User experience and security: Enemies or allies?

Description

For the last few decades, security professionals have been taught that you can have good security or good usability—not both. At the same time, designers, developers, project managers, and just about everyone else realized the only way to meet deadlines was to avoid security at all costs. That’s created an insular approach to security with debilitating results.

It doesn’t have to be this way.

In fact, when security brings these groups together, the results are impressive. It’s time to end the false choice that security must come at the expense of convenience. A tighter integration of user experience and security can create both more secure and more usable systems. Drawing on real-world examples, Peter Hesse demonstrates how to start the conversations, build the relationships, and get the results and security you need.

Topics include:

• Increasing collaboration between security and UX teams: Keep your friends close, and your enemies closer. The head of UX and head of security shared an office and now share lessons learned about how they and their teams communicate and work together.
• Using UX tips and tricks to improve security: User experience techniques such as A/B testing and usage tracking can reveal a lot about how people are using an application. They can also reveal potential security concerns that might be lurking behind the next click or swipe.
• Including security in modern Agile development: We know that in the long term, it is more effective to build security in a product than to try and bolt it on afterward. The security industry has been slow to adapt to rapid development methods. Active participation is the best opportunity to steer development toward good security decisions.