Think. Design. Cyber. 

Design started thousands of years ago. 

Design Thinking started nearly a century ago.

Design Thinking for cyber we started over a decade ago.

Design Thinking for Cybersecurity

Cyber Forensics force asking,
"What did we miss?" and "Why did we miss it?"

Investigations are at least uncomfortable, if not ugly. As are:

  • Cost of damage control
  • Cost of wastefully complex security apparatus
  • False sense of security
  • Painful feeling of running faster yet falling behind

(Learn more about where cyber forensics led us in "The Story.")

Start by exploring 4 questions:

  • What is design thinking?
  • How does design thinking bring something different to cybersecurity?
  • What is the value of design thinking in cybersecurity?
  • What powers design thinking to be a force multiplier in your organization?

Don't wait for security incidents and forensics, be proactive and outthink your adversaries. 

What is design thinking?

Design thinking is thinking like a designer -- innovative problem-solving
 

Observing how people behave to discover what people might need or desire from a new product.

Design in art, architecture, clothing, food and more flourished for thousands of years. Design became formalized into schools of thought.

Design thinking formalized thousands of years of design in art, architecture, clothing and food. Then into psychology, sociology, anthropology, biology and more.

In business, design thinking has been applied in diverse products including autos, home appliances, consumer electronics, manufacturing and processed foods.

Design thinking informs the user experience in human-computer interface by blending storytelling with ease of using computers. 

Design involves four broad applications: style, usability, serviceability, and manufacturability.

How can we apply design thinking to cybersecurity? Read on...

How does design thinking bring something different to cybersecurity?

If design thinking is already used in your company, then you’ve already witnessed the success in breakthroughs in new products, operations, marketing, customer service and more. As a consumer, you've benefited from design thinking.
 

Design thinking starts with challenging established norms ( called paradigms, frames or perspectives in design-speak). It asks…

  • Are those still effective?
  • Were they ever?

Challenging and "breaking the mold" 

  • In art, architecture or fashion, challenge is to trend-set
  • In business, the challenge is to discover unrealized buyer needs and desires become new product opportunities
  • In cybersecurity, challenge is to reveal threats and vulnerabilities (including those caused by "trusted doctrine"), and reveal smarter ways to reduce your attack surface.
  • In military, challenge is to save lives in combat and more easily achieve mission

Design thinking realizes that:

  • Cybersecurity is not linear or static -- like diagnosing the cause of a dead battery in a car
  • Cybersecurity, like cars, is more than: secure engineering an individual part to a design, designing tools used in secure engineering, or designing a secure engineering process
  • In a dynamic, chaotic system, success comes from thoroughness and speed of thinking, learning and adapting -- like an off-road auto race


Asking these questions has led to amazing new products you've experienced in appearance plus ease of use, manufacture and service. From easier websites to delicious food to stylish clothing to engaging car dashboards, it’s all about design.

Design thinking is all around you.

Curious about design thinking in cybersecurity? Read on…

What is the value of design thinking in cybersecurity?

Design thinking is proven and practical across disciplines. In cybersecurity, consider...

For you as an individual, it gets you off the gerbil wheel -- for starters :). 

  • This starts by separating the structural flaws of cybersecurity from the implementation flaws
  • Then focuses structural flaws (e.g., wrong use of "controls")
  • Running faster on a gerbil wheel to fix implementation flaws without first fixing structural flaws won't get you anywhere.
  • This is a lifesaver! (Your family will thank you too!)

For your organization, this:

  • Helps avoid self-inflicted wounds (incidents and breaches) due to structural and implementation flaws
  • Increases resilience, especially by dovetailing systems thinking and asking, "How does it work?" and "Why does it work that way?"

Because organization methods that you are required to use fail to realize:

  • The magnitude of change, complexity and fatigue -- catalysts of risk
  • That cybersecurity is a dynamic, chaotic system -- requiring "emergent practice" ("best practice" only works for stable systems)
  • That divergent thinking is needed (convergent, siloed, group thinking invites security breaches)
  • That "frameworks" -- by being freezing learning in the past and fencing out iterative learning -- become the self-inflicted cause of security incidents and breaches.
     

Dozens, maybe hundreds of tools are now available to the designer to revisit assumptions and discover. So are design tools all that are needed? For the answer, read the next Q&A…

What powers design thinking to be a force multiplier in your organization?

Design thinking is a rich set of tools catalyzing spectacular successes. Yet, there is more to fashion design than a color pallet.
 

For success, also needed are…

  • A process that embeds design in the lifecycle of a product. In business, this is New Product Management.
  • To make New Product Management successful requires organizational change
  • Systems thinking to understand the "how it works" that enables "Why?" and future "What if?" questions to be asked and to discover root causes and real (not superficial) problems. Asking and learning enables "because..." answers. Like Cyber Forensics, but before a breach.
  • These "What if?" scenarios are robust and life-like as in novels or films, unlike the limited scenarios of typical risk management
  • To bring together the mix of humanities and sciences that has propelled the success of design thinking requires “diverse, diverse high-performance teams.” “Diverse, diverse” means diversity in ways that are both visible (e.g., gender and ethnicity) and invisible (thought and perspective). This is because – especially in deeply specialized disciplines like cybersecurity – diversity can hide group think and conformist adherence to “trusted sources.”
  • Coaching in context of cybersecurity – not just general leadership. Instead, individual coaching for individual people specifically in context of cybersecurity and business outcomes. This is similar to individual coaching in a sport or musical instrument.

Now you know the answers to the four questions.

Are you feeling empowered by this insight? 

At least, are you curious to learn more? 

Are you an active learner by nature?


To discover more about how these insights can make your job (and life) easier, better protect your organization and make our world safer from adversaries, you are welcome to explore the "Learn More" page and join in this initiative. 


Sign up on our Contact Page to receive…
 

  • A welcome package with the next layer of insight
     
  • Notification when registration opens for an online intro to design thinking for cybersecurity

Scroll down for a bonus...

Bonus: What is unique about ThinkDesignCyber?

If you've read this far, you'd probably like to know that:

ThinkDesignCyber is different because it draws on the entirety of proven and practical design thinking:

  • New product lifecycle in appearance/style plus ease of use, manufacture and service. Then to generations of product renewal until retirement -- "whole-life" design.
  • Four types of designer-user conversations
  • Designing diverse, high-performance teams so cybersecurity design success is easier
  • Challenging existing paradigms/frames/perspectives/doctrines. This mirrors use in military. Of course, military has been a source of inspiration for cybersecurity pros.

ThinkDesignCyber is in sharp contrast to limited uses of design in tech and cybersecurity: 
 

  • User Experience (UX) – using design tools to 1) help prevent user actions that lead to an incident or 2) design security “controls” for ease of use
  • Include security earlier in software development

ThinkDesignCyber goes beyond design to draw on insights from New Product Management and organizational change. This is to achieve:
 

  • Scale beyond design the conversations that are focused on identified users
  • Efficiency and effectiveness in project management
  • Change that sticks” beyond the tenure of an initial design champion

© Copyright 2010-2021. All rights reserved. ValueBridgeAdvisors, LLC