“Even though usability and security tradeoffs will always be with us, we can get much smarter. Some of the techniques are really simple. For one, write everything down a user needs to do in order to use your app securely. Yeah, keep writing.”
In this episode, we talk about:
- What is threat modeling and why should product teams and UX designers care about it? (Also check out Adam’s first episode on Human-Centered Security).
- Focus on parts of the user journey where you might gain or lose customers: what tradeoffs between usability and security are you making here?
- Involve a cross-disciplinary team from the very beginning. This is critiical: “How do we get focused on the parts of the problem that matter so we don’t spend forever on the wrong stuff?”
Adam Shostack is an expert on threat modeling, having worked at Microsoft and currently running security consultancy
Shostack + Associates. He is the author of
The New School of Information Security,
Threat Modeling: Designing for Security and
Threats: What Every Engineer Should Learn From Star Wars.
Adam’s YouTube channel has entertaining videos that are also excellent resources for learning about threat modeling.