opines shamelessly into large rooms

A photograph of me speaking at LinuxConf Australasia 2019
My title slide for LCA 2019

LCA 2019 Security and Privacy Miniconf

Design for Security (Miniconf keynote)

Effective Communication of Security Advice | Purplecon 2018 (keynote), NZITF 2018 (keynote)

References | Worksheet | Slides | Video

For everyday people, security advice is confusing, boring, and ever changing. In response, we’ve developed what essentially are superstitious habits — theatrical, security-flavoured actions that we repeat in hopes of protecting ourselves from “the hackers”.

There are two big problems here. First, how do we effectively communicate relevant security advice to non-experts? And secondly, is that advice even persuasive enough to encourage real behavioural change? What kind of advice should we be conveying, and to whom?

In this talk we cover why everyday people don’t follow security advice. To help us come up with some solutions, we introduce concepts from behavioural design, psychology and medicine. And I put the theory to the test by trialling some unconventional ways of communicating security to the masses.

A photograph of the entrance to O'Reilly Velocity in San Jose
A photograph of me speaking at O'Reilly Velocity in 2018

O'Reilly Velocity San Jose 2018

Design for Security

Today, the internet owns our lives. Every website and app we touch knows us: our personal information, our inane ramblings, our deepest secrets. Security has never been more crucial, yet it’s a rare topic outside of ISM teams and hackers. And through the design lens, it’s completely missing.

This is a mistake.

There’s a misconception that security is a niche for masterminds. In the real world, most security breaches don’t come from 0days or neat hacks. In fact, most errors are human—simple scams that have worked since society began.

This is where design fills a missed opportunity. Good user experience design is necessary for good security. We can craft paths of least resistance that match paths of most security. We can educate our users on what is good practice and what is security theater. We can build secure flows that are usable, not obstructive or annoying.

Slides | Video

UXNZ 2017

Design for Security

Conference | Slides | Video

BSides Wellington 2017

Design for Security

Slides | Video

The Ideal Styling Language | CSSConfAu 2016

We know the problems with CSS: It’s hard to maintain. It’s hard to scale. There’s no scope. The cascade is as indiscriminate as it is unrelenting. And we’ve been trying to fix it for the past 10 years, with SaSS, ITCSS, CSS Modules, and so on. These wonderful pre- and post- processors are tackling the unwelcome symptoms of CSS. So let’s get straight to the point — what would the Ideal Styling Language look like?

What does atomic design look like in our Ideal Styling Language? How do we style interactions, rather than visual aesthetics separate from animations? Will it be functional, or object-oriented? How much DOM information do we include? How do we select elements in the DOM when the DOM itself is changing? How do we do this in a performant manner?

Finally, how realistic would this Ideal Styling Language be to implement? If it’s not realistic, what does this Ideal Styling Language tell us about how we should be writing CSS now?

It’s going to be a fun, interesting, and enlightening thought exercise. Just wait and see.

Conference | Slides | Video

Refactor 2016

Feminism is a Ramp

Conference | Transcript

National Digital Forum 2014

Passions into Reality

Conference | Video