Users Are Not Stupid: Six Cybersecurity Pitfalls Overturned

Whether one is implementing cybersecurity policy within an organization, making decisions about cybersecurity investments, training employees about cybersecurity, or developing new cybersecurity products, an understanding of the human element and “the people interacting with and impacted by cybersecurity" is critical for success. Unfortunately, the skilled and dedicated professionals who strive to improve cybersecurity may unwittingly fall victim to misconceptions and pitfalls that hold people back from reaching their full potential of being active partners in security. This talk offers cybersecurity professionals and decision-makers a primer so they can recognize and overcome six human element pitfalls in cybersecurity. Each pitfall is supported by real-world examples and evidence from human-centered cybersecurity research. In addition to gaining an awareness of these pitfalls, attendees will learn about specific strategies for how they can improve cybersecurity and empower users at all levels by addressing the human element within their organizations.

Julie Haney leads the Human-Centered Cybersecurity program at the National Institute of Standards and Technology (NIST). She conducts research about the human element of cybersecurity, including the usability and adoption of cybersecurity solutions, work practices of cybersecurity professionals, and people's perceptions of privacy and cybersecurity. She has been an invited speaker at numerous cybersecurity forums spanning industry, government, and academia. Previously, Julie spent over 20 years working in the U.S. Department of Defense as a cybersecurity professional and technical director. She has a PhD in Human-Centered Computing and an M.S. and B.S. in Computer Science.