Hacker News new | comments | show | ask | jobs | submit login

I advise companies on tech security, and talent is very much needed.

What's surprising (at first glance) is that the security talent need is very strong in UI/UX/CX.

For example, security is needed to gradually escalate a user's own identity verification -- think of things like two-factor auth and multi-factor auth, that can phase in (or ramp up) when a user's actions enter a gray area of risk.

Some examples: when a user signs in from a new location, or a user does an especially large money transfer, or a user resumes an account that's been dormant for years, etc.

The UI/UX/CX is especially necessary to 1) explain to the user that there's a security issue, 2) how the user can fix it, and 3) how to improve backend systems to handle users who ask for help.

I work in infosec as a security engineer, I agree with this more than anything else anyone has posted about the state of the security industry on HN, ever.

For security being a human problem, I have yet to meet infosec types with strong backgrounds in human factors or product design. Nearly everyone came to this industry from netsec/IT/SOC work, or low-level programming, and neither group has a decent understanding of the usability issues that plague the security posture of common users. What works for a CLI junkie with deep systems knowledge absolutely fails people who barely know how to navigate their Android phone.

If anyone's interested in attempting to solve some of these design pattern issues, please reply here or DM me on Twitter. I'd love to actually get a group of people together trying to come up with standard, secure UX paradigms that can be referenced by others.

>What's surprising (at first glance) is that the security talent need is very strong in UI/UX/CX.

Which technologies specifically?

For example some keywords: rapid web/mobile prototyping, info visualization, split test planning, throttle rollouts, accessibility areas, i18n/l10n, risk management, compliance verification, pattern recognition, time series analysis, threat modeling of web usage, relevance ranking, bloom filters, HIPAA/FERPA/SOX/ISAE etc., client-side cryptography, graylisting, social proof verification, identity theft mitigation, etc.

>Which technologies specifically?

I think that's part of the issue, security minded folks are often very analytical and come from CS backgrounds and the demand is for people who understand how design interacts with technology to, in this case, create secure methods of actually using a technology.

So, to answer your question, none. It's about the mindset of the designer.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact