Security through design - Making security better by designing for people

Presented at BruCON 0x08 (2016), Oct. 27, 2016, 10:30 a.m. (60 minutes).

In this session we will explore why certain devices, pieces of software or companies lead us to utter frustration while others consistently delight us and put a smile on our face. With these insights in mind, we will explore how we typically create our security processes, teams and solutions. All too often we create something without properly understanding what our colleagues or customers are trying to achieve only to bombard them with awareness training and policies because they "just don't get it" and because "humans are the weakest link". We will look at user-centered design methods and concepts from other disciplines like economy, psychology or marketing that can help us to build security in a truly usable way not just our tools but also the way we setup our teams, the way we communicate and the way we align incentives. Every interaction with security is an opportunity to improve convenience and bring a smile to somebody's face. By understanding the impact of design, we can do a lot to improve corporate productivity and security itself.

Presenters:

  • Jelle Niemantsverdriet
    Jelle is a Director at Deloitte, specialising in Incident Response and has extensive experience in leading large international IR and Forensics projects across various industries worldwide. While previously working at Verizon he was one of the co-authors of the annual Data Breach Investigations Report. From his experience in dealing with incidents, he outlines how organisations can effectively build their security organisation. He passionately looks for analogies with other disciplines and tries to convey the view that security should truly enable the objectives of the business. He is a regular conference speaker and aims for lively and non-standard presentation content and style.

Links:

Similar Presentations: