Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Good morning, everybody. Uh, sorry about coming on late this morning. I'm almost a full hour later than normal. Part of that probably has to do with. I'm in, uh, Texas, which is one hour, uh, before my normal time zone.
And ironically enough I can travel across to Asia to Europe and not be bothered by the time zones. But when I go an hour, one way or the other things get a little messed up.
But, um, there's another good reason why I was, uh, I am late this morning. Um, and that's because I took the opportunity, uh, while I was here in my hotel room, um, to read a little bit.
Um, I love reading. I am reading all the time. Um, you know, average couple books a week easy. Um, just because it's so much fun, it's so much and I would much rather read a book than sit down and watch a movie, um, or a TV show.
Um, I just find it a lot more compelling. Um, and, you know, I, I was reading just some sci fi, some candy sci fi, what I consider, which is basically, you know, a couple hour read gets you through um, great book by Mr Forbes about The Forgotten Earth of Book Two.
If you're looking for a distraction, great series, great author. Um, but it got me thinking about another book. Um, because through my travels yesterday, um I flew down from Canada on Air Canada.
Um and they're advertising a new service called the Signature Service. Um And this is an interesting service because it's on the same planes. Um, you know, they offer first class on these planes.
So it's on selected routes. A lot of the red eye routes. Um So what's the difference between that and sort of first class? Well, the difference is, is they've designed it as a service.
They've designed the entire thing, start to finish and that goes to today's topic. So this signature level service is essentially they're going to greet you curbside or arrange for your pick up. They're going to walk you through the check in process, walk you through security and get you to the lounge, hold your hand all the way to the airplane and reverse the process when you get off.
So it's their attempt at realizing or their acknowledgment of realizing that people are frustrated with air travel. Air travel generally sucks. I'll tell you that as a pro. Um, but they're only the airlines only in control of a small piece of it.
There's a whole bunch of leading up to getting to the airport, going through the airport to get to the gate to get on the plane. Um, and the gate and the plane and really just the plane is where the air airline is actually in control.
The gate is normally farmed out to local, um, agents who, who end up doing that. Um, so they're, they're trying to take over the entire process, soup to nuts with this service. Um, the signature service, it's very similar to Apple's approach.
So we see this in the tech world with Apple where they own everything on the phone. So I'm broadcasting you from my iphone this morning, which is why it's shaky because I haven't had my tea yet.
Um, and uh the apple owns everything. Soup to nuts, right? Um So when you go and buy an Apple phone, there is, it's set pricing. Um, you know, you can get support from Apple, you walk into the Apple store for support, someone greets you at the start.
They ask you what they're there for. They align you up with the right people and then you can even recycle and trade up your phone through Apple. So Apple is trying to own the entire thing.
Yes, there's key business reasons for that. Um, especially for Apple because they can make profit in different areas. But again, it's owning entire service because that's how you can control the user experience.
And I think in security, we forget that a lot in security, we tend to be bring in and apply security controls at different gates. We, you know, I've spoken before about how badly mismatched security is with the project life cycle in most organizations because we're not thinking holistically, you need to think, start to finish with the user experience is so that's another common term.
You're rarely going to hear service design that didn't take off too much, but it did start from a fantastic book. And that's sort of what keyed off this topic for today. I want to make a strong book recommendation around.
This is Service design thinking um by Schneider and Stardom. I think it is, I'll send out the link, but this is service design thinking is the name of the book. They also have a new one.
This is service design doing fantastic book, fantastic set of tools to get you in that mindset. And I highly recommend anybody in any it venue, but especially in security, read that book has nothing to do with it or security directly.
But that methodology, that way of thinking absolutely does have something to do with security. And so that's the kind of the mismatch there where for security, we just go and apply at one point and we completely forget about the rest of the process.
So we say, hey, you need to make sure that users have this massive, you know, this use a proper pass phrase and follow the latest in this standards. Totally forgetting that they have already logged in three different times to systems that don't adhere to those standards that creates a disconnect for the user that creates a frustration for the user.
They're going to look at that stronger, better password as being a problem. Whereas if you look at the entire surface design chain, you realize the problem isn't the new password you're enforcing. It's the fact that there are multiple passwords and that the earlier passwords in the chain don't live up to the newer standards.
So it creates a miss uh set expectation for the user. So from a security perspective, and for those of you just getting started in cybersecurity, here's my number one recommendation. First of all, um you need that perspective.
We talked about perspectives a lot on the show. We've talked about a lot around the context of getting started in cyber security, staying in cybersecurity. Um for everybody start looking into UX or user experience conferences, talks books.
I've got a ton of recommendations. Hit me up online at marknca in the comments down below or by email me@markn.ca. But start researching around user experience.
So this is not user interface design. It's a subset of it, user experience encompasses service design. It's thinking about how the user start to finish, interacts with your product or service that's critical, absolutely critical for security.
Um Because if you're not thinking about the holistic um aspect about this, about the entirety of how people use a system or a process and um giving you that context, you're not gonna get good security.
Um So start with service design thinking, start with looking into user experience, start to look into UX because that's absolutely critical. We don't do security in isolation. Remember, the goal of cybersecurity is to make sure that these systems work as intended and only as intended, you could only do that if you understand the whole thing, start to finish.
Hit me up online at marknca down in the comments below or by email me@markn.ca. Love to hear your thoughts on this. I hope you're set up for a fantastic day.
We'll talk to you online and I'll see you on the show tomorrow.
