Summary:

In this episode of Exploring Information Security, host Timothy De Block and guest Javvad Malik, security awareness advocate and writer for KnowBe4, delve into the concept of user-centric design in security. Javvad shares insights on building security controls that enhance user experience rather than hinder it, and explores how organizations can foster a security culture by making processes more intuitive and less obstructive.

Key Takeaways:

• Empathy in Security Controls: Javvad discusses the importance of understanding users’ needs and challenges. He emphasizes that security should focus on helping users rather than enforcing rigid policies. Using familiar examples, like Tetris vs. Minecraft, he illustrates the shift from a rigid, top-down approach to a more adaptable, user-driven model.

• Learning from Shadow IT: Rather than forbidding unauthorized tools, Javvad suggests engaging with employees to understand why they choose certain applications. By integrating tools that users find convenient, security teams can balance security with user needs.

• Behavioral Science Meets Security: Javvad highlights the value of metrics in understanding user behavior and assessing risks. He proposes using a combination of security metrics—like phishing susceptibility and device usage—to gauge an individual’s or department’s security behavior, thereby creating a more effective, user-centric security program.

• The Power of Nudge Theory: Drawing from behavioral science, Javvad explores how gentle prompts, like password managers and risk reminders, can steer users toward safer behaviors. He likens this to everyday nudges we see, such as speed-limit reminders on roads, which encourage compliance without confrontation.

Resources Mentioned:

• KnowBe4 Blog: Javvad’s blog on KnowBe4 about user-centric design.

• Behavioral Science Books: Recommended readings include Nudge: Improving Decisions About Health, Wealth, and Happiness by Richard H. Thaler and Cass R. Sunsteinand and Tiny Habits by BJ Fogg for insights into influencing behavior.

• Invisible Gorilla Test: A classic experiment demonstrating how easily we miss the obvious, relevant to security’s focus on user awareness.

About Our Guest:

Javvad Malik is a security awareness advocate and writer at KnowBe4. He uses storytelling and humor to make security concepts relatable and user-friendly. Follow his latest articles on the KnowBe4 blog, where he offers practical insights into security awareness and user-focused security design.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]