what security can learn from design - first · what security can learn from design (an intro to...
TRANSCRIPT
![Page 1: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/1.jpg)
What Security can learn from Design(An Intro to Design Thinking)
Douglas WilsonSecurity Person,Formerly at Uptycs, Mandiant@dallendoug
Nguyet VuongDesign Person, VP of Design at Civil Media Company@nguyetv
![Page 2: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/2.jpg)
We are Nguyet & DougCollectively, we have lived in and analyzed the worlds of Design and Security for a combined 36 years.
![Page 3: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/3.jpg)
Let us know if this sounds familiar:● You must challenge the status quo to succeed
● You spend a lot of time examining unusual and unintended behaviors
● Despite amazing technology, success is often dependent on a few skilled humans
● Your area of expertise is often an afterthought at a lot of companies
● You are much more effective if included at the beginning of the process
![Page 4: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/4.jpg)
Hypothesis
Security is the Yin to Design’s Yang
![Page 5: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/5.jpg)
“Reframe problems - there are a number of very well known cognitive biases that can limit our thinking and restrict our choices. Indeed, studies have even shown that the way we frame things can play a significant part in whether we get started or procrastinate. By reframing our problems we can often look at situations in a new light and come up with much better solutions to them.”Adi Gaskell - 5 Steps To Help You To Design Your Lifehttps://www.forbes.com/sites/adigaskell/2016/09/16/5-steps-to-help-you-to-design-your-life/
Reframing
Security is a design problem
![Page 6: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/6.jpg)
Reframing
If you solve security problems for people,
You are a designer
![Page 7: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/7.jpg)
But wait.
I can’t draw. I don’t do graphics.
How am I a designer?
![Page 8: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/8.jpg)
Design isn’t just UX or UI, or about colors, fonts, and images.
It’s about problem solving.
![Page 9: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/9.jpg)
“Everyone is a designer. Not everyone is a good designer.Everyone can become a better designer.”-Jared Spool
![Page 10: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/10.jpg)
How might we improve security solutions by applying insights from the design industry? What are the tools and techniques thatSecurity can Learn from Design?
![Page 11: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/11.jpg)
Phases of Design Thinking according to Stanford Design School
![Page 12: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/12.jpg)
What is Design Thinking?
![Page 13: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/13.jpg)
Human-Centered Design
Successful solutions start with human desires.
The best solutions emerge at the intersection of these three lenses.
Viability
Desirability Feasibility
Starts here
Solution
WHAT IS DESIGN THINKING?
(Business)
(Technology)
(Human)
![Page 14: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/14.jpg)
IBM The LoopWHAT IS DESIGN THINKING?
OBSERVE REFLECT MAKE
![Page 15: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/15.jpg)
IDEO
WHAT IS DESIGN THINKING?
Inspiration Ideation Implementation
Credit: IDEO
![Page 16: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/16.jpg)
Empathize
Stanford School of Design
WHAT IS DESIGN THINKING?
Define
Ideate
Prototype
Test
Learn about the users
Sharpen key questions
Brainstorm and create solutions
Build representations of one idea
Test and gain user feedback
![Page 17: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/17.jpg)
UNDERSTAND DEFINE IDEATE PROTOTYPE TEST
The Methodology
![Page 18: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/18.jpg)
This is not a linear process UNDERSTAND
DEFINE
IDEATE
PROTOTYPE
TEST
![Page 19: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/19.jpg)
All of these methods suggest sets of activities that a team can work through to define problems, brainstorm, and build consensus on a solution.
A set of activitiesWHAT IS DESIGN THINKING?
Talk prototype with CapSec DC members
![Page 20: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/20.jpg)
Design Thinking ActivitiesMore constructed according to the needs of the workshop. This framework is flexible, and can be done in 1 week, 1 or 2 days or half day according to your needs.
1 day
One week
Half day2 hour
![Page 21: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/21.jpg)
DEFINE
IDEATE
PROTOTYPE
TEST
UNDERSTAND
![Page 22: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/22.jpg)
Understanding is gaining an empathic insight into the people you’re designing for and the challenges they are experiencing.
Understand
![Page 23: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/23.jpg)
DEFINE
IDEATE
UNDERSTAND PROTOTYPE
TEST
![Page 24: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/24.jpg)
Defining is unpacking the findings from your Understand phase into needs and insights.
And then turning those needs into problem statements.
Define
![Page 25: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/25.jpg)
IDEATE
DEFINEDEFINE
IDEATE
UNDERSTAND PROTOTYPE
TEST
![Page 26: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/26.jpg)
Ideating is generating a large number of ideas. Not perfect ideas, but lots of potential answers and solutions. No judgement. No evaluation.
This is the time to let imaginations run wild!
Ideate
![Page 27: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/27.jpg)
DEFINEDEFINE
UNDERSTAND PROTOTYPE
TEST
IDEATE
![Page 28: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/28.jpg)
Prototyping is making your ideas real so that you can communicate them. It pushes your understanding of what’s possible.
This is about learning, not about getting it right the first time.
Prototype
![Page 29: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/29.jpg)
DEFINE
IDEATE
UNDERSTAND PROTOTYPE
TEST
![Page 30: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/30.jpg)
Test
Testing your prototype is putting it in the hands of the right people to gather feedback and maximize your learning.
![Page 31: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/31.jpg)
UNDERSTAND
DEFINE
IDEATE
PROTOTYPE
TEST
![Page 32: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/32.jpg)
Real life feelings
Stefanie Di Rossi - https://ithinkidesign.wordpress.com/2012/01/18/a-brief-history-of-design-thinking-the-theory-p1/
![Page 33: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/33.jpg)
How can we apply this in the security field?
![Page 34: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/34.jpg)
● You are told to implement a technology● The “problem” is based on what’s affordable or available● Implement dictated solution instead of exploring ideas● End up with frustration and unhappy users
Does this sounds familiar, round 2
![Page 35: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/35.jpg)
UNDERSTAND
DEFINE
IDEATE
PROTOTYPE
TEST
![Page 36: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/36.jpg)
UnderstandAre you identifying with people in your organization?Did you get diverse input from different sources?
DefineAre you tackling solvable problems?If not, can you reframe them?
IdeateDon’t just accept the first idea.Conduct structured brainstorming.
PrototypeAre you trying out ideas small before you go big?Are you getting feedback before committing to final solution?
TestAre you testing with your users and listening to feedback?Are you solving the right problem?
![Page 37: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/37.jpg)
● How can we use this on the problems we face?● Design Thinking needs to work with other systems● Design Thinking doesn’t work for every challenge
Red Teaming Design Thinking:Risks and Assumptions
![Page 38: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/38.jpg)
● You can point to leaders who are trying this● You can start small (a prototype) and grow as
you empower people● You can ally with people trained in Design and
work alongside them.
Prototyping Design Thinking to Evolve
![Page 39: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/39.jpg)
● Talk to the people affected by the choices you make.● Engage your team and embrace different points of view● Seek out designers in your organization & include them● Participate in Design Thinking workshops at your company● Hire Design Facilitators ● Use the process on yourself!
How to get started
![Page 40: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/40.jpg)
Remember, You are a designer.
![Page 41: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/41.jpg)
This is just the beginning of our journey.
We thank you for taking it with us.
TEST
![Page 42: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/42.jpg)
Design Thinking WorkshopFriday at 9:15 am - 10:45 am
Lowther Room
LIMITED CAPACITY
![Page 43: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/43.jpg)
Thank you!
Douglas WilsonSecurity Person,Formerly at Uptics, Mandiant@dallendoug
Nguyet VuongDesign Person, VP of Design at Civil Media Company@nguyetv
![Page 44: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/44.jpg)
Resources for further learningStanford “D” School: https://dschool.stanford.edu/resources
IBM: https://www.ibm.com/design/thinking/page/framework
Ideo: https://designthinking.ideo.com/ & http://www.designkit.org/
Google Ventures Design Sprint: https://www.gv.com/sprint/
Design thinking origin story plus some of the people who made it all happen
How I stopped Worrying and Learned to Love Design Thinking - Christina Wodtke
![Page 45: What Security can learn from Design - FIRST · What Security can learn from Design (An Intro to Design Thinking) Douglas Wilson Security Person, Formerly at Uptycs, Mandiant @dallendoug](https://reader034.vdocuments.mx/reader034/viewer/2022051809/60135f73eb71df1f25185255/html5/thumbnails/45.jpg)
Resources for further learningBooks:
The Sprint Book by Jake Knapp - https://www.thesprintbook.com/
Designing Your Life by Bill Burnett & Dave Evans: https://designingyour.life/
Ruined by Design by Mike Monteiro: https://www.ruinedby.design/