Rosenverse

Log in or create a free Rosenverse account to watch this video.

Log in Create free account

100s of community videos are available to free members. Conference talks are generally available to Gold members.

To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity

Thursday, January 23, 2025 • Rosenfeld Community
Share the love for this talk
To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity
Speakers: Heidi Trost
Link:

Summary

If you design digital products, you’re already influencing the security user experience—even if you don’t realize it. Your design choices impact how users handle security and privacy decisions. We live in an ecosystem where everything increasingly relies on the security of systems: from hospitals, to our water supply, to cars and robots. So the stakes are high: disruptions to these systems mean people can get hurt. Further, technology like AI agents—services that will know nearly everything about us and will take actions on our behalf—mean security and privacy are more important than ever. As a UX designer, you understand your product better than your users ever will. This gives you the power to protect users by developing safer systems. By the end of this talk, you’ll learn how to: Apply human-centered design principles to security: human-centered security. Identify key areas where security impacts users most. Understand the dynamics of the security ecosystem. Collaborate with your security UX allies. Ask better questions to balance security and usability. You’ll leave with a human-centered security framework that you and your team can use immediately. Start asking the right questions to improve security outcomes and keep people and systems safer.

Key Insights

  • Security means different things to different roles, making cross-disciplinary collaboration essential.

  • Users (Alice) often do not think about security until it directly interrupts their tasks.

  • Charlie personifies the security systems and communications users interact with; their unhelpfulness harms user trust.

  • Improving the relationship between Alice and Charlie is critical to enhancing security behaviors and outcomes.

  • Threat actors understand users and security systems better than many security teams do, exploiting weak points.

  • Onboarding and signup are crucial moments to influence secure user behaviors because users are motivated and captive.

  • Security messaging must balance clarity and avoiding fatigue caused by false positives or jargon.

  • AI-driven social engineering and deepfakes will make future attacks more convincing and harder to detect.

  • Designers should anticipate user objections and behaviors when creating security flows.

  • Clear standard protocols for unusual financial requests reduce vulnerability to phishing scams.

Notable Quotes

"Security means protecting business, productivity, safety."

"The user is the weakest link is an unhelpful and harmful perspective."

"You cannot improve security outcomes until you improve the relationship between Alice and Charlie."

"Threat actors can masquerade as Charlie to trick users like Alice."

"Most security work happens below the surface where users don’t need to think about it."

"If users have to look things up, they often won’t, so policies must be easy and fast to respond to."

"Onboarding is often fleeting, so influencing security behavior there has an outsized impact."

"With AI, phishing will get worse; attackers will craft messages users are more likely to believe."

"We need to get really good at strategy board games to outsmart threat actors."

"Clear outcomes and defined secure behaviors are better than vague goals like 'be more secure'."

Ask the Rosenbot
Christopher Taylor Edwards
Design as a Team Practice, A Practical Guide to Cross-functional Collaboration
2021 • DesignOps Summit 2021
Gold
Sam Proulx
Online Shopping: Designing an Accessible Experience
2023 • Enterprise UX 2023
Gold
Jemma Ahmed
Theme Three Intro
2023 • Advancing Research 2023
Gold
Sam Proulx
Accessibility: An Opportunity to Innovate
2022 • Advancing Research 2022
Gold
Daniel Gloyd
Designing Warmth
2025 • Rosenfeld Community
Erin Weigel
Failure Friday #6: 90% of Everything I Do is Either Broken or Pointless
2025 • Rosenfeld Community
Deirdre Hirschtritt
Research is Only as Good as the Relationships You Build
2022 • Civic Design 2022
Gold
Sharon Bautista
Time to Make the Donuts: How User Research Helped Bridge Disparate Teams
2024 • Enterprise Experience 2020
Gold
Ben Reason
Making the system visible: The fastest path to better decisions
2025 • Advancing Service Design 2025
Gold
Sarit Geertjes
People, not Petri Dishes: Stories from a Research Recruiter
2019 • DesignOps Community
Feyikemi Akinwolemiwa
Play to innovate: How curiosity and experimentation transform UX
2026 • Advancing Research 2026
Gold
Jess Greco
Claiming your power: Practical tools for amplifying your unique voice
2025 • Advancing Research 2025
Gold
Kelly Goto
Emotion Economy: Ethnography as Corporate Strategy
2015 • Enterprise UX 2015
Gold
Jemma Ahmed
Theme 1 Intro
2026 • Advancing Research 2026
Gold
Ross Smith
Breaking Barriers with Empathy
2017 • Enterprise Experience 2017
Gold
Sam Proulx
To Boldly Go: The New Frontiers of Accessibility
2022 • Design at Scale 2022
Gold

More Videos

Sheri Byrne-Haber

"Getting something accessible is a straight line; keeping something accessible requires process change."

Sheri Byrne-Haber

Accessibility at Scale

June 9, 2021

Prayag Narula

"When UX researchers and product managers collaborate, the product speaks to users’ hearts."

Prayag Narula Hannah Hudson

Empowering Designers to do Good Research

March 11, 2022

Janelle Estes

"Don't be precious but don't be reckless either when opening research access to others."

Janelle Estes

UX Research Trends

January 28, 2021

Craig Brookes

"If you are spinning trying to make words work over and over, you likely have an interaction problem, not a word problem."

Craig Brookes Andreas Huebner Morgan Quinn

"Just Make it Look Good" and Other Ways We're Misunderstood

June 11, 2021

Marc Fonteijn

"Everyone goes through quite an extensive application process, but it was stress-free and informal."

Marc Fonteijn Ru Butler

Increase your confidence, influence, and impact (through a Professional Community)

December 3, 2024

Kate Towsey

"You cannot provide end-to-end service for every researcher, but you can deliver highly supported self-service — Kate Towsey."

Kate Towsey

The State of ResearchOps: More Than Just Theory

June 20, 2019

Alla Weinberg

"If I make a mistake on our team, it’s not gonna be held against me; my team won’t disconnect from me."

Alla Weinberg

Design Teams Need Psychological Safety: Here’s How to Create It

September 9, 2022

Shawna Hein

"Our digital experience group acts like hosts and planners making sure veterans sit down to a cohesive, inclusive meal, not just disparate dishes."

Shawna Hein Kevin Hoffman

Create a Cohesive Civic Design Practice Across Agency, Vendors, and Contracts

November 17, 2022

Tricia Wang

"You have to find mentors and sponsors who leverage their privilege to help you get as far as possible."

Tricia Wang

SCALE: Discussion

June 15, 2018