Human-Centered Security

Dr. Nobles is a cybersecurity scientist and human factors practitioner with more than 25 years of experience. He retired from the U.S. Navy and currently works in the financial services industry. Dr. Nobles recently completed a Cybersecurity Policy Fellowship with the New America Think Tank in Washington, D.C.

In this episode we talk about:

• What human factors is and what a human factors engineer does.
• Chronic fatigue and stress in the cybersecurity industry.
• What approaches the aviation industry has taken to address the likelihood of human error.
• What leaders at organizations can do to embrace human factors and design systems that are "more favorable to humans."

Alex is the EY Americas Cybersecurity Lead for Secure Culture Activation. With a background in sports broadcasting and operational security, she is experienced in security communications and education, awareness program development, the psychology of social engineering, and behavior analytics. In her free time, she is a mother of three and she volunteers with law enforcement agencies and neighborhood organizations to educate community members, elder care organizations, children and parents on information security and social media safety.

During this episode, we’re focusing on what successful organizations are doing to manage risk. We talk about:

• Why it’s difficult for people to understand risk in the digital realm.
• Why taking the time to “brand” security at the organization is important.
• How organizations can foster an open dialogue around security to encourage engagement and lasting behavior changes.
• How field visits can be used to develop more effective solutions for awareness and behavior change.

Yan Grinshtein is an HCI and accessibility certified human-centered design leader, speaker, and mentor. Currently the head of design at HYPR, Yan has over 20 years of experience as a creative and design leader. He has worked on three different continents across four countries with companies ranging from Fortune 500 to startups, some of which have become multi-billion dollar companies today. You can follow Yan on Medium or Linkedin.

In this episode, we talk about:

• How to design better, more thoughtful solutions when users try to get around security.
• How conducting your own user research helps you question your team's assumptions and, even better, leads to product-defining insights.
• Why it's important to invest in the user experience of advanced/technical users (like administrators).

Christian Rohrer is Senior Director, User Experience at McAfee, returning to the company after a 5-year hiatus during which he was Founder and Principal at XD Strategy, a UX strategy consultancy, and former Vice President of Design, Research and Enterprise Services at Capital One. He has also led UX teams at Realtor.com, eBay, and Yahoo!. Christian holds a Bachelors in Computer Science from UC Santa Cruz and a Ph.D in Cognitive Science and Education from Stanford University.

Christian not only has a deep understanding of the complex cybersecurity ecosystem, he also appreciates the challenges in getting stakeholder buy-in to ensure the user experience is prioritized.

In this episode, we talk about:

• Human-centered design: what is it and why is it important? (we talk about Nielsen Norman Group co-founder and author of the Design of Everyday Things, Don Norman, who has a great video describing the principles of Human-Centered Design)
• The complicated cybersecurity ecosystem and the challenges it presents when designing user experiences. 
• How great user experiences in cybersecurity are "a human and a technology problem to solve."
• How to speak the language of stakeholders by using metrics, including the PURE Method, which Christian co-developed.

Christian Rohrer is Senior Director, User Experience at McAfee, returning to the company after a 5-year hiatus during which he was Founder and Principal at XD Strategy, a UX strategy consultancy, and former Vice President of Design, Research and Enterprise Services at Capital One. He has also led UX teams at Realtor.com, eBay, and Yahoo!. Christian holds a Bachelors in Computer Science from UC Santa Cruz and a Ph.D in Cognitive Science and Education from Stanford University.

Christian not only has a deep understanding of the complex cybersecurity ecosystem, he also appreciates the challenges in getting stakeholder buy-in to ensure the user experience is prioritized.

In this episode, we talk about:

• Human-centered design: what is it and why is it important? (we talk about Nielsen Norman Group co-founder and author of the Design of Everyday Things, Don Norman, who has a great video describing the principles of Human-Centered Design)
• The complicated cybersecurity ecosystem and the challenges it presents when designing user experiences. 
• How great user experiences in cybersecurity are "a human and a technology problem to solve."
• How to speak the language of stakeholders by using metrics, including the PURE Method, which Christian co-developed.

In this episode we talk about:

• What Kaliya describes as a new “layer” to the Internet to support decentralized identity, much like how html or email supported what came next.
• The importance of open standards.
• How to build a “digital wallet” paradigm that makes sense to people.
• What SSI means for businesses/business models.

Kaliya is the co-author of “Comprehensive Guide to Self-Sovereign Identity,” and author of “Domains of Identity.” She is also one of the co-founders of the Internet Identity Workshop, which brings together people to help develop open standards for ways people can own and control their digital representations of themselves.

Jim Nelson, Senior Security Consultant for Innovative Solutions, has been working with organizations to help raise their security posture based on their risk for the last 17 years.

In this episode, we talk about:

• How to reframe the security conversation so business owners understand that an investment in security is taking a proactive stance. Ultimately, you have to empathize with business owners.
• Why fear-based tactics may not be the best solution in getting people to care about security.
• Why it's so important to understand the business and its employees before establishing security controls.
• Expectations around security--customers just assume that their data is safe.

Gabriel has been studying human behavior for a long time. His first company, ObserveIT, an insider threat management platform recently acquired by Proofpoint, dealt with monitoring and reporting on out-of-policy employee behavior. Today, as the founder of Wizer, a security awareness training platform, Gabriel is focused on ensuring, as he put it, “security awareness is a basic human skill.” In fact, not only is Wizer’s training user-friendly and in digestible chunks, most of it is free.

In this episode, we talk about:

• Cybersecurity awareness training should start with stories, to connect with people and encourage them to take action.
• Cybersecurity awareness training should then focus on developing the skills that can be applied to a variety of scenarios (as Gabriel says, "we can't teach everything.").
• Make security easy--but roadblocks may necessary to get users to slow down and think.