Skip to content

Instantly share code, notes, and snippets.

@nickmalcolm

nickmalcolm/Bridging the security-gap between you and your users.md

Last active March 7, 2016 08:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nickmalcolm/c2a05c422f760af41b1a to your computer and use it in GitHub Desktop.
Save nickmalcolm/c2a05c422f760af41b1a to your computer and use it in GitHub Desktop.
Download ZIP
Bridging the security-gap between you and your users: a presentation idea for developer conferences
Raw
Bridging the security-gap between you and your users.md

Abstract

What is your talk about?

We build apps. We build them as secure as we can. But no matter what we do behind the scenes, the weakest link is often our end users. Bad passwords, phishing attacks, leaving credentials on post-it notes - is there anything we can do?! Yes! During this talk you will learn how to turn your app in to a powerful re-enforcer of good, secure, user behaviour. You'll have gained empathy for the risks your customers face. You'll have begun building a stronger bridge between you and your users.

Details

Explain the theme and flow of your talk. What are the intended audience takeaways? Include any pertinent details such as outlines, outcomes or intended audience.

The theme of this talk is how to help us help our users. When our users get hacked their lives can be massively impacted, financially and emotionally. Even if it wasn't through the websites we've made. The intended takeaway is that anyone can, and needs to, help in the role of education. The threat is growing, and are in a unique position to help.

The audience members who will find this most interesting are those who have web / SaaS apps used by "regular people". Juniors / intermediates will benefit from developing a security mindset and gaining empathy for end-users, particularly around security. Senior developers might know best-practices, but take this stuff for granted and have lost sight of how much help our users need.

The talk will cover the following:

  • how are "regular people" being affected by data breaches today?
    • what are "regular people": diversity of cultures, understandings, age, and intelligence
    • how is the landscape of attacks changing?
    • what best-practices do we take for granted, that our users don't know about
  • the need to add outward thinking
    • can't just use SSL, encrypt passwords, get audited, and hope for the best
  • what are some practical steps we can take today:
    • communication - particularly emails
      • monitor accounts & be pre-emptive about security incidents
    • UX on login / account creation forms (zxcvbn, etc)
    • 2FA
    • SSO instead of another username & password
    • incident response planning

Pitch

Explain why this talk should be considered and what makes you qualified to speak on the topic.

As an industry we need to stop looking inwards at security, and look outwards at our users who are still getting hacked. Although these more UX-ey ideas might feel like "not my job" to some developers, it is our job. We need to hear this message, and others like it, because our unique position as creators allows us to teach others about better security.

I'm CTO at a cyber security startup, and we interact with our customers' customers. We've learnt how to interact with them in ways that aren't scary, but are empowering and educational, towards better security outcomes. It's my job to know and understand cyber-based threats, and stay current with industry best practice. I've talked about these topics at local Ruby meetups, in a way which is accessible to people unfamiliar with the subject matter. I've always been super interested in security, and now it has become a passion. I'm excited to help others with the lessons I've learnt, and learn from their experiences too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment