Security and Usability in Enterprise IT

Jon Oberheide


When you think about security and usability, IT is probably not the first thing to pop in your head. Yet the IT systems and security that underpin every organization are critical to secure the data of companies, their employees, and the consumers they serve. At the same time, the security industry has created a complex market that requires a encyclopedic glossary to navigate, solutions that require superhuman powers to operationalize, and a user experience where “the users didn’t hate it” is a glowing endorsement. While the sales pitch of “we suck less” is more effective that you might imagine, empowered employees in modern organizations demand more of their IT organizations and expect the same streamlined user experience with technology at work as they do at home. The bar is low for IT security, but we can do better.

In this talk, we’ll share some of our philosophies on the intersection of simplicity, usability, and security applied to IT security controls, gleaned from our learnings at Duo protecting over 8,000 organizations of all shapes and sizes with diverse security cultures and user populations. We believe the impact that simplicity can have on security and usability for organizations, IT admins, and end users is undervalued, and advocate for further research.


Jon is the co-founder and CTO of Duo Security, responsible for leading product vision and the Duo Labs advanced research team. Before starting Duo, Jon was a self-loathing academic, completing his PhD at the University of Michigan in the realm of cloud security. In a prior life, Jon enjoyed offensive security research and generally hacking the planet. Jon was recently named to Forbes "30 under 30" list for his mobile security hijinks.

Time and Place

Thursday, April 28, 11:00am
Gates 459