The security community has spent decades trying to define what secure systems look like in theory and how to achieve them in practice. However, this effort has largely focused on the machine components of the systems rather than the human needs and processes they are meant to enable.
This leads us to ask: Is a theoretically secure system any good if it doesn’t address users’ real-world threat models? Is the security community today meeting the needs of a global audience or simply building tools and features for itself? Do we know how to understand what people really need?
Drawing on over a decade of experience studying the intersection of human and computer systems, Scout Brody explores the mismatch between security wisdom and user realities, focusing particularly on a recent study of low-income New York City residents that reveals a significant gap between their lived experience and the way our community thinks about secure communications. Scout also shares best practices for professionals seeking to understand their target users before building, selecting, or deploying secure computer systems.
Sara “Scout” Brody is the executive director of Simply Secure. Scout has long been passionate about improving the usability of security tools. As a product manager at Google, she worked on projects such as two-step verification, the Android operating system, and uProxy. When not working directly on software, she enjoys dabbling in graphic design, fiber artistry, and woodworking. Scout holds a PhD in computer science. Her dissertation, Access Control in and for the Real World, focused on the mis-integration of classic security mechanisms with modern human organizations.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org