Log in or create a free Rosenverse account to watch this video.
Log in Create free account100s of community videos are available to free members. Conference talks are generally available to Gold members.
To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity
Summary
If you design digital products, you’re already influencing the security user experience—even if you don’t realize it. Your design choices impact how users handle security and privacy decisions. We live in an ecosystem where everything increasingly relies on the security of systems: from hospitals, to our water supply, to cars and robots. So the stakes are high: disruptions to these systems mean people can get hurt. Further, technology like AI agents—services that will know nearly everything about us and will take actions on our behalf—mean security and privacy are more important than ever. As a UX designer, you understand your product better than your users ever will. This gives you the power to protect users by developing safer systems. By the end of this talk, you’ll learn how to: Apply human-centered design principles to security: human-centered security. Identify key areas where security impacts users most. Understand the dynamics of the security ecosystem. Collaborate with your security UX allies. Ask better questions to balance security and usability. You’ll leave with a human-centered security framework that you and your team can use immediately. Start asking the right questions to improve security outcomes and keep people and systems safer.
Key Insights
-
•
Security means different things to different roles, making cross-disciplinary collaboration essential.
-
•
Users (Alice) often do not think about security until it directly interrupts their tasks.
-
•
Charlie personifies the security systems and communications users interact with; their unhelpfulness harms user trust.
-
•
Improving the relationship between Alice and Charlie is critical to enhancing security behaviors and outcomes.
-
•
Threat actors understand users and security systems better than many security teams do, exploiting weak points.
-
•
Onboarding and signup are crucial moments to influence secure user behaviors because users are motivated and captive.
-
•
Security messaging must balance clarity and avoiding fatigue caused by false positives or jargon.
-
•
AI-driven social engineering and deepfakes will make future attacks more convincing and harder to detect.
-
•
Designers should anticipate user objections and behaviors when creating security flows.
-
•
Clear standard protocols for unusual financial requests reduce vulnerability to phishing scams.
Notable Quotes
"Security means protecting business, productivity, safety."
"The user is the weakest link is an unhelpful and harmful perspective."
"You cannot improve security outcomes until you improve the relationship between Alice and Charlie."
"Threat actors can masquerade as Charlie to trick users like Alice."
"Most security work happens below the surface where users don’t need to think about it."
"If users have to look things up, they often won’t, so policies must be easy and fast to respond to."
"Onboarding is often fleeting, so influencing security behavior there has an outsized impact."
"With AI, phishing will get worse; attackers will craft messages users are more likely to believe."
"We need to get really good at strategy board games to outsmart threat actors."
"Clear outcomes and defined secure behaviors are better than vague goals like 'be more secure'."
Or choose a question:
More Videos
"Screen readers have two modes: browse mode for navigating content and focus mode to interact with form fields or apps."
Sam ProulxEverything You Ever Wanted to Know About Screen Readers
June 11, 2021
"Please put your questions inside the thread specific to the talk so we can keep everything organized."
Bria AlexanderOpening Remarks
November 17, 2022
"Layoffs are a collective trauma – it’s okay to acknowledge the emotions and grief you feel."
Corey Nelson Amy SanteeLayoffs
November 15, 2022
"Blaming the system for failures is like blaming the garden for not growing—the system is made by the people within it."
Milan GuentherA Shared Language for Co-Creating Ambitious Endeavours
June 6, 2023
"People will talk to customers whether you want them to or not. The question is how to make it a better experience."
Erin May Roberta Dombrowski Laura Oxenfeld Brooke HintonDistributed, Democratized, Decentralized: Finding a Research Model to Support Your Org
March 10, 2022
"The most important thing you can do is listen and watch and put assumptions aside about what is easy or hard."
Sam ProulxUnderstanding Screen Readers on Mobile: How And Why to Learn from Native Users
June 6, 2023
"When clients join us in the field and experience research deeply, they often become advocates who come back for more."
Mujtaba HameedThe new horizon of ethnography: using AI to unlock the full potential of in-person research
March 11, 2026
"The internet as the self-regulating market is a failed experiment."
Ilana LipsettAnticipating Risk, Regulating Tech: A Playbook for Ethical Technology Governance
December 10, 2021
"You own the design system, which gives you the unique ability to integrate that accessibility thinking into all of your components."
Samuel ProulxFrom Standards to Innovation: Why Inclusive Design Wins
September 10, 2025
Latest Books All books
Dig deeper with the Rosenbot
What are the benefits of using Rosenbot for both UX students and instructors?
How does including metadata like methodology, market, and date improve the quality of research repository search results?
What are best practices for onboarding and operationalizing UX research tools post-procurement to ensure adoption?