Human-Centric Security Design: Prioritizing Employee Experience Across the Controls Management Life Cycle

Nov 03, 2023
Human-Centric Security Design

Today, cybersecurity is no longer solely about firewalls, encryption, and threat detection. It’s about people—the employees who interact with systems, data, and processes every day. As a Chief Information Security Officer (CISO), your role extends beyond technical controls; it encompasses the delicate balance between security and employee experience.

The Shift Toward Human-Centric Security

Trend 1: Human-Centric Security Design

Human-centric security design places the employee experience at the heart of control management. Rather than treating security as an abstract concept, we focus on the real-world impact it has on individuals. By 2027, 50% of large enterprise CISOs will have adopted human-centric practices to minimize cybersecurity-induced friction and maximize control adoption.

Understanding the Friction

Traditional security awareness programs often fall short. They fail to address the root causes of unsecured employee behavior. As CISOs, we must dig deeper. Analyze past incidents to identify sources of friction—those moments when security controls hinder productivity or create unnecessary hurdles. These friction points are where we can make a difference.

Designing for People

Human-centric controls consider the employee journey across the entire life cycle:

  1. Onboarding: Simplify access provisioning. Streamline permissions. Make security part of the welcome process.
  2. Daily Workflows: Balance security with usability. Avoid excessive prompts or complex authentication steps.
  3. Incident Response: Provide clear instructions during crises. Empower employees to act swiftly.
  4. Offboarding: Securely revoke access. Ensure a smooth transition for departing team members.

Retiring Unnecessary Controls

Not all controls are equal. Some add friction without significantly reducing risk. Review your arsenal. Are there legacy controls that no longer serve their purpose? Consider retiring them. Replace with more human-friendly alternatives.

Trend 2: Enhancing People Management

Quiet Hiring

Recruitment challenges plague the cybersecurity field. Instead of relying solely on external hires, explore internal talent markets. By 2026, 60% of organizations will shift toward “quiet hiring.” Tap into existing employees who understand your business, culture, and systems. They bring domain knowledge and loyalty, enhancing program sustainability.

Trend 3: Transforming the Cybersecurity Operating Model

Agility Without Compromising Security

Technology permeates every corner of our organizations. It’s no longer confined to central IT. Fusion teams, business units, and individual employees all wield tech power. Our operating model must adapt. Enable agility while safeguarding data. Collaborate with business leaders to strike the right balance.

Final Thought

As CISOs, we’re not just guardians of firewalls; we’re stewards of employee trust. Human-centric security design bridges the gap between protection and experience. It’s time to prioritize people, empower them, and build a safer digital future.

Remember: Secure employees build secure organizations.

I hope this article provides valuable insights for your business audience. If you have any further questions or need additional information, feel free to ask!



Want Helpful Cyber Risk Tips Every Week?


You're safe with me. I'll never spam you or sell your contact info.