Applying Usability and Transparency to Security - Hannah Sutor - ASW #311

Update: 2024-12-16

Description

Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those improvements didn't arise from a narrow security view. Hannah Sutor talks about the importance of balancing security with usability, the importance of engaging with users when determining defaults, and setting an example for transparency in security disclosures.

Segment resources

https://youtu.be/ydg95R2QKwM

00:00 Welcome to Application Security Weekly! 01:49 Meet the Experts 03:28 What Are Non-Human Identities? 06:17 Balancing Security & Usability 08:24 MFA Challenges & Admin Security 12:09 Navigating Breaking Changes 16:05 Security by Design in Action 18:42 Identity Management for Startups 20:18 Secure by Design: Real Impact 24:03 Transparency After a Critical Vulnerability 31:39 Looking Ahead to 2025 32:45 Application Security in Three Words

Show Notes: https://securityweekly.com/asw-311

Comments

In Channel

Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353

2025-10-2101:03:39

Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352

2025-10-1401:07:32

Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351

2025-10-0753:52

Changing the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350

2025-09-3001:14:32

Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349

2025-09-2358:43

How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348

2025-09-1601:08:00

Limitations and Liabilities of LLM Coding - Ted Shorter, Seemant Sehgal - ASW #347

2025-09-0901:17:09

AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm - ASW #346

2025-09-0201:08:11

Translating Security Regulations into Secure Projects - Emily Fox, Roman Zhukov - ASW #345

2025-08-2601:13:31

Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344

2025-08-1901:08:17

The Future of Supply Chain Security - Janet Worthington - ASW #343

2025-08-1242:13

Uniting software development and application security - Jonathan Schneider, Will Vandevanter - ASW #342

2025-08-0558:07

How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341

2025-07-2901:04:11

Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340

2025-07-2201:06:35

Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339

2025-07-1501:07:50

Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338

2025-07-0801:07:15

Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337

2025-07-0138:26

How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336

2025-06-2401:01:18

Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335

2025-06-1701:08:00

Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334

2025-06-1001:09:09

00:00

Applying Usability and Transparency to Security - Hannah Sutor - ASW #311

#box-pro-ellipsis-176108291078914{-webkit-line-clamp:2;}Applying Usability and Transparency to Security - Hannah Sutor - ASW #311

Applying Usability and Transparency to Security - Hannah Sutor - ASW #311

Applying Usability and Transparency to Security - Hannah Sutor - ASW #311