Abstract

Computer security is at its heart a human endeavor, from protecting the information and assets of importance to users and organizations, through the efforts of developers and administrators responsible for creating and ensuring that security, to the attackers and malefactors it is meant to resist. Mez will talk about some of the challenges in the relationship and interactions between humans and computer security, highlighting pertinent research advances along the way. She'll also share some lessons from bringing usable security to real world use. Many of the answers so far are partial, and there are still plenty of open questions and opportunities, involving theory, practice, and a better understanding of human systems.

Bio

Mary Ellen Zurko is a member of the Office of the CTO, Security Business Group, at Cisco Systems, and a Principal Engineer on the Next Generation Firewall team there. Mez has worked extensively in security; in product development, early product prototyping, and in research. She was security architect of one of IBM's earliest clouds; SaaS for business collaboration. She defined the field of User-Centered Security in 1996. As a senior research fellow at the Open Group Research Institute, she led several innovative security initiatives in authorization policies, languages, and mechanisms that incorporate user-centered design elements. She started her security career at DEC working on an A1 VMM, on which she recently coauthored a retrospective with a fellow member of the Forum on Cyber Resilience. She has written on active content security, public key infrastructures, distributed authorization, user-centered security, and security and the web. She is a contributor to the O'Reilly book "Security and Usability: Designing Secure Systems that People Can Use." She is on the steering committees of the International WWW Conference series, New Security Paradigms Workshop, and Symposium on Useable Privacy and Security. Mez received S.B and S.M. degrees in computer science from MIT.