Security Design and High Risk Users

Explore the critical intersection of security design and high-risk users in this thought-provoking conference talk. Delve into the concept that security is fundamentally about human outcomes rather than technical systems. Examine how the security community's focus has evolved from code-level security to large system security, and why it must now shift towards improving security outcomes for humans. Investigate the crucial role of security design in the software development lifecycle, particularly in the often-overlooked design and requirements phase. Learn about the unique challenges of supporting high-risk, specifically-targeted users and discover practical processes and solutions for addressing this gap in the security discipline. Gain insights from Eleanor Saitta, a multidisciplinary expert in hacking, design, and complex systems, as she shares her expertise on integrating technology into lived experiences and enhancing systemic resilience.

Intro
Security Design & High-Risk Users
The ability to define and determine what a technical system will and will not do is necessary but not sufficient to determine whether it is secure. Defining security for a system means understanding what your humans want.
Security design is the process of understanding user culture, goals, and workflows, organizational Technical capabilities, and adversary capabilities and dispositions and synthesizing a satisficing solution.
Outcomes are messy
Worse Better
Mapping the Security Task