October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

User experience and security: Enemies or allies?

Peter Hesse (10Pearls)
3:50pm–4:30pm Tuesday, 11/01/2016
Bridging business and security
Location: Mercury Ballroom Level: Beginner
Average rating: ****.
(4.00, 1 rating)

Prerequisite knowledge

  • A general knowledge of or experience with the application development process

What you'll learn

  • Understand why bridging the gap between security and usability increases security and gets results faster and more efficiently


For the last few decades, security professionals have been taught that you can have good security or good usability—not both. At the same time, designers, developers, project managers, and just about everyone else realized the only way to meet deadlines was to avoid security at all costs. That’s created an insular approach to security with debilitating results.

It doesn’t have to be this way.

In fact, when security brings these groups together, the results are impressive. It’s time to end the false choice that security must come at the expense of convenience. A tighter integration of user experience and security can create both more secure and more usable systems. Drawing on real-world examples, Peter Hesse demonstrates how to start the conversations, build the relationships, and get the results and security you need.

Topics include:

  • Increasing collaboration between security and UX teams: Keep your friends close, and your enemies closer. The head of UX and head of security shared an office and now share lessons learned about how they and their teams communicate and work together.
  • Using UX tips and tricks to improve security: User experience techniques such as A/B testing and usage tracking can reveal a lot about how people are using an application. They can also reveal potential security concerns that might be lurking behind the next click or swipe.
  • Including security in modern Agile development: We know that in the long term, it is more effective to build security in a product than to try and bolt it on afterward. The security industry has been slow to adapt to rapid development methods. Active participation is the best opportunity to steer development toward good security decisions.
Photo of Peter Hesse

Peter Hesse


Peter Hesse is the chief security officer of 10Pearls, where he focuses on avoiding the common break/fix mentality around security, instead finding ways to architect and build security into systems and products. For nearly two decades, Peter has leveraged his passion for technology and experience in security to develop successful solutions to interesting problems. From an exciting start developing the reference implementation of a standards-based certification authority for the National Institute of Standards and Technology (NIST) to overcoming obstacles and successfully demonstrating the system that formed the basis of the Federal PKI, Peter has built his reputation tackling complex challenges and explaining them to others. Previously, Peter founded and ran the successful information security consulting firm Gemini Security Solutions for over a dozen years.