IT Management

How to Use a Human-Centered Design Process for Cybersecurity

Published by in IT Management

When you think of cybersecurity, you probably think of its broad focus on protecting businesses’ data.

What you might not think of are the people behind those data points—individual customers whose information could be compromised, or employees who work tirelessly on proprietary formulas that you wouldn’t want your competitors to steal.

As our interactions with technology increase, it’s easy to depersonalize the information on our screens.

It’s also easy to forget that cybersecurity programs are created, monitored, and maintained by people, who are just as subject to human error as the rest of us.

Human-centered design (HCD) focuses on solving this problem by keeping the needs of the target population in mind so as to ensure the solution is holistic, functional, and appealing.

Below, we’ll explain how HCD operates and the potential uses it could have for the cybersecurity industry.

How can cybersecurity benefit from the HCD process?

HCD is an innovative and upcoming design process that’s being utilized in various fields. If HCD can be incorporated into the world of cybersecurity, a new kind of cybersecurity can be identified, which will be of much greater quality than the security we have in place today.

When it comes to cybersecurity for businesses, it’s common to hear that employees are the biggest threat to their company’s data safety. But blaming human error for cybersecurity breaches is evidence of developers taking the easy way out.

If a system is really going to keep your data secure, shouldn’t it safeguard against the mistakes many people make? While a decent cybersecurity defense program will consider the machine side of things by alerting you to a system’s vulnerabilities, a great program will also defend your data against human vulnerabilities.

A human-centered design process will help your cybersecurity design team by starting with a human-centered, rather than a machine-centered, approach to defense, protecting your data from computer-literate cyber criminals and Joe in accounting at the same time.

This protection could mean making automatic system updates an “opt-out” process so it’s less likely that old, vulnerable versions of programs are still running on computers. It could also mean making two-factor or multi-factor authentication required and easier for employees to use.

Considering the human side of cybersecurity might be the first, best step in creating an impenetrable system.

How does the human-centered design process work?

Suppose a customer comes to you complaining that they’ve had a breach in the cybersecurity platform you developed for them. Not only did multiple viruses enter their computer system, but their private data was released, which your company must now scramble to secure.

How can your company ensure this issue doesn’t happen again, and how do you go about making a better product the next time around?

If the security breach stemmed from human error, such as a weak password or forgetting to update a program manually, one solution is to use an HCD process when creating your next cybersecurity program.

HCD emphasizes starting at your customer’s level. You should analyze the needs they want you to meet, which needs weren’t previously met, which features they value most, and the functionality and type of design they would appreciate using.

design innovation venn diagram: technology, business, human values

Discussing customer’s needs with them directly creates more value for your product by helping you create something truly unique (Source)

HCD requires patience, as it’s an iterative process. Much of HCD is a trial-and-error design procedure.

The greatest feature of HCD is its broad, collaborative, and innovative nature. It breaks from the traditional approach of defining one clear problem and offering one correct solution. HCD acknowledges that problems can be more complex and, as such, require more detailed and fine-tuned solutions.

This is especially true for cybersecurity. Due to its complexity, every part must work properly for the whole system to function.

How can your team use HCD in cybersecurity design?

The process of HCD is broken into four phases:

  • Inspiration—Your team identifies a problem in need of a solution. Members are encouraged to innovatively present a wholly new solution or a modification of a failing solution.
  • Ideation—The team begins to brainstorm how a solution might be created and what components are needed.
  • Prototyping—The team works to design a product that can be tested.
  • Implementation—The solution (having been tested many times) satisfies the customer and can be integrated into their system to meet their needs.

human-centered design process diagram

This diagram also helps break down the phases of the human-centered design process. (Image source: StoryMiners)

The process as a whole can appear vague and nonspecific, so I’ve broken down this process into eight smaller, more understandable steps.

1. Gather your team

Choose a diverse group of individuals to make up your design team, so they can analyze the problem from multiple perspectives. Choose from enterprise architects, IT developers, creative design personnel, and cybersecurity technicians. If your team has never used an HCD process, do more research on how to conduct it or take an HCD class together. Consider ways that your team can collaborate and learn to work together so the design process is smooth.

2. Define the problem

Begin by asking a question you know you can answer. What problem are you looking to solve? Does the problem need several smaller solutions to create a bigger, more holistic solution? Once you completely understand the problem, you’re ready to begin the interactive research process.

3. Identify the target audience

Determine which group of people will use your design. By defining your clientele, your research will be more effective. Consider sociological and environmental factors. For instance, a cybersecurity solution make look different for a company that is urban-based versus a company that is rural-based. Your target audience can be defined by region, number of employees, or its customer base, among other factors. The more specific your audience is, the easier it will be to create a solution that encompasses all the features they need.

4. Conduct your research

Now that you’ve identified your target audience, go find them in the wild. Spend time observing and interviewing them and considering how their cybersecurity platform operates and how they interact with it. What inconveniences are present with their current solution? What problems do you identify which the customer has not? You may need to go back and redefine your problems after this step. This is where the iterative process begins.

5. Analyze the data

Look at the data you’ve gathered from your research and interpret what it all means. It’s important to be collaborative in your analysis so that no details are lost and so everyone’s voice is heard. You can add all their potential solutions to the larger solution. If you’re missing certain data, go back and conduct more research.

6. Create a prototype

Once you’ve identified the features your customer wants, as well as the ones you think would be helpful, design a prototype solution. Keep in mind that the first solution is often not the best. HCD is an art and, as such, an iterative process.

7. Test your idea and readjust

It’s likely that you’ll have to create multiple prototypes. Try your first one out, and then go back and reevaluate what’s missing or what didn’t work like you suspected it would. After your evaluation, go back and create a new prototype, making the changes you’ve identified.

8. Implement your solution

Once a clear solution has been designed, keeping in mind the interests of the customer, design the final product and have your customer try it out.

Want more information on human-centered design?

Cybersecurity can benefit from this design process, as can many other fields. In fact, every company and industry can benefit from learning to break from tradition with a collaborative, innovative, iterative, and customer-based way of doing things.

Have you or your development team tried out a human-centered design process lately? How did it work out? Let me know in the comments below.

If you need more information on implementing HCD effectively, here’s a list of helpful sites:

Looking for IT Management software? Check out Capterra's list of the best IT Management software solutions.

About the Author


Comment by Pavithren on

Thanks for the great read!
As they say… Humans are the weakest link in the cyber security chain and HCD has a great potential to build more robust cyber security systems.

Comment on this article:

Comment Guidelines:
All comments are moderated before publication and must meet our guidelines. Comments must be substantive, professional, and avoid self promotion. Moderators use discretion when approving comments.

For example, comments may not:
• Contain personal information like phone numbers or email addresses
• Be self-promotional or link to other websites
• Contain hateful or disparaging language
• Use fake names or spam content
Your privacy is important to us. Check out our Privacy Policy.