Talk I gave at ISSA 2013 CISO forum, looking at some human factors issues in cybersecurity. I discuss some of our research in anti-phishing, user interfaces, mental models of cybersecurity, and ways of motivating people.
Social Cybersecurity, or, A Computer Scientist's View of HCI and Theory, at ...Jason Hong
June 2015
This talk looks at our team's ongoing work in using social psychology and diffusion of innovations to improve cybersecurity. It also reflects on the role of theory, in terms of offering inspiration for new ideas, a useful vocabulary, guidance for what to build and how to build things better, as well as insight into the problem space. This talk also offers some advice for people building theories, adapting Pasteur's quadrant and Diffusion of Innovations to theory, to help people who build and design systems.
The Role of Social Influence In Security Feature Adoption, at CSCW 2015Jason Hong
Social influence is key in technology adoption, but its role in security-feature adoption is unique and remains unclear. Here, we analyzed how three Facebook security features—Login Approvals, Login Notifications, and Trusted Contacts—diffused through the social networks of 1.5 million people. Our results suggest that social influence affects one’s likelihood to adopt a security feature, but its effect varies based on the observability of the feature, the current feature adoption rate among a potential adopter’s friends, and the number of distinct social circles from which those feature-adopting friends originate. Curiously, there may be a threshold higher than which having more security-feature adopting friends predicts for higher adoption likelihood, but below which having more feature-adopting friends predicts for lower adoption likelihood. Furthermore, the magnitude of this threshold is modulated by the attributes of a feature—features that are more noticeable (Login Approvals, Trusted Contacts) have lower thresholds.
Designing the User Experience for Online Privacy, at IAPP Navigate 2013Jason Hong
Talk I gave at IAPP 2013 Navigate conference, on designing for the user experience of privacy. I give examples of why privacy is so hard to design for. I also talk about three ideas for improving privacy, including privacy nutrition labels, using crowdsourcing, and privacy placebos.
https://www.privacyassociation.org/events_and_programs/navigate_2013/
Privacy, Ethics, and Big (Smartphone) Data, at Mobisys 2014Jason Hong
Keynote talk I gave at the Mobile and Cloud Workshop at Mobisys 2014. I talk about my experiences and reflections on privacy, focusing on (1) Urban Analytics, (2) Google Glass, and (3) PrivacyGrade.
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016Jason Hong
This talk looks at some of the CHIMPS research group's work on urban analytics and on analyzing smartphone apps, and offers a reflection on how we can improve the privacy landscape by focusing on key parts of the ecosystem.
Social Cybersecurity, or, A Computer Scientist's View of HCI and Theory, at ...Jason Hong
June 2015
This talk looks at our team's ongoing work in using social psychology and diffusion of innovations to improve cybersecurity. It also reflects on the role of theory, in terms of offering inspiration for new ideas, a useful vocabulary, guidance for what to build and how to build things better, as well as insight into the problem space. This talk also offers some advice for people building theories, adapting Pasteur's quadrant and Diffusion of Innovations to theory, to help people who build and design systems.
The Role of Social Influence In Security Feature Adoption, at CSCW 2015Jason Hong
Social influence is key in technology adoption, but its role in security-feature adoption is unique and remains unclear. Here, we analyzed how three Facebook security features—Login Approvals, Login Notifications, and Trusted Contacts—diffused through the social networks of 1.5 million people. Our results suggest that social influence affects one’s likelihood to adopt a security feature, but its effect varies based on the observability of the feature, the current feature adoption rate among a potential adopter’s friends, and the number of distinct social circles from which those feature-adopting friends originate. Curiously, there may be a threshold higher than which having more security-feature adopting friends predicts for higher adoption likelihood, but below which having more feature-adopting friends predicts for lower adoption likelihood. Furthermore, the magnitude of this threshold is modulated by the attributes of a feature—features that are more noticeable (Login Approvals, Trusted Contacts) have lower thresholds.
Designing the User Experience for Online Privacy, at IAPP Navigate 2013Jason Hong
Talk I gave at IAPP 2013 Navigate conference, on designing for the user experience of privacy. I give examples of why privacy is so hard to design for. I also talk about three ideas for improving privacy, including privacy nutrition labels, using crowdsourcing, and privacy placebos.
https://www.privacyassociation.org/events_and_programs/navigate_2013/
Privacy, Ethics, and Big (Smartphone) Data, at Mobisys 2014Jason Hong
Keynote talk I gave at the Mobile and Cloud Workshop at Mobisys 2014. I talk about my experiences and reflections on privacy, focusing on (1) Urban Analytics, (2) Google Glass, and (3) PrivacyGrade.
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016Jason Hong
This talk looks at some of the CHIMPS research group's work on urban analytics and on analyzing smartphone apps, and offers a reflection on how we can improve the privacy landscape by focusing on key parts of the ecosystem.
Intelligent Agents for Helping Humanity Reach Its Full PotentialJason Hong
Within fifty years, we will build and deploy highly personalized intelligent agents that can help us find, set, and meet hard goals to improve our lives in meaningful ways that we choose. Think of it as a cross between a lifelong coach, a caring uncle, and an honest and supportive friend. Or, if you are into science fiction, consider it as a combination of Samantha in the movie Her, the Young Lady’s Primer from the book The Diamond Age, and Minds from Iain Bank’s The Culture series. Let’s call this agent Maslow.
How to Analyze the Privacy of 1 Million Smartphone AppsJason Hong
These slides are from a briefing to Congressional staffers about privacy, October 30 2014. It talks about our ongoing work with PrivacyGrade.org, which uses crowdsourcing techniques plus static analysis techniques to infer the privacy-related behaviors of apps.
Pew Internet Director Lee Rainie delivered the keynote presentation at WorldFuture 2012 in Toronto on Friday, July 27. The presentation, based on his latest book, Networked: The New Social Operating System (co-authored with Barry Wellman), discussed the findings of the most recent expert surveys on the future of teens’ brains, the future of universities, the future of money, the impact of Big Data, the battle between apps and the Web, the spread of gamification, and the impact of smart systems on consumers.
Talk given at Delft University speaker series on "Crowd Computing & Human-Centered AI" (https://www.academicfringe.org/). November 23, 2020. Covers two 2020 works:
(1) Anubrata Das, Brandon Dang, and Matthew Lease. Fast, Accurate, and Healthier: Interactive Blurring Helps Moderators Reduce Exposure to Harmful Content. In Proceedings of the 8th AAAI Conference on Human Computation and Crowdsourcing (HCOMP), 2020.
Alexander Braylan and Matthew Lease. Modeling and Aggregation of Complex Annotations via Annotation Distances. In Proceedings of the Web Conference, pages 1807--1818, 2020.
Lee Rainie, Director of Internet, Science, and Technology research at the Pew Research Center, presented this material on December 12, 2016 to a working group at the National Academy of Sciences. The group is exploring how to think about creating an academic discipline around "data science."
Lee Rainie, director of Internet, Science and Technology research at the Pew Research Center, described the Center’s research about public views related to facts and trust after the 2016 election at UPCEA's “Summit on Online Leadership.” He explored how education is affected as students face challenges finding and using knowledge. In addition, he covered the Center’s latest research about how ubiquitous technology shapes the new information landscape for students.
Appreciating Contradications: The Cyberpsychology of Information SecurityCiarán Mc Mahon
Information security is at a critical juncture. How do we solve the weakest link - human psychology? Insight from cyberpsychology into leadership, power and persuasion are essential. These slides are from Dr Ciarán Mc Mahon's keynote at (ISC)² Security Congress EMEA, Sofitel Munich, October 2015
How to use Big Data to drive product strategy and adoptionUXPA International
Today, billions of activities and interactions happen online. The level of interactions with online applications are getting more complex as well. Within the UX, we have the opportunity to understand collective behavior and various experiences through big data.
Specifically, large scale and strategical directions to products can be determined and evaluated through big data behavioral analysis. In this talk, I will go through various types of research objectives, appropriate methodologies and explain how we can use quantitative methodologies to solve UX and user behavior problems and drive product strategy. In this presentation, I will go through a couple of example case studies and topics where behavioral data can help us better understand users and inform strategic product development.
Presented by Saide Bakhshi
Pew Internet Director Lee Rainie was honored to give the Joe Pagano Memorial Web Analytics Lecture for the federal government’s Webmanager University. He discussed the latest Pew Internet data about the triple revolution in technology – in broadband, in mobile, and in social networking – and how these changes affect e-government and e-health activities by citizens. He also explored how these changes impact the broader environment of civic life and some of the changes that are likely on the horizon.
Leveraging Human Factors for Effective Security Training, at FISSEA Mar2012Jason Hong
I discuss a range of human factors issues for cybersecurity, in particular cybersecurity awareness and education. Topics include mental models, user interfaces, and simulated attacks.
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsJason Hong
Talk Feb2019 at UCSD's Halıcıoğlu Data Science Institute, Security and Privacy at the Edge: Challenges and Future Directions
In the near future, our smart devices will know almost everything about us. These devices, combined with AI technologies, will offer many opportunities to vastly improve society in positive ways. However, these same technologies also pose dramatic new challenges for privacy and for ethics. In this talk, I'll sketch out why privacy is so hard to tackle, how and why we have failed in privacy and ethics in web and smartphones, and discuss some possible social, legal, and technical approaches for steering IoT in more positive directions.
http://datascience.ucsd.edu/security-and-privacy-symposium/venue.html
Intelligent Agents for Helping Humanity Reach Its Full PotentialJason Hong
Within fifty years, we will build and deploy highly personalized intelligent agents that can help us find, set, and meet hard goals to improve our lives in meaningful ways that we choose. Think of it as a cross between a lifelong coach, a caring uncle, and an honest and supportive friend. Or, if you are into science fiction, consider it as a combination of Samantha in the movie Her, the Young Lady’s Primer from the book The Diamond Age, and Minds from Iain Bank’s The Culture series. Let’s call this agent Maslow.
How to Analyze the Privacy of 1 Million Smartphone AppsJason Hong
These slides are from a briefing to Congressional staffers about privacy, October 30 2014. It talks about our ongoing work with PrivacyGrade.org, which uses crowdsourcing techniques plus static analysis techniques to infer the privacy-related behaviors of apps.
Pew Internet Director Lee Rainie delivered the keynote presentation at WorldFuture 2012 in Toronto on Friday, July 27. The presentation, based on his latest book, Networked: The New Social Operating System (co-authored with Barry Wellman), discussed the findings of the most recent expert surveys on the future of teens’ brains, the future of universities, the future of money, the impact of Big Data, the battle between apps and the Web, the spread of gamification, and the impact of smart systems on consumers.
Talk given at Delft University speaker series on "Crowd Computing & Human-Centered AI" (https://www.academicfringe.org/). November 23, 2020. Covers two 2020 works:
(1) Anubrata Das, Brandon Dang, and Matthew Lease. Fast, Accurate, and Healthier: Interactive Blurring Helps Moderators Reduce Exposure to Harmful Content. In Proceedings of the 8th AAAI Conference on Human Computation and Crowdsourcing (HCOMP), 2020.
Alexander Braylan and Matthew Lease. Modeling and Aggregation of Complex Annotations via Annotation Distances. In Proceedings of the Web Conference, pages 1807--1818, 2020.
Lee Rainie, Director of Internet, Science, and Technology research at the Pew Research Center, presented this material on December 12, 2016 to a working group at the National Academy of Sciences. The group is exploring how to think about creating an academic discipline around "data science."
Lee Rainie, director of Internet, Science and Technology research at the Pew Research Center, described the Center’s research about public views related to facts and trust after the 2016 election at UPCEA's “Summit on Online Leadership.” He explored how education is affected as students face challenges finding and using knowledge. In addition, he covered the Center’s latest research about how ubiquitous technology shapes the new information landscape for students.
Appreciating Contradications: The Cyberpsychology of Information SecurityCiarán Mc Mahon
Information security is at a critical juncture. How do we solve the weakest link - human psychology? Insight from cyberpsychology into leadership, power and persuasion are essential. These slides are from Dr Ciarán Mc Mahon's keynote at (ISC)² Security Congress EMEA, Sofitel Munich, October 2015
How to use Big Data to drive product strategy and adoptionUXPA International
Today, billions of activities and interactions happen online. The level of interactions with online applications are getting more complex as well. Within the UX, we have the opportunity to understand collective behavior and various experiences through big data.
Specifically, large scale and strategical directions to products can be determined and evaluated through big data behavioral analysis. In this talk, I will go through various types of research objectives, appropriate methodologies and explain how we can use quantitative methodologies to solve UX and user behavior problems and drive product strategy. In this presentation, I will go through a couple of example case studies and topics where behavioral data can help us better understand users and inform strategic product development.
Presented by Saide Bakhshi
Pew Internet Director Lee Rainie was honored to give the Joe Pagano Memorial Web Analytics Lecture for the federal government’s Webmanager University. He discussed the latest Pew Internet data about the triple revolution in technology – in broadband, in mobile, and in social networking – and how these changes affect e-government and e-health activities by citizens. He also explored how these changes impact the broader environment of civic life and some of the changes that are likely on the horizon.
Leveraging Human Factors for Effective Security Training, at FISSEA Mar2012Jason Hong
I discuss a range of human factors issues for cybersecurity, in particular cybersecurity awareness and education. Topics include mental models, user interfaces, and simulated attacks.
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsJason Hong
Talk Feb2019 at UCSD's Halıcıoğlu Data Science Institute, Security and Privacy at the Edge: Challenges and Future Directions
In the near future, our smart devices will know almost everything about us. These devices, combined with AI technologies, will offer many opportunities to vastly improve society in positive ways. However, these same technologies also pose dramatic new challenges for privacy and for ethics. In this talk, I'll sketch out why privacy is so hard to tackle, how and why we have failed in privacy and ethics in web and smartphones, and discuss some possible social, legal, and technical approaches for steering IoT in more positive directions.
http://datascience.ucsd.edu/security-and-privacy-symposium/venue.html
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing Jason Hong
Talk Feb2019 at Lakehead University for Rise of the Machines
In the near future, our smart devices will know almost everything about us. These devices offer the opportunity to vastly improve our healthcare, urban planning, safety, and more. However, these same devices also pose dramatic new challenges for privacy and for ethics. In this talk, I'll discuss how these smart devices work, what they can learn about us, and what we need to make sure that the benefits of these technologies vastly outweigh the costs.
https://www.lakeheadu.ca/about/news-and-events/news/archive/2019/node/50549
Introduction to User Experience and User Interface Design: A One-Hour Crash C...Jason Hong
A one-hour crash course on UX design and User Interface Design. I talk about methods for understanding users (contextual inquiry, diary studies, bodystorming), basic design principles (layout, color, mental models, grid), rapid prototyping (building user interfaces quickly, paper prototypes), and evaluation (heuristic evaluation).
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01TechSoup
Visit http://www.techsoup.org for donated technology for nonprofits and public libraries!
With October 1 kicking off the start of National Cyber Security Awareness Month, we want to make sure you've got the right tools and know-how to keep your nonprofit or library running smoothly and safely online.
Join Symantec's Kelley Bray, who also spent years training government agency staff from TSA to Homeland Security on smart practices for personal safety, office security, and keeping your data and activities protected in our Internet-enabled world.
Key takeaways include:
-- Practical tips you can implement today to make your identity safer online
-- Tangible practices you can adopt for your staff and office to secure your data and website
-- Know-how to identify tricks and scams so you can avoid putting your organization or your constituents at risk
-- And more!
Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.
Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...Outpost24
Our security experts present how to step up your cyber hygiene best practice to prevent targeted hacking attempts from remote code execution to network exploitation.
Chip Cleary, VP of Design, Solutions & Consulting at Kineo US guest presented for Kineo Pacific and shared a three-step process for designing training solutions that are effective, efficient and get results, including:
Focusing on what matters
Designing for results
Delivering efficiently
See a recording of the webinar: http://bit.ly/1KEamzZ
Cultivating security in the small nonprofitRoger Hagedorn
This is an expanded version of a previous presentation; that I did for the Nonprofit Technology & Communications Conference held on April 10, 2013 in Minneapolis MN
Harnessing UEBA and Machine Learning technologies to protect enterprises from...ZoneFox
Cybersecurity trends come and go, but machine learning looks to be here to stay. According to a recent survey, 43% of of data breaches in recent years were caused by employees, contractors or suppliers, either negligently or maliciously. How can we harness UEBA and machine learning technologies to protect against the insider threat?
Social Networks and Security: What Your Teenager Likely Won't Tell YouDenim Group
John Dickson's presentation to a group of Chief Security Officers (CSOs) about the security implications of social networking sites such as LinkedIn, Facebook, Twitter and MySpace. He encourages CSOs to approach social networking as a business issue rather than a security issue if they want to maximize their influence.
Similar to Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO Forum, in Pittsburgh July 2013 (20)
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Will first describe my background and where I’m coming from, so you can get a better understanding of the context of this talk.I work in a field called human-computer interaction. The main goal of human-computer interaction is to understand how to create effective and successful kinds of interactions, ones that are useful, usable, and desirable.Interactions can succeed, and we have lots of examples of successes.
However, interactions can also fail, leading to inefficiencies, frustrations, and failures.
My colleagues and I combine elements from computer science, psychology, learning science, and interaction design.
Modern web browsers have special warnings for identifying phishOur evaluation of several blacklists show they catch ~80% of phish after 24 hours, but not very good in first few hoursAre these browser interfaces effective?What makes them work (or not)?After, step back and consider what this all means for training
See Folk models of home computer security by Rick Wash http://scholar.google.com/citations?view_op=view_citation&hl=en&user=ef0ApTwAAAAJ&citation_for_view=ef0ApTwAAAAJ:Tyk-4Ss8FVUC
These findings led us to think about how to educate and train people about phishing attacks…Also shows some mental model weaknesses
These findings led us to think about how to educate and train people about phishing attacks…