what security can learn from design
play

What Security can learn from Design (An Intro to Design Thinking) - PowerPoint PPT Presentation

Jan 30, 2023 •949 likes •1.42k views

What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv We are Nguyet & Doug

  1. What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv

  2. We are Nguyet & Doug Collectively, we have lived in and analyzed the worlds of Design and Security for a combined 36 years .

  3. Let us know if this sounds familiar: You must challenge the status quo to succeed ● You spend a lot of time examining unusual and unintended ● behaviors Despite amazing technology, success is often dependent on a few ● skilled humans Your area of expertise is often an afterthought at a lot of companies ● You are much more effective if included at the beginning of the ● process

  4. Hypothesis Security is the Yin to Design’s Yang

  5. Reframing Security is a design problem “Reframe problems - there are a number of very well known cognitive biases that can limit our thinking and restrict our choices. Indeed, studies have even shown that the way we frame things can play a significant part in whether we get started or procrastinate. By reframing our problems we can often look at situations in a new light and come up with much better solutions to them.” Adi Gaskell - 5 Steps To Help You To Design Your Life https://www.forbes.com/sites/adigaskell/2016/09/16/5-steps-to-help-you-to-design-your-life/

  6. Reframing If you solve security problems for people , You are a designer

  7. But wait. I can’t draw. I don’t do graphics. How am I a designer?

  8. Design isn’t just UX or UI, or about colors, fonts, and images. It’s about problem solving.

  9. “Everyone is a designer. Not everyone is a good designer. Everyone can become a better designer.” -Jared Spool

  10. How might we improve security solutions by applying insights from the design industry? What are the tools and techniques that Security can Learn from Design ?

  11. Phases of Design Thinking according to Stanford Design School

  12. What is Design Thinking?

  13. WHAT IS DESIGN THINKING ? Solution Human-Centered Design ( Business ) Viability Starts here Successful solutions start with human desires. ( Technology ) Desirability The best solutions emerge at Feasibility ( Human ) the intersection of these three lenses.

  14. WHAT IS DESIGN THINKING ? IBM The Loop OBSERVE REFLECT MAKE

  15. WHAT IS DESIGN THINKING ? IDEO Inspiration Ideation Implementation Credit: IDEO

  16. WHAT IS DESIGN THINKING ? Stanford School of Design Build representations of one idea Ideate Empathize Test and gain user feedback Define Prototype Learn about Brainstorm the users and create Test solutions Sharpen key questions

  17. The Methodology UNDERSTAND DEFINE IDEATE PROTOTYPE TEST

  18. This is not a linear process UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  19. WHAT IS DESIGN THINKING ? A set of activities All of these methods suggest sets of activities that a team can work through to define problems, brainstorm, and build consensus on a solution. Talk prototype with CapSec DC members

  20. Design Thinking Activities More constructed according to the needs of the workshop. This framework is flexible, and can be done in 1 week, 1 or 2 days or half day according to your needs. 2 hour Half day 1 day One week

  21. UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  22. Understand Understanding is gaining an empathic insight into the people you’re designing for and the challenges they are experiencing.

  23. UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  24. Define Defining is unpacking the findings from your Understand phase into needs and insights. And then turning those needs into problem statements.

  25. UNDERSTAND PROTOTYPE IDEATE IDEATE DEFINE DEFINE TEST

  26. Ideate Ideating is generating a large number of ideas. Not perfect ideas, but lots of potential answers and solutions. No judgement . No evaluation. This is the time to let imaginations run wild!

  27. UNDERSTAND PROTOTYPE IDEATE DEFINE DEFINE TEST

  28. Prototype Prototyping is making your ideas real so that you can communicate them. It pushes your understanding of what’s possible. This is about learning, not about getting it right the first time.

  29. UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  30. Test Testing your prototype is putting it in the hands of the right people to gather feedback and maximize your learning.

  31. UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  32. Real life feelings Stefanie Di Rossi - https://ithinkidesign.wordpress.com/2012/01/18/a-brief-history-of-design-thinking-the-theory-p1/

  33. How can we apply this in the security field?

  34. Does this sounds familiar, round 2 You are told to implement a technology ● The “problem” is based on what’s affordable or available ● Implement dictated solution instead of exploring ideas ● End up with frustration and unhappy users ●

  35. UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  36. Understand Are you identifying with people in your organization? Did you get diverse input from different sources? Define Are you tackling solvable problems? If not, can you reframe them? Ideate Don’t just accept the first idea. Conduct structured brainstorming. Prototype Are you trying out ideas small before you go big? Are you getting feedback before committing to final solution? Test Are you testing with your users and listening to feedback? Are you solving the right problem?

  37. Red Teaming Design Thinking: Risks and Assumptions ● How can we use this on the problems we face? ● Design Thinking needs to work with other systems ● Design Thinking doesn’t work for every challenge

  38. Prototyping Design Thinking to Evolve ● You can point to leaders who are trying this ● You can start small (a prototype) and grow as you empower people ● You can ally with people trained in Design and work alongside them.

  39. How to get started Talk to the people affected by the choices you make. ● Engage your team and embrace different points of view ● Seek out designers in your organization & include them ● Participate in Design Thinking workshops at your company ● Hire Design Facilitators ● Use the process on yourself! ●

  40. Remember, You are a designer.

  41. This is just the beginning of our journey. We thank you for taking it with us. TEST

  42. Design Thinking Workshop Friday at 9:15 am - 10:45 am Lowther Room LIMITED CAPACITY

  43. Thank you! Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptics, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv

  44. Resources for further learning Stanford “D” School: https://dschool.stanford.edu/resources IBM: https://www.ibm.com/design/thinking/page/framework Ideo: https://designthinking.ideo.com/ & http://www.designkit.org/ Google Ventures Design Sprint: https://www.gv.com/sprint/ Design thinking origin story plus some of the people who made it all happen How I stopped Worrying and Learned to Love Design Thinking - Christina Wodtke

  45. Resources for further learning Books: The Sprint Book by Jake Knapp - https://www.thesprintbook.com/ Designing Your Life by Bill Burnett & Dave Evans: https://designingyour.life/ Ruined by Design by Mike Monteiro: https://www.ruinedby.design/

Recommend

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv INTRO / Who We Are We are Nguyet & Doug Collectively,

634 views • 39 slides
Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen

Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen

Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen michael.boelen@cisofy.com Nijmegen, 2016-05-10 Meetup: Linux Usergroup Nijmegen Goals 1. Perform a security audit 2. Learn what to protect 3. Determine why 2 Agenda

558 views • 52 slides
Systems Security Final Class! (SysSec) Systems Security - Spring 2020 So what did I learn?

Systems Security Final Class! (SysSec) Systems Security - Spring 2020 So what did I learn?

Systems Security Final Class! (SysSec) Systems Security - Spring 2020 So what did I learn? Experiences Learned concepts covered in class in a hands-on virtual environment Extra competition to gain additional insight Lockdown v8!

496 views • 13 slides
Learn Blackboard Learn Learn with others Learn in your own time, pace, space Learn through

Learn Blackboard Learn Learn with others Learn in your own time, pace, space Learn through

Learn Blackboard Learn Learn with others Learn in your own time, pace, space Learn through designing for teaching Learn with others 1. Black Swan Conferences Hear The bigger picture Higher Education Blackboard UWA Experience

478 views • 16 slides
Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about

Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about

CS 166: Information Security Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about information security? Computer Security in the News Computer Crime for Fun & Profit Attackers have gone from

942 views • 48 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy & Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012 1 Content of Todays Lecture Summary and Wrap up on Security Terminology The Fundamental Dilemma of Security Five Design Principles

801 views • 25 slides
Basic Relational Design "The key, the whole key, and nothing but the key." 1 / 16

Basic Relational Design "The key, the whole key, and nothing but the key." 1 / 16

Basic Relational Design "The key, the whole key, and nothing but the key." 1 / 16 Basic Relational Design In a future series of lectures well learn relational design in detail For now well learn a semi-formal approach to

842 views • 16 slides
Chapter 15 To learn how to throw exceptions To be able to design your own exception

Chapter 15 To learn how to throw exceptions To be able to design your own exception

Chapter Goals Chapter 15 To learn how to throw exceptions To be able to design your own exception Exception Handling classes To understand the difference between checked and unchecked exceptions To learn how to catch exceptions

360 views • 11 slides
Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security Good user experience design and good security cannot exist without each other Everyone deserves to be secure without being experts We need to

1.34k views • 112 slides
How to make a fruit crumble. Design Make - Evaluate This week we are going to learn about the

How to make a fruit crumble. Design Make - Evaluate This week we are going to learn about the

How to make a fruit crumble. Design Make - Evaluate This week we are going to learn about the design process. Almost all things that we use in life have been designed, that includes the processed food products we buy. A problem is

649 views • 8 slides
Informa(on Security Fundamentals: What We Learn When We Listen EVAN FRANCEN,

Informa(on Security Fundamentals: What We Learn When We Listen EVAN FRANCEN,

Informa(on Security Fundamentals: What We Learn When We Listen EVAN FRANCEN, PRESIDENT & CO-FOUNDER - FRSECURE MARCH 17, 2015 In Informa( orma(on on S Secu ecurit rity Fu y Fundamen

695 views • 32 slides
Learning to learn Aim To be able to design activities where people can become better

Learning to learn Aim To be able to design activities where people can become better

INF 3280 22 Feb 2017 Learning to learn Aim To be able to design activities where people can become better learners of IT Input for Assignment 3 Core literature: Textbook chapter 5 Additional literature Grigoreanu

400 views • 14 slides
Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security

Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security

www.geogrid.org Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security Security Yoshio Tanaka National Institute of Advanced Industrial Science and Technology (AIST) Japan 1 www.geogrid.org W hat is the

463 views • 18 slides
Learn more Do more Be more Learn more Do more Be more UNITY Learn more Do

Learn more Do more Be more Learn more Do more Be more UNITY Learn more Do

Learn more Do more Be more Learn more Do more Be more UNITY Learn more Do more Be more Key Staff linked to Year 7 Mrs Angela Haynes Mrs Louisa Smith Head of Year 7 Year 7 PSM Ms Leyla Mrs Julia Emmel Bilsborough

736 views • 27 slides
ECE 3574: Applied Software Design Event Driven Programming Today we will learn how to design

ECE 3574: Applied Software Design Event Driven Programming Today we will learn how to design

ECE 3574: Applied Software Design Event Driven Programming Today we will learn how to design systems that respond to internal and external events in an application. Events and Event Handlers Events from Windowing System Timers and

527 views • 13 slides
Powerful Slam Dunks: Get that Construction or Design Job Agenda Preparation Learn what

Powerful Slam Dunks: Get that Construction or Design Job Agenda Preparation Learn what

Powerful Slam Dunks: Get that Construction or Design Job Agenda Preparation Learn what the City needs Study how the City does it Be ready for your Opportunity Practice Work on your dunks Get coached up Learn from

430 views • 30 slides
OPG Leadership Series Solaris Security Design Kickoff, Considerations September, 2005 Casper

OPG Leadership Series Solaris Security Design Kickoff, Considerations September, 2005 Casper

OPG Leadership Series Solaris Security Design Kickoff, Considerations September, 2005 Casper Dik Sun Microsystems, Inc. Solaris Security Design Principles Or how ten years changed my perspective on security History of fixes and hardening

581 views • 37 slides
Biology is the Science of Security Stephanie Forrest UNM and Santa Fe Institute March, 2008

Biology is the Science of Security Stephanie Forrest UNM and Santa Fe Institute March, 2008

Biology is the Science of Security Stephanie Forrest UNM and Santa Fe Institute March, 2008 What can we learn from other fields? Experimental design How to conduct experiments and analyze results Quantitative methods PCA,

589 views • 10 slides
Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Software Security: Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016 Robustness Security bugs are a fact of life How can we use access control to improve the security of software, so security bugs

695 views • 32 slides
Learn how together we can fight back and win Learn more about whats at stake Learn about the

Learn how together we can fight back and win Learn more about whats at stake Learn about the

In this presentation you will: Learn how together we can fight back and win Learn more about whats at stake Learn about the state of play around the country 2.3 million members across 50 states fighting for access to abortion care, birth

511 views • 40 slides
Impatient for impact Hungry to learn Scrappy by design Test into success

Impatient for impact Hungry to learn Scrappy by design Test into success

Impatient for impact Hungry to learn Scrappy by design Test into success Centered in community Powered by partners Ag-Science Cooking, Gardening & Apprenticeships Nutrition Classes Out-of-School Farmers

317 views • 18 slides
1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

Overview The Thin Blue Line: Security SysAdmins Current state of Internet Security Better Tools for System Administration: all metrics show bad -> worse unpatched software vulnerabilities Enhancing the Human-Computer

583 views • 6 slides
What is Interaction Design? Goals of interaction design Develop usable products

What is Interaction Design? Goals of interaction design Develop usable products

What is Interaction Design? Goals of interaction design Develop usable products Usability means easy to learn, effective to use and provide an enjoyable experience Involve users in the design process Example of bad design

393 views • 13 slides

More recommend