Security through design - reading list

Following my Black Hat USA briefing I had a couple of people approach me asking for reading tips on the topics I covered (human centered design, failure in complex environments, use of checklists - to name a few). Also a good excuse to blow the dust off this old and unused blog.

Here we go:

• Everything from Sidney Dekker is worthwhile to build a better understanding about failure and the role of humans in complex environments - the book I showed in the session is The field guide to understanding ‘human error’ (note the quotes around ‘human error’)
• Atul Gawande’s The Checklist Manifesto does a great job at explaining what makes a good checklist and how to introduce checklists in new fields like medicine
• Also should mention Don Norman’s website and books - The design of everyday things or Living with complexity both good starting points
• Can’t cover design thinking without mentioning IDEO and Change by design by Tim Brown. They also host two HBR articles Design for action and Design Thinking on their website.
• Oldie/classic: Security and usability by Lorrie Cranor and Simson Garfinkel or the newer Usable security by Garfinkel and and Heather Lipford.

There’s also tons of stuff on sites like Coursera, like this course.

Any other tips or further questions, just let me know!