October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Privacy and threat in practice: Lessons from at-risk user populations

Sara "Scout" Brody (Simply Secure)
1:15pm–1:55pm Wednesday, 11/02/2016
The human element
Location: Rendezvous Trianon
Average rating: ****.
(4.75, 4 ratings)

What you'll learn

  • Understand the mismatch between security wisdom and user realities
  • Learn best practices for understanding your target users before building, selecting, or deploying secure computer systems

Description

The security community has spent decades trying to define what secure systems look like in theory and how to achieve them in practice. However, this effort has largely focused on the machine components of the systems rather than the human needs and processes they are meant to enable.

This leads us to ask: Is a theoretically secure system any good if it doesn’t address users’ real-world threat models? Is the security community today meeting the needs of a global audience or simply building tools and features for itself? Do we know how to understand what people really need?

Drawing on over a decade of experience studying the intersection of human and computer systems, Scout Brody explores the mismatch between security wisdom and user realities, focusing particularly on a recent study of low-income New York City residents that reveals a significant gap between their lived experience and the way our community thinks about secure communications. Scout also shares best practices for professionals seeking to understand their target users before building, selecting, or deploying secure computer systems.

Photo of Sara "Scout" Brody

Sara "Scout" Brody

Simply Secure

Sara “Scout” Brody is the executive director of Simply Secure. Scout has long been passionate about improving the usability of security tools. As a product manager at Google, she worked on projects such as two-step verification, the Android operating system, and uProxy. When not working directly on software, she enjoys dabbling in graphic design, fiber artistry, and woodworking. Scout holds a PhD in computer science. Her dissertation, Access Control in and for the Real World, focused on the mis-integration of classic security mechanisms with modern human organizations.