Rosenverse

Log in or create a free Rosenverse account to watch this video.

Log in Create free account

100s of community videos are available to free members. Conference talks are generally available to Gold members.

To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity
Thursday, January 23, 2025 • Rosenfeld Community
Share the love for this talk
To Protect People, You Have to Protect Information: A Human-Centered Design Approach to Cybersecurity
Speakers: Heidi Trost
Link:

Summary

If you design digital products, you’re already influencing the security user experience—even if you don’t realize it. Your design choices impact how users handle security and privacy decisions. We live in an ecosystem where everything increasingly relies on the security of systems: from hospitals, to our water supply, to cars and robots. So the stakes are high: disruptions to these systems mean people can get hurt. Further, technology like AI agents—services that will know nearly everything about us and will take actions on our behalf—mean security and privacy are more important than ever. As a UX designer, you understand your product better than your users ever will. This gives you the power to protect users by developing safer systems. By the end of this talk, you’ll learn how to: Apply human-centered design principles to security: human-centered security. Identify key areas where security impacts users most. Understand the dynamics of the security ecosystem. Collaborate with your security UX allies. Ask better questions to balance security and usability. You’ll leave with a human-centered security framework that you and your team can use immediately. Start asking the right questions to improve security outcomes and keep people and systems safer.

Key Insights

  • Security means different things to different roles, making cross-disciplinary collaboration essential.

  • Users (Alice) often do not think about security until it directly interrupts their tasks.

  • Charlie personifies the security systems and communications users interact with; their unhelpfulness harms user trust.

  • Improving the relationship between Alice and Charlie is critical to enhancing security behaviors and outcomes.

  • Threat actors understand users and security systems better than many security teams do, exploiting weak points.

  • Onboarding and signup are crucial moments to influence secure user behaviors because users are motivated and captive.

  • Security messaging must balance clarity and avoiding fatigue caused by false positives or jargon.

  • AI-driven social engineering and deepfakes will make future attacks more convincing and harder to detect.

  • Designers should anticipate user objections and behaviors when creating security flows.

  • Clear standard protocols for unusual financial requests reduce vulnerability to phishing scams.

Notable Quotes

"Security means protecting business, productivity, safety."

"The user is the weakest link is an unhelpful and harmful perspective."

"You cannot improve security outcomes until you improve the relationship between Alice and Charlie."

"Threat actors can masquerade as Charlie to trick users like Alice."

"Most security work happens below the surface where users don’t need to think about it."

"If users have to look things up, they often won’t, so policies must be easy and fast to respond to."

"Onboarding is often fleeting, so influencing security behavior there has an outsized impact."

"With AI, phishing will get worse; attackers will craft messages users are more likely to believe."

"We need to get really good at strategy board games to outsmart threat actors."

"Clear outcomes and defined secure behaviors are better than vague goals like 'be more secure'."

Previous video
Surprise me
Next video
Ask the Rosenbot

Or choose a question:

How do different roles in an organization perceive security and why does that matter?
What is the relationship between users and security systems in terms of user experience?
Why is onboarding a critical moment for influencing user security behaviors?
How can security messaging be designed to avoid overwhelming or misleading users?
What role do threat actors play in exploiting weaknesses in security user experience?
Prayag Narula
Empowering Designers to do Good Research
2022 • Advancing Research 2022
Gold
Darian Davis
Lessons from a Toxic Work Relationship
2024 • Enterprise Experience 2020
Gold
Matt Webb
Context Window: Five Futures for AI
2025 • Designing with AI 2025
Gold
Louis Rosenfeld
Opening Remarks
2023 • DesignOps Summit 2023
Gold
Ariel Kennan
Theme 2 Intro
2021 • Civic Design 2021
Gold
Michelle Morrison
Practice What You Preach
2024 • DesignOps Summit 2020
Gold
Anupama Dhareshwar
From blueprint to bot: Designing resilient AI-powered services
2025 • Advancing Service Design 2025
Conference
Farid Sabitov
Automatization for Large Enterprise Teams
2024 • DesignOps Summit 2020
Gold
Suzan Bednarz
AccessibilityOps for All
2024 • DesignOps Summit 2020
Gold
Allison Sanders
Operating with Purpose
2024 • DesignOps Summit 2020
Gold
Dan Willis
Enterprise Storytelling Sessions
2019 • Enterprise Experience 2019
Gold
Ted Booth
Discussion
2016 • Enterprise UX 2016
Gold
Nick Cochran
Growing in Enterprise Design through Making Connections
2019 • Enterprise Community
Shipra Kayan
Emerging principles for using AI in Design: What the product design team at Miro has learned from deeply integrating AI in their workflow
2025 • Designing with AI 2025
Gold
Dan Willis
Enterprise Storytelling Sessions
2018 • Enterprise Experience 2018
Gold
Russ Unger
Onboarding: The Ecosystem, not the Afterthought
2017 • DesignOps Summit 2017
Gold

More Videos

Doug Powell

"The user experience will allow us to win."

Doug Powell

Closing Keynote: Design at Scale

November 8, 2018

Mila Kuznetsova

"Middle schoolers might ask you tough questions about release forms and how their data will be used."

Mila Kuznetsova Lucy Denton

How Lessons Learned from Our Youngest Users Can Help Us Evolve our Practices

March 9, 2022

Sarah Gallimore

"In Toronto it’s now illegal to transmit a Wi-Fi signal in designated public spaces, with penalties for violations—a policy driven by people wanting to unplug from digital life."

Sarah Gallimore

Inspire Progress with Artifacts from the Future

November 18, 2022

Lada Gorlenko

"Stakeholders start demanding better digital experiences at work because they expect the same quality they have at home."

Lada Gorlenko Sharbani Dhar Sébastien Malo Rob Mitzel Ivana Ng Michal Anne Rogondino

Theme 1: Discussion

January 8, 2024

Alnie Figueroa

"Nobody can predict where we’re going, but we can choose to shape the future."

Alnie Figueroa

The Future of Design Operations: Transforming Our Craft

September 10, 2025

Landon Barnes

"Research is not as easy as putting on a shoe and just doing it; it requires careful consideration and alignment with imperatives."

Landon Barnes

Are My Research Findings Actually Meaningful?

March 10, 2022

Emily Eagle

"In public radio, your listener can’t rewind. We have to design for thoughtful user progression."

Emily Eagle

Can't Rewind: Radio and Retail

June 3, 2019

Malini Rao

"Legacy applications linger because changing them is risk-ridden and a major undertaking."

Malini Rao

Lessons Learned from a 4-year Product Re-platforming Journey

June 9, 2021

Asia Hoe

"Building rapport and rituals helped our remote team foster camaraderie and trust."

Asia Hoe

Partnering with Product: A Journey from Junior to Senior Design

November 29, 2023

Latest Books All books

The Staff Designer

The Staff Designer

Grow, Influence, and Lead as an Individual Contributor

By Catt Small

December 2025

Design for Privacy

Design for Privacy

Keeping Personal Information Private

By Robert Stribley

November 2025

Service Design (2nd edition)

Service Design (2nd edition)

From Insight to Implementation

By Lavrans Løvlie, Ben Reason, Andy Polaine

October 2025

The Game Development Strategy Guide

The Game Development Strategy Guide

Crafting Modern Video Games That Thrive

By Cheryl Platz

September 2025

Stop Wasting Research

Stop Wasting Research

Maximize the Product Impact of Your Organization's Customer Insights

By Jake Burghardt

June 2025

We Need to Talk

We Need to Talk

A Survival Guide for Tough Conversations

By Joshua Graves

April 2025

Human-Centered Security

Human-Centered Security

How to Design Systems That Are Both Safe and Usable

December 2024

The Design Conductors

The Design Conductors

Your Essential Guide to Design Operations

October 2024

Research That Scales

Research That Scales

The Research Operations Handbook

By Kate Towsey

September 2024

The User Experience Team of One (2nd Edition)

The User Experience Team of One (2nd Edition)

A Research and Design Survival Guide

By Leah Buley, Joe Natoli

August 2024

Design for Impact

Design for Impact

Your Guide to Designing Effective Product Experiments

By Erin Weigel

June 2024

Managing Priorities

Managing Priorities

How to Create Better Plans and Make Smarter Decisions

By Harry Max

May 2024

Duly Noted

Duly Noted

Extend Your Mind through Connected Notes

By Jorge Arango

January 2024

Design That Scales

Design That Scales

Creating a Sustainable Design System Practice

By Dan Mall

November 2023

Interviewing Users (2nd Edition)

Interviewing Users (2nd Edition)

How to Uncover Compelling Insights

By Steve Portigal

October 2023

Dig deeper with the Rosenbot

What are examples of AI failures that highlight the need for bias testing and regulation?

What are effective methods to create feedback loops between strategy, orchestration, and implementation teams?

How does the second edition of the service design book address the relationship between service design and digital products?