In this tutorial, participants will learn how to apply Design Thinking to foster cybersecurity awareness and engagement and improve the cybersecurity culture in their organisations. Arguing that humans are the weakest link in cybersecurity may sound obvious, given the number of cyber-breaches perpetrated to organisations, due to employees’ lack of skills/knowledge and negligence. However, blaming employees for not fully grasping the implications of their cyber-behaviours without equipping them with the tools and knowledge to do so is no solution.

In this tutorial, we will cover the fundamentals of Design Thinking, an approach that has been praised for its user-centeredness and effectiveness in increasing end-users’ engagement with seemingly inaccessible topics, tasks, and activities. From an end-user perspective, cybersecurity is an experience, and all experiences can be designed to maximise end-users’ engagement. Design Thinking is a powerful method to design experiences.

Participants will explore the four phases of Design Thinking and learn how to apply them to run company-wide initiatives to improve employees’ cyber-awareness and engagement.

The tutorial will be divided into two parts:

1) An interactive session that will cover the four phases of Design Thinking

2) A design lab for participants to address organisational challenges through a design-led approach.

At the end of the tutorial, participants will be able to:

• identify cybersecurity needs in their organisations, based on end-users’ inputs (e.g., what do employees struggle the most with, in cybersecurity?);
• setup a project plan aimed at co-creating solutions to organisational cybersecurity challenges for employees, with employees;
• run design-led workshops to improve the cybersecurity culture in their organisations.

Highly interactive and focused on maximising participants’ take-aways, this tutorial will teach design-led methods purposefully developed for, and not retrofitted onto, cybersecurity.