Minty Goodness of Automation
This is the month where we are intentionally thankful, and I am thankful for our customers who enthusiastically host UX visits to their place of work. It’s a privilege to be out in the field learning from people who have to effectively manage their organization’s security and regulatory policies across their network environments. Retrospective analysis of what goes into translating high level corporate policies into a something workable set of benchmarks and tests reveals to me what you already know — it is no easy task.There is a need for a better way to manage security policies in dynamic networks. Managing security configurations in networks that span multiple business units, multinational organizations, and multiple administrators is a pain.
I was sitting next to someone at his desk last week, watching him go through the laborious task of cutting and pasting from his policy repository, into another tool, and then into a spreadsheet and then into a power point … and he turned to me and said — “I want this to be easier”.
“Automagical” * – even.
So me, being the “UX Lady”, I like to find patterns and paradigms outside of the subject matter domain that I think relate to the cognitive work domain. (Like, when we were working on a tool that would help people do a better job in managing their risk assessment task needs by tagging their assets so that they could have flexible visibility into what they are managing, — we didn’t look at IT asset management tools, we looked at iTunes).
I have been looking for comparators that have “automagic” goodness. And I have found one that I particularly love. Minty, minty goodness…..
In my research, I came across an article that resonated. It’s written by Mark Hedlund who, in November 2006, launched Wesabe as a site to help people manage their personal finances. In less than a year later, it shut down — losing out to www.mint.com. Here’s what he said about why he thinks Wesabe lost — and I have a ton of respect for his honest assessment BTW - (italics mine) :
“Mint focused on making the user do almost no work at all, by automatically editing and categorizing their data, reducing the number of fields in their signup form, and giving them immediate gratification as soon as they possibly could; we completely sucked at all of that. Instead, I prioritized trying to build tools that would eventually help people change their financial behavior for the better, which I believed required people to more closely work with and understand their data. My goals may have been (okay, were) noble, but in the end we didn’t help the people I wanted to since the product failed. I was focused on trying to make the usability of editing data as easy and functional as it could be; Mint was focused on making it so you never had to do that at all. Their approach completely kicked our approach’s ass.”
That’s automagical.
So, that’s what we are working towards here in UX land as we look at systematic methods for evaluating and monitoring security properties of large-scale networks. If you are interested in helping. having us visit you, or participating in remote usability sessions, please look us up.
http://www.tripwire.com/uxlabrat/
HAPPY THANKSGIVING!
*http://en.wiktionary.org/wiki/automagical
“Automatic, but with an apparent element of stage magic. Commonly used in computer and other technology fields, referring to complex technical processes hidden from the view of users or operators. Includes a connotation of specialness and often implies pride on the part of the process creator (especially when the person using the word is the process creator). Sometimes, also used in sarcastic way, ironically implying an impossible process. A one-size-fits-all approach to automatic controls that replaces rather than supplements manual control, resulting in a product that is less flexible and more difficult to use.”
http://blog.precipice.org/why-wesabe-lost-to-mint
NOTE: This post was originally published here: http://www.tripwire.com/state-of-security/it-security-data-protection/security-controls/the-minty-good…ity-automation/
Notes from the Field – User Research Session
“The Story You Are About To See Is True.
The Names Have Been Changed To Protect The Innocent”
These were the opening words of every episode of the series “Dragnet”.
I loved loved loved to watch “Dragnet” when I was a little girl.
But it was on past my bedtime.
Going into the last commercial, the announcer would always say “The results of this case in just a moment”. Sometimes I would sit on the staircase landing, watching the TV over my parents shoulders while I was supposed to be asleep. I would be tingling in anticipation — waiting to see the results before my folks would catch me and order me to bed.
Full disclosure, I have been out in the field and forgot I needed to blog a UX post today. So, I’ve decided to share a snippet of a recent ethnographic visit — learning about security professionals so that we can design better user experiences for them as they manage their daily security tasks.
10:30: Wanda the Watchdog
Wanda’ cube is right under a white noise machine. She likes it because she can concentrate. She is turned around looking at me expectantly. … I ask her to do what she does every day — she is relieved because she thinks a lot of work stacked up when she was in the meeting with us earlier.
Wanda has three monitors. One is super old school. It has email opened. The center monitor has an events mapper. It is purple and has something that looks like a network architecture diagram. There is a list of events. That screen stayed up the entire time I talked to her.
Wanda is celebrating her 5th anniversary as an employee of Company X. I know this because there is a big monitor that flashes messages to the cube farm up high on the wall above and the right of Wanda’s cube. There is a message that flashes up … “this network brought to you by … and then a bunch of logos. Tripwire’s logo is on that sign.
I point it out, and Wanda shakes her head. “I object to that. Displaying what vendors we use because that’s the first thing a hacker would look for is, what technology do you have in here. That’s part of reconnaissance. My job is to think like a hacker so I’m in constant hacker think mode and that’s the first thing I would do is say, okay what technology do you have, what versions are you running, are those versions vulnerable, what vulnerabilities are against them, what exploits are against those vulnerabilities and then I found the hole and I’m in.”
I ask her about her background. She has a master’s degree in security from a big school. I tell her that I didn’t even know there was a masters in security.
“I didn’t either until I took an interest. The previous job I had, we had viruses going around and I personally spent nights cleaning out systems because I used to be management. I used to do what these guys did and I got tired of that and I’m like, there has to be something we can do about this and I started taking an interest in security and I found this degree and I’m like, awesome, I’m going to do this cause I’m going to fight these guys. When I graduated I’m like, okay I’ve got this degree, what can I do? The company I worked for was not interested in security at all, they didn’t care. So I started looking for a job and found this one.”
Wanda describes herself as a “watchdog”. Her job is to watch and alert people. I believe that she cares about her job. — her cube is decorated with motivational messages . I mention one in particular about how security people need to remember a business is being run. She laughs and tells me that she has that there to remind herself to lighten up. “I am a stickler”
Sometimes her boss tells her to let some issues slide, but Wanda is uncomfortable with that. The stuff that has happened in the past two years has just taken the hacking and breach to a whole new level.
“it’s incredible.” Wanda sighs, “Unfortunately the bad guys are winning.”
(The story you just saw is true. The names have been changed to protect the privacy of those who are participating in the Tripwire UX Lab Rat program. http://www.tripwire.com/uxlabrat/)
Note: This post was originally published here: http://www.tripwire.com/state-of-security/it-security-data-protection/watching-the-detectives/
