what security can learn from design
play

What Security can learn from Design Douglas Wilson Nguyet Vuong - PowerPoint PPT Presentation

Oct 08, 2023 •234 likes •634 views

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv INTRO / Who We Are We are Nguyet & Doug Collectively,

  1. What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv

  2. INTRO / Who We Are We are Nguyet & Doug Collectively, we have lived in and analyzed the worlds of Design and Security for a combined 36 years .

  3. INTRO / W hy Are We Here Let us know if this sounds familiar: You must challenge the status quo to succeed You spend a lot of time examine unusual and unintended behaviors Despite amazing technology, success is often dependent on a few skilled humans Your area of expertise is often an afterthought at a lot of tech companies You are much more effective if included at the beginning of most processes

  4. INTRO / W hy Are We Here First thought Security is the Yin to Design’s Yang

  5. INTRO / W hy Are We Here Reframing Security is a design problem “Reframe problems - there are a number of very well known cognitive biases that can limit our thinking and restrict our choices. Indeed, studies have even shown that the way we frame things can play a significant part in whether we get started or procrastinate. By reframing our problems we can often look at situations in a new light and come up with much better solutions to them.” Adi Gaskell - 5 Steps To Help You To Design Your Life https://www.forbes.com/sites/adigaskell/2016/09/16/5-steps-to-help-you-to-design-your-life/

  6. INTRO / W hy Are We Here But wait. I can’t draw. I don’t do graphics. How am I a designer?

  7. INTRO / W hy Are We Here “Everyone is a designer. Not everyone is a good designer. Everyone can become a better designer.” -Jared Spool

  8. INTRO / W hy Are We Here In going through this journey, we ask: How might we improve security solutions by applying insights from the design industry?

  9. Phases of Design Thinking according to Stanford Design School

  10. What is Design Thinking?

  11. WHAT IS DESIGN THINKING ? Solution Human-Centered Design Viability Starts here Successful solutions solve problems for people. Desirability Feasibility Human-centered design starts with human desires. Successful solutions emerge in the overlap of these three lenses.

  12. WHAT IS DESIGN THINKING ? A set of activities A set of activities we use to align teams, practice user empathy together, and deliver outcomes that successfully meet our users’ needs.

  13. WHAT IS DESIGN THINKING ? IBM The Loop OBSERVE REFLECT MAKE

  14. WHAT IS DESIGN THINKING ? IDEO Inspiration Ideation Implementation Credit: IDEO

  15. WHAT IS DESIGN THINKING ? Stanford School of Design Build representations of one idea Ideate Empathize Test and gain user feedback Define Prototype Learn about Brainstorm the users and create Test solutions Sharpen key questions

  16. The Methodology UNDERSTAND DEFINE IDEATE PROTOTYPE TEST

  17. This is not a linear process UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  18. Design Thinking Activities More constructed according to the needs of the workshop. This framework is flexible, and can be done in 1 week, 1 or 2 days or half day according to your needs. 2 hour Half day 1 day One week

  19. UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  20. Understand Understanding is gaining an empathic insight into the people you’re designing for and the challenges they are experiencing.

  21. UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  22. Define Defining is unpacking the findings from your understanding into needs and insights. And then turning those needs into a problem statement.

  23. UNDERSTAND PROTOTYPE IDEATE IDEATE DEFINE DEFINE TEST

  24. Ideate Ideating is generating a large number of ideas. Not perfect ideas, but lots of potential answers and solutions. No judgement . No evaluation. This is the time to let imaginations run wild!

  25. UNDERSTAND PROTOTYPE IDEATE DEFINE DEFINE TEST

  26. Prototype Prototyping is giving concrete form to abstract ideas. It is creating something that allows for interaction and experience, but doesn’t have to be fully functional. This is about learning, not about getting it right the first time.

  27. UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  28. Test Testing your prototype is putting it in the hands of the right people to gather feedback and maximize your learning.

  29. UNDERSTAND PROTOTYPE IDEATE DEFINE TEST

  30. Real life feelings Stefanie Di Rossi - https://ithinkidesign.wordpress.com/2012/01/18/a-brief-history-of-design-thinking-the-theory-p1/

  31. How can we apply this in the security field?

  32. This happens more than we’d like Told to implement a solution - “solve a problem” ● Create a technology-first solution ● Define the problem based on what’s affordable or available ● Implement dictated solution instead of exploring ideas ● End up with frustration and unhappy users ●

  33. Phases of Design Thinking according to Stanford Design School

  34. Understand Are you identifying with people in your organization? Did you get diverse input from different sources? Define Are you tackling solvable problems? If not, can you reframe them? Ideate Don’t just accept the first idea. Conduct structured brainstorming. Prototype Are you trying out ideas small before you go big? Are you getting feedback before committing to final products? Test Are you testing with your users and listening to feedback? Are you answering the right questions?

  35. How to get started ● Talk to your users ● Engage your team ● Seek out designers in your organization. ○ Ask for help ● Go to design talks

  36. This is just the beginning of a journey. We thank you for taking it with us.

  37. Design Thinking Workshop Friday at 9:15 am - 10:45 am Lowther Room LIMITED CAPACITY

  38. Thank you! Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptics, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv

  39. Resources for further learning Stanford “D” School: https://dschool.stanford.edu/resources (new virtual crash course coming this fall!) IBM: https://www.ibm.com/design/thinking/page/framework Ideo: https://designthinking.ideo.com/ & http://www.designkit.org/ Designing Your Life - a book by Bill Burnett & Dave Evans: https://blog.marvelapp.com/shh-dont-tell-theres-no-magic-design-thinking/

Recommend

What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Nguyet Vuong

What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Nguyet Vuong

What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv We are Nguyet & Doug

1.42k views • 45 slides
Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen

Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen

Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen michael.boelen@cisofy.com Nijmegen, 2016-05-10 Meetup: Linux Usergroup Nijmegen Goals 1. Perform a security audit 2. Learn what to protect 3. Determine why 2 Agenda

558 views • 52 slides
Systems Security Final Class! (SysSec) Systems Security - Spring 2020 So what did I learn?

Systems Security Final Class! (SysSec) Systems Security - Spring 2020 So what did I learn?

Systems Security Final Class! (SysSec) Systems Security - Spring 2020 So what did I learn? Experiences Learned concepts covered in class in a hands-on virtual environment Extra competition to gain additional insight Lockdown v8!

496 views • 13 slides
Learn Blackboard Learn Learn with others Learn in your own time, pace, space Learn through

Learn Blackboard Learn Learn with others Learn in your own time, pace, space Learn through

Learn Blackboard Learn Learn with others Learn in your own time, pace, space Learn through designing for teaching Learn with others 1. Black Swan Conferences Hear The bigger picture Higher Education Blackboard UWA Experience

478 views • 16 slides
Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about

Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about

CS 166: Information Security Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about information security? Computer Security in the News Computer Crime for Fun & Profit Attackers have gone from

942 views • 48 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy & Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012 1 Content of Todays Lecture Summary and Wrap up on Security Terminology The Fundamental Dilemma of Security Five Design Principles

801 views • 25 slides
Basic Relational Design "The key, the whole key, and nothing but the key." 1 / 16

Basic Relational Design "The key, the whole key, and nothing but the key." 1 / 16

Basic Relational Design "The key, the whole key, and nothing but the key." 1 / 16 Basic Relational Design In a future series of lectures well learn relational design in detail For now well learn a semi-formal approach to

842 views • 16 slides
Chapter 15 To learn how to throw exceptions To be able to design your own exception

Chapter 15 To learn how to throw exceptions To be able to design your own exception

Chapter Goals Chapter 15 To learn how to throw exceptions To be able to design your own exception Exception Handling classes To understand the difference between checked and unchecked exceptions To learn how to catch exceptions

360 views • 11 slides
Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security Good user experience design and good security cannot exist without each other Everyone deserves to be secure without being experts We need to

1.34k views • 112 slides
How to make a fruit crumble. Design Make - Evaluate This week we are going to learn about the

How to make a fruit crumble. Design Make - Evaluate This week we are going to learn about the

How to make a fruit crumble. Design Make - Evaluate This week we are going to learn about the design process. Almost all things that we use in life have been designed, that includes the processed food products we buy. A problem is

649 views • 8 slides
Informa(on Security Fundamentals: What We Learn When We Listen EVAN FRANCEN,

Informa(on Security Fundamentals: What We Learn When We Listen EVAN FRANCEN,

Informa(on Security Fundamentals: What We Learn When We Listen EVAN FRANCEN, PRESIDENT & CO-FOUNDER - FRSECURE MARCH 17, 2015 In Informa( orma(on on S Secu ecurit rity Fu y Fundamen

695 views • 32 slides
Learning to learn Aim To be able to design activities where people can become better

Learning to learn Aim To be able to design activities where people can become better

INF 3280 22 Feb 2017 Learning to learn Aim To be able to design activities where people can become better learners of IT Input for Assignment 3 Core literature: Textbook chapter 5 Additional literature Grigoreanu

400 views • 14 slides
Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security

Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security

www.geogrid.org Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security Security Yoshio Tanaka National Institute of Advanced Industrial Science and Technology (AIST) Japan 1 www.geogrid.org W hat is the

463 views • 18 slides
Learn more Do more Be more Learn more Do more Be more UNITY Learn more Do

Learn more Do more Be more Learn more Do more Be more UNITY Learn more Do

Learn more Do more Be more Learn more Do more Be more UNITY Learn more Do more Be more Key Staff linked to Year 7 Mrs Angela Haynes Mrs Louisa Smith Head of Year 7 Year 7 PSM Ms Leyla Mrs Julia Emmel Bilsborough

736 views • 27 slides
ECE 3574: Applied Software Design Event Driven Programming Today we will learn how to design

ECE 3574: Applied Software Design Event Driven Programming Today we will learn how to design

ECE 3574: Applied Software Design Event Driven Programming Today we will learn how to design systems that respond to internal and external events in an application. Events and Event Handlers Events from Windowing System Timers and

527 views • 13 slides
Powerful Slam Dunks: Get that Construction or Design Job Agenda Preparation Learn what

Powerful Slam Dunks: Get that Construction or Design Job Agenda Preparation Learn what

Powerful Slam Dunks: Get that Construction or Design Job Agenda Preparation Learn what the City needs Study how the City does it Be ready for your Opportunity Practice Work on your dunks Get coached up Learn from

430 views • 30 slides
OPG Leadership Series Solaris Security Design Kickoff, Considerations September, 2005 Casper

OPG Leadership Series Solaris Security Design Kickoff, Considerations September, 2005 Casper

OPG Leadership Series Solaris Security Design Kickoff, Considerations September, 2005 Casper Dik Sun Microsystems, Inc. Solaris Security Design Principles Or how ten years changed my perspective on security History of fixes and hardening

581 views • 37 slides
Biology is the Science of Security Stephanie Forrest UNM and Santa Fe Institute March, 2008

Biology is the Science of Security Stephanie Forrest UNM and Santa Fe Institute March, 2008

Biology is the Science of Security Stephanie Forrest UNM and Santa Fe Institute March, 2008 What can we learn from other fields? Experimental design How to conduct experiments and analyze results Quantitative methods PCA,

589 views • 10 slides
Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Software Security: Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016 Robustness Security bugs are a fact of life How can we use access control to improve the security of software, so security bugs

695 views • 32 slides
Learn how together we can fight back and win Learn more about whats at stake Learn about the

Learn how together we can fight back and win Learn more about whats at stake Learn about the

In this presentation you will: Learn how together we can fight back and win Learn more about whats at stake Learn about the state of play around the country 2.3 million members across 50 states fighting for access to abortion care, birth

511 views • 40 slides
Impatient for impact Hungry to learn Scrappy by design Test into success

Impatient for impact Hungry to learn Scrappy by design Test into success

Impatient for impact Hungry to learn Scrappy by design Test into success Centered in community Powered by partners Ag-Science Cooking, Gardening & Apprenticeships Nutrition Classes Out-of-School Farmers

317 views • 18 slides
1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

Overview The Thin Blue Line: Security SysAdmins Current state of Internet Security Better Tools for System Administration: all metrics show bad -> worse unpatched software vulnerabilities Enhancing the Human-Computer

583 views • 6 slides
What is Interaction Design? Goals of interaction design Develop usable products

What is Interaction Design? Goals of interaction design Develop usable products

What is Interaction Design? Goals of interaction design Develop usable products Usability means easy to learn, effective to use and provide an enjoyable experience Involve users in the design process Example of bad design

393 views • 13 slides

More recommend