Published: Mar 16th, 2025 by Dr. Crystal Fausett

One of the most frequent questions I get asked about my research is, “What exactly does human-centered cybersecurity mean?” The simple answer is that it represents a reconceptualization of how we view the role of humans in cybersecurity systems. Traditional approaches to cybersecurity frame humans as the “weakest link” in the cybersecurity chain. We’re portrayed as inherently vulnerable: we have bad password habits, we fall for phishing scams, and we ignore security measures that are inconvenient for us. While these vulnerabilities do exist, this narrow perspective misses a crucial truth. Humans possess capabilities that technology cannot replicate. We excel at pattern recognition, detecting anomalies, and making intuitive judgements. We can intervene when systems malfunction and understand the broader implications of incidents in ways that technological systems cannot.

My research leverages Human Factors, an interdisciplinary science dedicated to optimizing systems by accommodating human limitations while leveraging human strengths, to address the cybersecurity challenges that we face today. This approach has transformed safety and performance in fields like aviation and healthcare, and holds similar promise for cybersecurity. Human-centered cybersecurity reconceptualizes security incidents not as isolated human errors, but rather as symptoms of deeper systemic issues. This can mean designing security solutions that work with human cognition, rather than against it, and cultivating an organizational culture that views humans as partners, not problems in cybersecurity efforts. Cyber threats continue to evolve, and that means our thinking around cybersecurity should evolve, too. Perfect humans don’t exist - and neither does perfect technology. Effective cybersecurity, therefore, requires the creation of sociotechnical systems where human capabilities complement technological controls.