inclusive experiences—including accessible experiences—you must include users with disabilities in your research. I…

How do you help security teams understand what happened and what to do next? Data science can help with that. Serge-Olivier Paquette, CPO at threat intelligence and analytics platform Flare, combines product, cybersecurity, and data science expertise to develop cutting-edge products and experiences that help security teams make informed decisions. …

What do the terms digital identity and access mean for the user experience? David Mahdi, CIO at Transmit Security and digital identity and cybersecurity expert, breaks it all down in this episode. We talk about: Access-related terms you need to understand: Digital identity, authentication, and authorization. Why so many security problems are, in fa…

We start the episode discussing a very serious topic: emojis. Then we get back to your regularly scheduled programming. How would you approach security if you were building something from scratch? How would you address security user experience challenges? Darren Thomas and Margaret Cunningham from Wethos AI talk about how they’ve built security int…

When your website says, “we value your privacy,” how do users interpret that statement? How do they experience “privacy” in your product? What messages are you conveying--perhaps unintentionally? Privacy expert Michelle Finneran Dennedy helps designers think about privacy in the context of the user experience. In this episode, we talk about: What d…

Designing for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to stay ahead of threat actors. In other words, what may have bee…

UX folks are great at asking questions about AI and that’s exactly what we do in this episode. But “questions” sounds boring so we gave the set of questions a fancy name: a UX of AI framework. UX researcher John Robertson describes the UX of AI framework he and his team helped build. In this episode, we talk about: The importance of a human-centere…

If there’s one thing both UX teams and security teams can empathize with each other on is being involved too late in the development process. Ali Cuthbertson and Jason Telner realized that it wasn’t enough for teams to embrace the need for UX and security—they needed a method for integrating them into their agile development processes. Throughout t…

Ever wonder what it’s like to design enterprise cybersecurity software? Tom Keenoy, a design leader for a cybersecurity company, explains why what you learned in design school may not apply when you’re building software for specialized power users (think: security analysts, IT administrators, devops). How do you get up-to-speed when designing for c…

Ever encountered a CAPTCHA and thought to yourself, “whoever decided to put this here must really hate people”? It turns out, the people who make the decisions to use CAPTCHAs hate them as much as you do. Jason Puglisi, an application security engineer, describes what teams like his think about when evaluating potential solutions to a security issu…

In this episode, we talk about: Questions you should be asking to uncover information security threats early on in the design process. How to account for human behavior in a structured way as part of threat modeling (spoiler: this is not so different from what you are doing now). How to collaborate with an interdisciplinary team as part of an itera…

In this episode we talk about: How designing for security is different from (and the same as) designing for other types of experiences. How to tackle aspects of the user experience that may be necessary but are perceived as annoying roadblocks. How to anticipate where things might go wrong for the user. How to effectively collaborate with technical…

In this episode, we talk about: How do you tackle situations where business goals might be at odds with what’s ethical or what’s best for the human using the product? How can designers make a difference even if they don’t have a leadership role at their organization? How do you anticipate potentially unhealthy behaviors or unintended consequences? …

How do the UX, product, and technology teams effectively collaborate when it comes to security? How do we, as part of the UX team, take part in the security conversations and what role do we play? In this episode, we talk about: How Michael’s user research for dating apps helped him understand the unintended consequences of digital products on our …

In this episode, we talk about: Where the fields of cognitive psychology, security, and user experience meet. Why Jeremiah and his team chose to investigate graphical authentication. How they cleverly incorporated testing both usability and security in their two-part study. The importance of research around learnability: is it easy for users to lea…

In this episode, we talk about: Why technical users expect a great user experience just like everyone else. How to find and incentivize participants who are extremely busy. How to support users in making a decision without telling them what to do. Deciding what data to show and how to show it. Tanja Venborg Hansen is a seasoned user researcher who …

In this episode, we talk about: What is responsible innovation and where can companies get started? How can companies take guiding principles, establish a framework, and operationalize that framework in a way that “informs decision-making in a meaningful way”? How are regulations impacting responsible innovation programs? What happens when an organ…

In this episode, we talk about: Why security UX requires “selective usability” and how that poses unique challenges for designers. Thinking about security in terms of safety systems: putting the burden on the system rather than on the user. How to work effectively with the security team. And Jared shares lots of examples. Jared Spool is the founder…

In this episode, we talk about: What’s next for the cybersecurity awareness industry. How to leverage qualitative and quantitative metrics (with similar challenges and opportunities to measuring the user experience). How to go about understanding and changing your organization’s cybersecurity culture. Kate Brett Goldman is the Founder and CEO of Cy…

In this episode we talk about: Building a system in a way that, as Ira says, “a user cannot initiate a loss” What designers need to know about prevention, detection, and reaction when it comes to security What we can learn from safety science How designers can get a seat at the table when it comes to human security engineering Ira Winkler is the fo…

In this episode we talk about: The security risks associated with IoT devices. Why IoT devices can be less secure than, for example, a mobile device. Supply chain security. How UX designers can more effectively communicate risk to their users. Prior to founding Finite State, Matt spent 15 years leading the research and development of advanced solut…

In this episode, we talk about: How anthropology can help security teams uncover the “why” behind security breaches. Why it’s important for designers to familiarize themselves with information security risk management. What designers should know about quality assurance applied to security. How to fight for the time needed to build security into pro…

In this episode, we talk about: Why human factors is important when it comes to cybersecurity and why it’s still a relatively unexplored topic. The importance of communication and empathy in cybersecurity. Dr. Robinson’s research around low and medium vulnerabilities—and how their potential use in combination warrants additional attention. Dr. Robi…

During this episode, we talk about: How an insider threat at her own company led Robin into cybersecurity. Why looking at the human side of errors and using a framework like HFCAS can help identify the root cause of the problem. How Robin’s research challenges the idea that “humans are the weakest link.” How HFACS can be applied to cybersecurity’s …

In this episode, we talk about: How security experts can more effectively communicate with end users. The issue of delayed consequences in the digital realm and how that impacts how people behave. The role accountability plays in improving information security. Ryan Cloutier is the principal security consultant for SecurityStudio. He is an experien…

In this episode we talk about: Thinking about cybersecurity risk from a UX practitioner’s perspective. Balancing ease of use while not introducing unnecessary risk. Building personas and scenarios for bad actors so you can make conscious decisions about how controls might be circumvented. The importance of content strategy and collaborating with UX…

During this episode, we talk about: Why looking for a silver bullet for cybersecurity is hopeless. Like any human issue, it is a multi-dimensional and complex. Expectations versus outcomes: how we must take into account how “things will play out when you involve people.” "Changing how people think and behave is complicated, non-linear, painstaking,…

Laura Nespoli is founder of Meshin Movement, a brand strategy consultancy. Laura has spent her career serving as a strategic problem-solver and brand storyteller across the sales marketing spectrum in many facets--from agency to client-side, media to creative, market research to integrated marketing planning. Her professional focus is in helping br…

Dr. Margaret Cunningham is an experimental psychologist and the Principal Research Scientist for Human Behavior at Forcepoint’s X-Lab. In this role, she serves as the behavioral science subject matter expert in an interdisciplinary security team driving the development of human-centric security solutions. Previously, she supported the Human Systems…

Brian Murphy, a security specialist at GreyCastle Security, is a technology, information security, and risk management professional. He assists with the development and implementation of cybersecurity solutions for a variety of industries. Brian has knowledge of PCI, SOX, GLBA compliance requirements, as well as ISO and NIST standards and regulatio…

Dr. Nobles is a cybersecurity scientist and human factors practitioner with more than 25 years of experience. He retired from the U.S. Navy and currently works in the financial services industry. Dr. Nobles recently completed a Cybersecurity Policy Fellowship with the New America Think Tank in Washington, D.C. In this episode we talk about: What hu…

Alex is the EY Americas Cybersecurity Lead for Secure Culture Activation. With a background in sports broadcasting and operational security, she is experienced in security communications and education, awareness program development, the psychology of social engineering, and behavior analytics. In her free time, she is a mother of three and she volu…

Yan Grinshtein is an HCI and accessibility certified human-centered design leader, speaker, and mentor. Currently the head of design at HYPR, Yan has over 20 years of experience as a creative and design leader. He has worked on three different continents across four countries with companies ranging from Fortune 500 to startups, some of which have b…

Christian Rohrer is Senior Director, User Experience at McAfee, returning to the company after a 5-year hiatus during which he was Founder and Principal at XD Strategy, a UX strategy consultancy, and former Vice President of Design, Research and Enterprise Services at Capital One. He has also led UX teams at Realtor.com, eBay, and Yahoo!. Christian…

In this episode we talk about: What Kaliya describes as a new “layer” to the Internet to support decentralized identity, much like how html or email supported what came next. The importance of open standards. How to build a “digital wallet” paradigm that makes sense to people. What SSI means for businesses/business models. Kaliya is the co-author o…

Jim Nelson, Senior Security Consultant for Innovative Solutions, has been working with organizations to help raise their security posture based on their risk for the last 17 years. In this episode, we talk about: How to reframe the security conversation so business owners understand that an investment in security is taking a proactive stance. Ultim…

Gabriel has been studying human behavior for a long time. His first company, ObserveIT, an insider threat management platform recently acquired by Proofpoint, dealt with monitoring and reporting on out-of-policy employee behavior. Today, as the founder of Wizer, a security awareness training platform, Gabriel is focused on ensuring, as he put it, “…