Brandeis GPS Blog

Insights on online learning, tips for finding balance, and news and updates from Brandeis GPS

Month: October 2022

Brandeis GPS Sponsors UXPA Boston Annual Conference

Three people stand behind a table with tall Brandeis University signs on either side

From left to right: Director of Admissions Christie Barone, Brandeis GPS Alumni Craig Cailler, and Assistant Director of Partnership Engagement Michaela Henry

Last week, Brandeis GPS sponsored UXPA Boston’s annual conference. The event was a day-long, in person conference featuring networking opportunities, professional development sessions, and several panels and keynote speakers about different topics in the industry.

Our own User-Centered Design (UCD) faculty and board members were integral to the success of the day. UCD faculty member Bob Thomas is President of UXPA Boston. He kicked off the day with a welcome address, and later hosted a group mentoring session. The chair of the UCD program, Eva Kaniasty, was featured on the panel “Design of Design Education,” along with program board members Chris Hass and Lou Susi. 

Four people sit in a row of chairs on a stage, one speaking into a microphone

“Design of Design Education” Panel at UXPA Boston | From left to right: Jason Reynolds, Amy Heymans, Eva Kaniasty, and Chris Hass

Chris Hass is on the board of UXPA Boston as well.

Lou Cimaglia, a Brandeis GPS Lunch and Learn speaker, also gave a talk titled “Content Isn’t A Word: A Team Approach to UX Writing.” His Lunch and Learn – register here! – will be this Thursday, October 20 at 12pm.


For more information on the User-Centered Design program or any other GPS programs, visit our website.

Of reasonable security and other mythical creatures

The blue light from the screen of a half-open laptop lights up the keyboard

Written by: Alain Marcuse, Information Security Leadership Faculty

Imagine you are responsible for cybersecurity at your company. Your mission is to support the business, but you’re among the 90% of security leaders who believe they are falling short in addressing cyber risk, according to the 2021 Security Priorities study by Foundry. You are well aware that threats continue to evolve faster than your budget and/or resources; according to the same study, 54% of CISOs expect no increase at all in their budget next year. 

Against this backdrop, cybersecurity threats are certainly not standing still. According to PwC’s 2022 Global Digital Trust Insights report, more than 50% of organizations expect a surge in reportable incidents, over the 2021 rate. In short, the threat landscape continues to grow more rapidly than the resources available to you. 

But the challenge is not only a “simple” matter of balancing resources against threats. Cybersecurity is an increasingly regulated field, governed by sectoral laws such as HIPAA or industry standards such as PCI DSS, state laws such as in Massachusetts or New York, and even extra-territorial laws such as the European Union’s GDPR. Insurance companies are increasingly imposing their own requirements as well, in order to better manage underwriting risk.

In short, you need to make sure security doesn’t interfere with the business, or slow it down; but your primary responsibility is to maintain the organization’s security, in a context where the threats keep increasing, regulations keep multiplying, but the budget made available to you remains flat. 

You are expected to maintain “reasonable security”, but how do you define that, let alone achieve it? What’s deemed reasonable can well be in the eye of the beholder, and also changes over time. Technology evolution also requires updating the concept of what’s reasonable; what made sense in 2012 does not necessarily make sense in 2022. Consider something as simple as password length. PCI DSS 3.2.1, a standard released in 2018 and which still governs security requirements at merchants that use credit cards, requires passwords to be 7 characters long. In 2022, it is estimated that such weak passwords can be cracked within 7 seconds. Is this “reasonable?” If a breach happens, how will you answer “how could you let this happen?”

The key to resolving this challenge is to regularly take the time to take stock of the threat landscape, and the security program’s ability to confront it, by means of a formal risk assessment – whether conducted internally or by an external party. While most security teams are often stretched simply keeping up with day-to-day challenges, it is important to take the time to look at the broad picture and ensure security strategy and tactics are still aligned to the threats, regulations, and business requirements at hand. A risk assessment will also help with prioritizing what initiatives will be undertaken and why, and what risks will be deemed acceptable, making the program more defensible when discussing it with other executives, the Board, or regulators. 

While regular risk assessments provide a frame of reference to enable an answer to the “reasonableness” question, it is important to remember that the reality is that all security programs will fail, in one way or another, sooner or later. Cybersecurity is a form of asymmetric warfare where the enemy is typically better equipped and less constrained than the defenders. As a result, two key elements must be prioritized: defense in depth, and incident response. 

If you have received a breach notification from a company you work with, you will undoubtedly have noticed that the breach was always the result of a “sophisticated” attack, possibly leveraging a “zero-day” vulnerability. By definition, a “zero-day” vulnerability is one for which no patch currently exists. As of mid-2022, 18 such vulnerabilities came to light just this year. Given the near-certainty that some attack vectors will succeed, implementing a defense-in-depth strategy will help minimize the damage, in a cybersecurity version of James Reason’s “Swiss cheese model” metaphor in describing failure of complex systems.

While a defense-in-depth strategy can help minimize the damage, damage will almost certainly happen at some point; it is here that a well-developed incident response program matters most. This is really not dissimilar to good crisis management practice in any other discipline; a well-prepared, well-rehearsed plan for managing and communicating about a cybersecurity incident will go a long way towards mitigating damage, including reputational damage. 

The concept of “reasonable security” may well be an elusive beast, given it can be subjective and/or defined differently depending on the entity or circumstances in which the reasonableness question is answered. But a security program structured on the foundation of regular risk assessments, deploying a well-considered strategy of defense in depth, and supported by a properly-rehearsed incident response plan, will be more likely to be perceived as meeting a “reasonableness” standard.


Alain Marcuse is a professor in the Information Security Leadership program at Brandeis University, and the Chief Information Security Officer at Validity Inc.

For more information about the Information Security Leadership program or other online master’s degrees available at GPS, please visit brandeis.edu/gps.

Q&A with Elizabeth Rosenzweig

Faculty: Elizabeth Rosenzweig

Program: User-Centered Design

Education: Massachusetts Institute of Technology, SM and Goddard College, B.A.

Bio: Elizabeth Rosenzweig is a design researcher whose mission is to use technology to make the world a better place. She believes that the best design comes from good research. This all starts with a user-centered design. From volunteer events, design challenges, and research projects. Elizabeth has been able to push the bounds of the current status quo and innovate. Examples include founding running World Usability Day, producing 4 Patents on intelligent design for image management and organizations, long-term impact on Medicare.gov, yearlong study on body-worn cameras, and other projects. Rosenzweig’s work can be seen at designresearchforgood.org.

 

How did your career journey lead you to User-Centered Design? What has the path been to becoming a design researcher?

I started my career as a photographer and a graphic designer.  I thought that visual art/design was going to be my career journey. But an unexpected development happened when I applied to graduate school and ended up  at the MIT Media Lab.  There I had a front row seat to the development of user centered design, human-computer interaction and UX. My volunteer work at various organizations has confirmed how important our field really is.  It has been an honor and a privilege to be part of this developing field.

 

What design and/or technology trends are currently exciting you?

Intelligent user interfaces (IUI) have been something that has always interested me. In fact I did quite a lot of research on it. Using IUI to help put humans first, through the field of human-centered artificial intelligence(HCAI). HCAI is very exciting to me and has the potential to change the world in a positive way because it includes not only UCD but ethics and goals, 

 

What are your best hopes for the students in your courses?

I hope my students come to know how important our work is to our society.  UCD is our hope for the future, by putting the human at the center of design can ensure we create products and services that help solve our biggest problems.

 

Do you have any advice for Brandeis GPS community members planning a job search in UX?

We can use our UX skills in every aspect of our lives including our job search.  Define your own persona, what are your goals, do you want to do UX design or UX research? In the interviews, what is the persona of the people interviewing you, what are their goals and challenges. Ask thoughtful questions.   Know your strengths and be honest about the areas you need to develop.  Finally, when you’re starting out. It is important to have a portfolio to show people what you’ve done. In the portfolio it’s very important to describe what you did, the use case, and what your role was and how it impacted the project.

 

What is a fun fact about you that Brandeis GPS community members may not already know?

When I was in college I took a job teaching blind people to ski, the training included a full day skiing blindfold. Before that training, I had imagined what it would be like if I were blind, but living a day without seeing made me realize that experience was not one I could even imagine, it was so different then my own experience. That is when I learned the true importance of empathy and how important it is to understand a person’s experience, to put yourself in their shoes so you can develop a product or service that helps them make their lives better.

 

For more information on the User-Centered Design program or any other GPS programs, visit our website.

Brandeis GPS Sponsors Events at Boston Fintech Week 2022

Two men smile and shake hands with a screen reading "Brandeis" in the background

Panelist Sasidhar Sista and Professor Ahmad Namini greet one another before the panel “Global Fintech Spotlight.” Photo by Ashley McCabe.

Last week, Brandeis University Graduate Professional Studies sponsored Boston Fintech Week, hosted by Fintech Sandbox. The three-day event centered on panels and keynote speakers exploring the intersection of finance, technology, and various other industries like healthcare, education, banking, and more.

Brandeis GPS hosted two events in partnership with Brandeis International Business School. The first was a panel, Global Fintech Spotlight, moderated by Ahmad Namini, Professor of the Practice of Business Analytics at Brandeis University’s International Business School. Panelists engaged about the current state of the industry and where they see potential for growth. The panelists included:

  • Tal Sharon, Managing Partner at Equitech Ventures and President at FinTech-Aviv, the Israeli FinTech Association
  • Micah Sabovik, Chief Operating Officer and Head of Marketing at MentorWorks Education Capital
  • Sasidhar Sista, Co-Founder of GradRight Inc.
  • Amitabha Sinha, Pentation Analytics
Two men sit in front of an audience having a conversation

Eric Rosengren and Stephen Cecchetti speak to a full audience during their event “A Conversation on Central Bank Digital Currencies.” Photo by Ashley McCabe.

The second sponsored event was A Conversation on Central Bank Digital Currencies, featuring Eric Rosengren, Visiting Professor at the MIT Golub Center for Finance and Policy and the former President and CEO of the Federal Reserve Bank of Boston, and Stephen Cecchetti, the Rosen Family Chair in International Finance at Brandeis International Business School. The pair discussed personal and economic benefits of using a digital currency.

Brandeis University hosted a reception to cap off a successful week. The events presented opportunities to make valuable connections with others in the industry, and many fruitful discussions were had. 

For more information on the Digital Innovation for FinTech program or any other GPS programs, visit our website.

© 2022 Brandeis GPS Blog

Theme by Anders NorenUp ↑

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)