Jake Ingman has always been fascinated by the intersections of design, technology, and art. Learn about the unique possibilities that exist for design within cybersecurity and his advice for centering user needs and joining the field.
As a kid, Duo’s first Principal Product Designer Jake Ingman would take apart the telephones and radios his mother would get from thrift stores to see how they worked. In high school, his interest grew into robotics.
“I was fascinated by figuring out how the pieces of something go together to create something bigger,” Ingman said. He studied mechanical engineering at Iowa State University and continued his education with its first Human Computer Interaction (HCI) master’s program which was interdisciplinary with art, design, and engineering.
“The HCI program is where I learned about human-centered design, design principles, and product design. I tried to use technology to make things easier for people or more useful,” he said. That passion is a throughline in Ingman’s journey to becoming a product designer.
When did you first develop a passion for design?
So way back in the ’80s, my dad was one of the first people on the block to have a computer. He was always tinkering and using it for creative endeavors.
One time when I was pretty small, he put me on his lap and just smashed the keyboard. I was a bit stunned for a second and then he said, “See, you can't break it.” It’s really stayed with me where I have this comfort with technology and understanding that it’s there to serve us. It’s not something to necessarily be afraid of.
What led you to designing in cybersecurity?
About 10 years ago, I joined a startup as the first employee. The founders of the company, the chief technology officer and all of the engineers had a passion for digital privacy and security.
Even though that wasn’t necessarily required for the thing that we were building, it was something that was in the bones of the people working on the project, so I got to learn a whole lot about these security concepts and figure out how to internalize them as a designer. Not only so that I could competently and confidently build and design the product that we were working on, but also so that I could do the problem discovery side of things, too: being able to sit down with a customer and break down what their security-related problems were and figure out how the tools that we were building could fit into that.
I was able to bring a unique perspective as a designer and translate ideas into things that could be broken down, understood and put back together. No one understands the customer’s problems better than the customer.
If you’re going in with an opaque solution and telling the person, “This is how this thing is used,” you miss opportunities to help the customer understand the tools that you're building, and then let them be a partner in the co-designing or co-innovating process. We can really make sure that we have a very good fit between what the customer’s actual problems are, and what we’re building.
What is the biggest challenge in designing for security?
A huge part of the challenge of security is that we want to try and do as much as we can on our side to make users more secure without having them do more. A large part of the job is making sure that I understand the technologies and capabilities that we’re developing so that I can bring that understanding to the table and say, “Is there a different way that we can provide the same security outcome without impacting the user experience?”
I’m also engaged in the product development process from talking directly to customers along with product designers, product managers, and engineering teams. Understanding what all of these different teams are working on lets me connect the dots between these things and innovate.
It's like, “Hey, maybe there’s some new way we can connect these three different things to provide a better experience.” Or, “Is there a way we can take this part of our product out of Lee’s day-to-day experience?”
Lee is our end-user persona. I spend a lot of my day talking about Lee. The kids at the dinner table ask if they’re ever going to get to meet Lee. Lee is a very important part of my life and has really just become a part of my family life as well, I’m afraid to say.
How do you translate the needs and challenges of Lee into design solutions and innovation?
Part of it is understanding Lee’s needs. When it comes to the end user, more than anything, Lee needs security to be convenient since it’s a requirement. So the best thing that we can do is make Duo and make security as convenient as possible for Lee.
That breaks down into three different properties. It has to be accessible, of course, because security is something that's necessary for everyone. So when we’re designing for user needs, we’re designing for people who are using assistive technologies or people who might not have a smartphone.
We try to learn about the needs of all of our users and make sure that we're designing a fair and convenient baseline to try and meet those different needs. Once we’ve met that baseline, the next step is to make sure that we're not disrupting Lee’s work. We’re kind of this security gate that Lee goes through on the way to work, so we try to make that as seamless and as infrequent as possible.
What opportunities exist for designing in cybersecurity?
As a product designer working in cybersecurity, it’s this really unique opportunity for a designer to try very hard to reduce engagement in the product that we’re making. How can we safely reduce engagement in this security apparatus that we have? When end users do have to authenticate and prove their identity, how can we let them do that as conveniently as possible?
Frankly, where a lot of the new stuff that we’re working on comes to bear is that Lee’s productivity is something that is very important to our customers. So they appreciate anytime we can innovate in a way that reduces this security burden for their users.
An important part of that, too, is understanding what threats our customers are facing and figuring out how we can innovate in ways that can defend Lee against those threats. That’s ultimately where our customers find value: that sweet spot where we’re providing the best possible security in a way that’s as convenient as it can be for Lee.
What advice do you have for people who want to design in cybersecurity?
First, If you want to design in cybersecurity, please come join me. It’s a lot of fun. Cybersecurity probably seems like a little bit of a weird fit for product design at first glance. Just the word cybersecurity probably makes people think that it’s overly technical or complex or not something that clicks with design naturally. But that’s totally not the case.
Cybersecurity is a perfect fit for design. We have to do all of the things that product designers do, like working with the customer to really try and understand the most important pieces or their problems. We dig into the heart of the problem so we can be sure that we’re designing something that meets those actual needs.
Then, of course, the number one thing that any product designer will tell you is you have to have empathy for your users. That’s something that probably sounds a little bit cliché. However, especially in cybersecurity, it’s so genuine.
Having a lot of empathy and understanding for our users helps us do whatever we can to get out of their way while still satisfying the security requirements of the organization that they’re in. That’s a design problem. We have to understand human behavior and all of these other things that play into these security moments. That’s a really cool design challenge, which is why I love working here.
How do you envision the future of cybersecurity and design?
Lots of people’s devices are starting to have these built-in ways to authenticate users, whether it’s Face ID on your phone, or Touch ID on your laptop. Those tools are getting better all the time, and the identity verification part of cybersecurity is getting more convenient for our users all the time. So, what we’re doing is making sure that we can take advantage of that.
At Cisco working on Duo, we are involved in all of the many different layers of cybersecurity and access. We’re in this unique position where we can combine a lot of the security solutions we have at these different levels in ways that maybe other companies can’t. What's most exciting about that to me is that we can do a whole bunch more work on the back end to reduce the security burden for Lee.
We have the machinery in place in all of these different levels from the network, to the cloud, to the devices that Lee is using, and get to be involved in the authentication piece and evaluate policy.
All of these different kinds of layers in the cybersecurity layer cake, we’re in all of them. That gives us this really cool opportunity to connect the dots across these layers and ultimately provide an even better experience for Lee.
It’s kind of funny because when I work on a vision for user authentication, the vision is a blank slide that says, “This slide intentionally left blank.” That’s the whole point, to take our product out, or have our product show up as sparingly as possible for Lee.