Cybersecurity and User Experience Artwork

Simplifying Cyber

This show features an interactive discussion, expert hosts, and guests focused on solving cyber security and privacy challenges in innovative and creative ways. Our goal is for our audience to learn and discover real, tangible, usable ideas that don't require a huge budget to accomplish. Shows like “How It’s Made” have become popular because they explain complicated or largely unknown things in easy terms. This show brings the human element to cyber security and privacy.

All Episodes

Simplifying Cyber

Cybersecurity and User Experience

September 09, 2025 • Aaron Pritz, Cody Rivers • Season 2 • Episode 8

WATCH this episode on our YouTube channel!

Ever wondered why employees keep finding ways around your security controls? The answer might lie in how those controls are designed and implemented.

In this thought-provoking episode, we're joined by Matt Belanger, CIO of Republic Airways, to tackle one of cybersecurity's most persistent challenges: the friction between security requirements and user experience. When security measures become obstacles rather than enablers, "cyber erosion" occurs – users find workarounds that often create more risk than what you were trying to prevent in the first place.

Through candid stories from the corporate trenches, we explore common friction points: problematic MFA rollouts, alert fatigue, vague policies, and the blocking of useful tools like cloud storage and AI platforms. Matt shares how communication breakdowns during technology transitions led to adoption failures, while host Todd recalls field workers deliberately damaging devices they believed were tracking them – powerful examples of what happens when security ignores human factors.

The conversation shifts from problem to solution as we examine how design thinking principles can transform security implementations. Matt advocates for extending expectations of cyber professionals beyond technical expertise to include empathy and communication skills. As he powerfully states: "So often you hear about the trade-off... Do we want to make this secure or do we want to make this easy to use? And the answer is yes – it is a requirement to both be secure and easy to use."

Ready to build security that people actually want to use? Listen now and discover why sometimes you need to slow down to ultimately secure your organization faster.

🔗 Connect with Us & Get in Touch

Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics.

No gatekeeping and no BS. We’re here to simplify.

Official Website: www.revealrisk.com

LinkedIn: https://www.linkedin.com/company/reveal-risk

🤘 Stay Secure with Us

If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates.

Reveal Risk delivers cybersecurity results, not just reports.

Aaron Pritz: 0:07

Thanks for tuning in to Simplifying Cyber. I'm Aaron Pritz and I'm Todd Wilkinson, and today we're joined here by Matt Bellinger, who's the CIO of Republic Airways. So, matt, thank you for coming to the show.

Matt Belanger: 0:19

Thank you so much for the invitation.

Aaron Pritz: 0:20

Would love to get a little bit of background on you. Of course I know you, but some of our guests on our show may not know you. So give us a little of your story of how you got to the CIO role at Republic Airways and maybe a little bit about how you were in and around cyber as you advanced in your career.

Matt Belanger: 0:37

Oh sure, okay, so, zooming way back, I started my career in the late 90s, at the height of the telecom boom. I started at Lucent Technologies and you know big telecom equipment manufacturer at the time and I started doing networking. You know layer two, layer three and layer four, switching and routing and deep firewall work and developing underlying protocols for the switching fabric.

Aaron Pritz: 1:09

So about as deep in the tech stack as you can go to start. Yes, yes.

Matt Belanger: 1:13

Super fun, nerdy engineers, engineers sort of work. And then the telecom bubble burst and that was a tough, tough time right, A lot of exposure to shrinking workforce and all of that stuff and went from Lucent to IBMs Again, started in the product group there, had a lot of fun and eventually worked into program management, project leadership and that was a very difficult transition, not something that I had originally anticipated doing, but really great opportunity to sort of broaden my breadth and scope there and did several assignments. And then got into merger and acquisition, due diligence and integration, which was a really fun, high intensity time. Lots of exposure to cyber security items, infrastructure items, enterprise systems work, migration of systems and data right and and all of that and and then became the divisional cio for the analytics division at ibm. That was a high travel role and folks all over the US global team again really enjoyed, really enjoyed that role.

Aaron Pritz: 2:32

Let me guess kid number one came.

Matt Belanger: 2:34

Oh, that was, I had. I had both kids. Yeah, yeah, we had. We had two kiddos for for a long time. And then my wife's family is from Indiana, and so we took an opportunity to move back here to Indiana and really enjoyed getting involved in the community here, spent some time at a small, privately held organization here in Indy and really helped transform their technology, infrastructure and all of the work we're doing there, learned a lot about PCI compliance from a regulatory and compliance perspective. That was really fun.

Aaron Pritz: 3:12

Was it fun it was. I want to say congratulations and condolences. I know there's both pain and insightful learnings as you go through the PCI journey.

Matt Belanger: 3:20

Yes, it is truly interesting because there's so many different implementation options and you kind of look through and how does one auditor interpret a regulation or a rule and how can you kind of have that conversation to say, well, we think in our context this makes more sense to do this right and really kind of having those deep, rich conversations as opposed to just sort of checking technology boxes right rich conversations as opposed to just sort of checking technology boxes Right. And then, and then about a year ago, two interesting things happened. We had kiddo number three and and the opportunity at Republic opened up and so that was a really exciting high intensity time again and and really enjoying the time at Republic.

Aaron Pritz: 4:00

Well, it's a little bit too late a year in to say welcome aboard. But you know I had to throw a pun in there, as I always do.

Matt Belanger: 4:07

I appreciate that.

Aaron Pritz: 4:08

All right. Well, matt, I think the topic that we picked, or you picked, to talk about is cybersecurity and the user experience and kind of the friction that can be solved. So we're going to take you through a journey and an organic conversation about the problem. Um, some stories of what the three of us have all seen on the corporate side. A couple of us are on the consulting side, but we've spent more time, more time on the corporate side with with you, um, and then the then. I think we really want to reserve a fair amount of time to get into the solution brainstorming, cause I, I, I don't appreciate the rant sessions that are like, hey, here's a problem, and then you're left with a summary of the problem I want to get into. How do we use this forum and this podcast and video cast to help others think about this differently, because I think that's what it's all about. So I'll start with a little bit of background of the problem statement.

Aaron Pritz: 5:01

So cyber does have a challenge, both historically and in the future, of causing user friction, lacking clarity when often we roll out things, missing the opportunity to explain how to do the right things. I think a lot of times we're saying what not to do and not focusing on the business enablement or how to get to the right answer faster, and then most damagingly. I think a lot of times when cybersecurity is cumbersome or things get blocked because we're scared of them, users will find workarounds and there's a term called cyber erosion, where essentially what you're trying to block creates erosion of the intent and the workforce ends up doing something else. Often that can be worse than the original thing that you were worried about, right? So let's get into the discussion. What are some of the examples of user friction with cyber or challenges that you have had on the IT side or the cyber side and key initiatives that maybe haven't had the right focus on the workforce members that we support? I mean.

Matt Belanger: 6:07

You see this so often, right? There are so many opportunities to engage in broad-based communication across an organization so that everybody really understands the change, the why behind the change, right, and they can really wrap their head around what it is that we're asking of them. But it's easy, as technology professionals, to use jargon, to assume a level of knowledge. Right, to communicate in a fast way that you know. Hey, we're trying to be brief, or I've already told you this, or you know, whatever the case may be. And how do we do that and move on to the next thing, right? Instead of really taking a moment to understand where our users are and what is it that they really need to communicate? Right?

Matt Belanger: 6:57

How many times have we rolled out a new MFA initiative? Right, and not deeply communicated the why? Because we're changing user behavior, right, and so now they see an interruption to their workflow. Or we're changing MFA from SMS-based MFA to a mobile app. And well gosh, why can't I just use my SMS? Right, and let's talk about what that is instead of just prescribing hey, you have 24 hours to comply and download this mobile app, or you can't log into the system, right?

Aaron Pritz: 7:34

Yeah, a couple of points from my corporate side is, and I was at a company that had a fairly public incident. So when you go through an incident, the good news is you get a lot of support and funding from execs, and that's both daunting as well as helpful at times. But also, if there has been an incident, a lot of times you have to be very careful of what you say and I think within change management, real stories and examples that resonate with people in that culture are helpful. So I think sometimes it's easier than not to you know, if there's a concern about a user behavior based upon an incident that happened, you might not be able to tell that story or tell it clearly enough, but I think, wherever possible, like being able to share real examples, help them understand the what's in it. For me and this isn't just some mandate from a best practice this is because there is some specific thing that happened here that we need to take into account and change the way that we work Exactly.

Todd Wilkinson: 8:32

Todd any thoughts from your side, I found the big initiatives like, hey, we need to stop something, we need to block it, and if you can get that message out in multiple forms, in multiple ways, in a way it's like hey, I'm sorry, this is going to be a disruption, people understand, they're happy to help, you just have to reach them. In the same vein is a lot of times there's little things that we have to do. I'm going to block this little thing. It's going to cause a message over here but I can't really communicate that well, but we do it because we have to.

Todd Wilkinson: 9:00

Those are the ones that cause frustration because they don't know about it, they don't get communicated and I I've been there before going I have to, I have to block this. There's going to be this random error message that pops up on their laptop. I can't tell them much about it. It's just going to be this thing and they're going to, they're going to put tickets in. I try to communicate it, but those little ones are going to cause friction and then it causes people to get frustration.

Aaron Pritz: 9:24

Yeah. So I'm going to ask you guys each to share a specific story or example of where you faced some of the challenges we're talking about. But before I do, I think we hit most of these MFA rollouts, alert fatigue, pop-ups that aren't meaningful to the user. There's no clear action to convey or to act on rigid restrictions blocking cloud storage. How many CIOs do you know in the network locally that you're part of that have blocked AI? Right? Yeah, that's a great example. We've got a couple of clients that are still there. Most are now moving past it, but this is two years into kind of where we needed to be ahead of it.

Aaron Pritz: 10:07

Your users are already using it, whether it's on a personal device or on your corporate device. Where you think you're blocking it? Complex policies that aren't clear but maybe great for lawyers. Vague, non-company specific security awareness training that doesn't resonate within the culture or give you any meaningful how do we do this here? Messaging and then lack of clear points of contact. Where does your help desk help with everything? Are there specific people you call on an incident? If those things aren't clear, it can all lead to friction. So we'll start with Matt. Give me your best story of where you had an experience where maybe user experience wasn't prioritized or you felt some pain.

Matt Belanger: 10:41

Point in that Best story is a tall order, but there are lots of them.

Matt Belanger: 10:46

Pick one of the top five. Oh sure, so a good one. You know, recently, you know, think about rolling out new technology, right, and you know how do we get users to move from old technology to new technology, right, and that's a transition. There's a user experience. That's part of that. That's different on the new than the old and it's so easy to say, well, hey, we have sent emails saying that this change is coming. We've sent emails saying this change has arrived. We've sent emails saying please use the new technology. And then we sent emails saying the old technology is going away.

Matt Belanger: 11:27

And then we get ready to take that old technology away and we haven't done the homework to see if anyone is actually using the new technology or you do it at a superficial level and you say, hey, the new technology is in use and we can see that people are using it, and therefore we assume that all people are using it, when in reality that might not be the case.

Aaron Pritz: 11:50

And great emails, probably reviewed by three levels of comms.

Matt Belanger: 11:53

How many?

Aaron Pritz: 11:53

people are are reading email. Is that part of the root cause?

Matt Belanger: 11:56

exactly, exactly right, and and and. Are we willing to disrupt our users? Take a business disruption, right? Or can we pause for a moment and make sure that the message we're transmitting is actually being received on the other side? Right, it's so easy to just broadcast and they, you know, they talk about. You have to send a message seven times through seven different channels, right, in seven different ways, right? How do you make sure that you're really resonating? How do you measure that what you expected actually happened?

Aaron Pritz: 12:28

So I'm hearing. Communication is tough. It's multifaceted, multilayered, for sure. But skipping it or assuming the basics are going to be sufficient aren't going to get it done in most cases just because you put it out into the universe doesn't mean somebody else picked it up? Yep right, yep, good point, todd. What is your? Uh? One or two stories of pain.

Todd Wilkinson: 12:48

Well, I was going to follow up with that, because you get that message out there. We tend to in, in technology terms, we tend to be overly prescriptive. And so you get that message out there. We tend to, in technology terms, we tend to be overly prescriptive. And so you get these long emails. And I've reflected now, most of us, we get our email on our phone and how many thumb scrolls do you get before you stop paying attention?

Todd Wilkinson: 13:08

And I remember I challenged a colleague he's like I don't understand why people aren't reading these emails, and I opened up the email. I had opened it on my computer. Now let's look at it on my phone. I had nine scrolls to get through to read the message. Like that's too much. Be brief, be concise, be quick. That's, you know, part of that challenge. But the one and this is going back a bit and it's a little less cyber, but it kind of fits into it and that user experience of how do you communicate well, what you're doing and why, and if you don't, it can have longstanding damage. And so we had an old paper process but we shipped out a whole new mobile device, this whole new mechanism for filling out these forms out in the field and it auto-populated the location data and we thought this would be fantastic.

Todd Wilkinson: 13:53

But we didn't tell people what they were doing and all of a sudden these devices were coming back in a fairly large percentage broken, run over, caught indoors, a variety of things that, like. The number of broken pieces of equipment was pretty high. I'm like this doesn't make sense. So I started reaching out to folks trying to figure out what was going on.

Aaron Pritz: 14:13

Todd, they think you're tracking them and they don't want them and I'm like, well, that's, that's interesting it's like in the spy movies where people throw throw the uh phone into the bird bath because they think they're being tracked that wasn't the takeaway, that that's more just fun and that that was this particular audience.

Todd Wilkinson: 14:29

But what I learned is that perception did long-standing damage with trust down the road and it it's back to that notion. You do one negative thing, it takes you a lot of positive things to overcome that and that little story why it wasn't a huge audience.

Todd Wilkinson: 14:44

it was a small group, it was a small use case has stuck with me of like I've got to reach out to avoid negative perceptions early on, to try to make sure you can get whatever the tech is or whatever the tools out to the field and deploy. Just reduce that friction. So that was self-created friction on my part that I thought this would be fantastic. Let me add this little feature it's popping where they're at. That had a lot of downstream impacts that I had not anticipated. That's fair.

Aaron Pritz: 15:13

Well, I have three pain points in my corporate experience. The first one kind of relates to monitoring but data loss prevention, and I think I was at an organization that had, like I mentioned, some incidents and there was a rush to curb data loss right. And I've seen this even modern day recently at companies that maybe don't have an incident, but CIOs, a lot of times we'll say I need DLP and I say okay, do we understand data classification? Do we understand what we're trying to protect? Because basic DLP can control a lot of basic stuff like privacy data or banking data. But when you get into company preparatory data or what are the crown jewels within Department B or finance.

Matt Belanger: 16:00

Have you built the foundation to make that effective?

Aaron Pritz: 16:02

There's some work that's not sexy for technologists that is required to make DLP work for you. So I think not involving the workforce, rushing the tools can have lasting damage and I think InfoClass and DP go together. There's modern ways to do InfoClass that aren't government 10 layers of classification and complexity and it really goes back to you know, are we being empathetic to the departments that we are trying to help in understanding their perceptions and their workflows so we can match our solutions and our policies and our processes and job aids to their experience?

Matt Belanger: 16:40

Whenever we're leading with technology right, that's probably not the right, not the ideal solution.

Aaron Pritz: 16:45

A lot of us say it, especially those that are more tenured, because we've all had the pain points, but I think there's still the temptation to go further with tech and get the most for the money, which can compete with slowing down a little bit to do some of these foundational things that will allow you to go faster. And then my third one. We already alluded to it, but blocking things that you're scared of. So back at the company that had the incident that I was at cloud storage was being abused and it was back before. Everyone had consistent, whether you're on google or microsoft, and sharepoint was great. It was 15 years ago and sharepoint wasn't great.

Aaron Pritz: 17:23

Um, so there were a lot of one-off cloud solutions that were coming up and our propensity to do the wrong thing and have a private account and download data, but by blocking it it was kind of we whacked the mole here and it swished up to other spots. So I think, just being very careful on the blocking mentality and usually converting that to how do we find a safe way for these users or workforce members to do what they need to do? All right, so we've talked about the what, the problem statement and a little bit of storytelling, let's talk a little bit about why our industry and our cybersecurity IT is facing the problem. So what do you guys think is driving these behaviors that maybe either rushed the tool first or not spend the time on the right organizational transmitter? Why are we in this place today, with some of our organizations? The right organizational transboundary? Why are we in this place today, with some of our organizations?

Todd Wilkinson: 18:16

Well, I'll throw one out there. I mean, many of us will work. Our job is to defend. That's typically how we think. That's the priority, that's the approach that we need to focus on. So that's where we spend our time. It's not that user experience. Let me put myself in other shoes. It's about let me get the block in place or the protection in place, and then I need to move on to that, that next list or that next problem they need to tackle. I think that's the first one. There's another piece of it that in some cases we are on the forefront of trying to solve problems before the tools are ready to do that. So the we may only have the hammer we have may not have an elegant tool to fix it, so it can be messy when we're turning these things on, and sometimes you have to wait for the technology to catch up to what you put in place. But those are a couple scenarios that I know we're stuck with. Matt, I'm curious what you're seeing.

Matt Belanger: 19:09

I would think back to training and development. When you're learning what, what are the things that you know? How are you receiving that instruction? Right? Is it a technical focus? Right? Hey, here's how you think about these sets of approaches to solving problems, to implementing this technology. Right? Here's how we go about doing the right.

Matt Belanger: 19:31

And so you enter the workforce with a particular set of tools in your toolbox, right, and oftentimes, the empathy, the communication skills, the broader sort of engagement around user experience just is not part of the toolbox when you're entering in and and then, as you go through an incident right, if you're, if you're in the heat of the moment, it's super easy to trigger back into that amygdala response of oh gosh, I've got to do this and I've got to do it now. And this is the domain that I'm operating in, and I'm not thinking about the, the bigger picture, right, and I, and I don't feel the, the freedom, I don't feel the freedom, I don't feel the ability to just pause and calibrate with someone else that I trust to say well, here's what I'm thinking. Does this make sense? How could it be better? Right? Is this really what I'm seeing? Is this the right tone that I need to get across? Right?

Aaron Pritz: 20:30

That's great. I've got maybe one to add, and this is a question or a theory and I'm going to bounce it off. You guys you can tell me if I'm wrong, but I've probably been saying this for 10 years. I feel like IT and cyber to a certain extent, but sometimes they're all one in the same from a leadership standpoint net, new implementation, innovation, versus going back and fixing or improving or improving the experience of the tools of yesteryear and yesteryear, not 20 years ago, like the thing we did last year before we moved on to this year's priority. So what, matt as a cio like, do you see that being maybe a challenge within kind of the IT field?

Matt Belanger: 21:16

You know for sure. Think about all of the ways that you know people think about projects. Right, I'm going to do a new project. I'm going to get new capital. Right, I want to go off and do a new thing I can.

Matt Belanger: 21:25

I can increase my score in this domain if I deploy this tool right and and, and. I would extend it beyond even an IT or cyber domain. Think about the replication crisis in science. Right, like people don't want to replicate a study because that's already done. Let's go on and do a new thing, right, whereas so there's a little bit of human nature to that, right, we all want to go off and do a new thing versus, you know, challenge ourselves to really understand something that exists today, or refine or make an improvement there.

Aaron Pritz: 22:02

I think it's going to take a change in the reward system or within a company culture to say, hey, we're going to intentionally see so of a company. We're going to reward a UX capability, and it's not only going to include the new technologies that we're rolling out, but the ones that are still very relevant, that are in play today. And to your point, capital. It takes money, it takes project priorities, and those may be tough tradeoffs, especially if your budgets are getting cut or you're on a flat budget. How do you prioritize making the workforce experience better so your tools can be more effective in use?

Matt Belanger: 22:39

Think about all the application development space, right when your options are to build and launch new features versus address tech debt. Yeah Right, like, how often do we see a giant backlog or we can add a shiny new object? Good point.

Aaron Pritz: 22:56

Good point. All right, let's jump into solving this. So I've got a series of kind of prompt questions to kind of help us think through, and hopefully we've not rehearsed this. So hopefully we come up with some new novel ideas and we'll probably follow up, if in the comments of the post if there's something that really catches fire, if in the comments of the post, if there's something that really catches fire. So, given the problems that we've talked about, the why, the, what we're seeing from our examples, how can we, as leaders, foster a culture of proactive and positive workforce enabling security?

Matt Belanger: 23:31

Yeah, so that's like the question the big question.

Matt Belanger: 23:34

That's a big question and for me, a lot of it is sort of extending the expectations right for our cyber professionals. So it is true that you need to have technical expertise, you have to have mastery of technical domains, perhaps depth across multiple technical domains, and there's a great conversation here on T-shaped skills and all of those things to grow your cyber career. That is necessary. It is also necessary to have empathy, to be able to put yourself in the shoes of others, to develop communication skills, to be able to think about what the person on the other side is thinking and feeling and saying and doing, and to really be able to translate and to be able to build those relationships. Because when you need to leverage those relationships, they need to be in place.

Aaron Pritz: 24:28

It's not the time to build a relationship when you're actively working an event right, so maybe double clicking on that, and there are classes and certifications and, like ocm, adcar was one that I went through. Yeah, yeah, but how? How do we help? Yeah, across the IT and cyber organizations, there's various types of cyber people at various tenures of their career. Sometimes, as we delegate down, engineers, architects, individuals that are not proficient in those skills are put in situations where they are trying to drive change and they don't necessarily have these arrows in their in their quiver, quivers in their arrow bag. I think I got that analogy wrong. But how do we, how do we address this without like taking a pause to send everyone to, you know, a one-week boot camp on this topic? Maybe, todd, if you want to start?

Todd Wilkinson: 25:22

this one has been helpful for me and I've used it when coaching others or asking questions. It's's the all right. You're rolling this out. You're using a new tool. Pick the topic right. Follow that life cycle of how they're going to use that or how they're going to run into issues. How do they get help or how do they turn the thing on? Where is it likely to break and when it breaks, can they call somebody and how they get it resolved. Likely to break and when it breaks, can they call somebody and how they get it resolved. And you, you think about that full cycle of how, how they use that, where those challenges are going to come from.

Todd Wilkinson: 25:52

Now, all of a sudden, you're not thinking about how do I get this out and rolled out in production. It's the service life cycle of of that tool or that process going. Great, I've got it out there, but I'm going to have to make a change. I'm going to have to communicate people. I've got to get the help desk ready to take calls. Who does the help desk call when they need help? Right, how do I start to make those updates and then start to eliminate the calls they're going to get and help them do their job. That way, the person sitting there, their job isn't to use that tool, they actually have a job. The tool is just one piece of it. How do you make the tool is just one piece of it? How do you, how do you make the tool become not the problem? Thinking of it that way, even for the most technical of of people out there doing the work it, it gets a better product, it gets better engagement, um, and it lowers the stress on everybody.

Matt Belanger: 26:42

Once you start doing that a few times, yeah, well, there, well, and there's a lot of, you know just communication across the organization, right, like here's.

Matt Belanger: 26:49

Here's the expectation, right, the expectation is that we're going to have clear communication and the expectation is that we're going to hit the seven channels in seven ways and do all the things and then be willing to be out there and and and share what what good looks like, right, and provide that feedback and engagement and and recognize that it's not a penalty environment, right. The notion of blameless postmortems right. When we go through and we attempt our, our, our communication, and we do these things and and and we'll learn. So how do we, how do we circle back and take the learning from that communication and roll that into the next time in a way where the, the individuals and the team share in that learning, but that it's not viewed as a punitive exercise? Right, this is not something where you are less of a person or you're less good at your job. This is our journey in learning and growing in this way. Right, both individually, professionally, and as a team, as an organization. Right, so that we can deliver better products and better services to our constituents and stakeholders.

Aaron Pritz: 27:55

Now the anti-punitive thing is real for me. I've had both on my corporate side as well as clients I've coached. I think probably eight to 10 times I've been asked the questions of how can we involve HR and what should be the punitive for cooking on phishing messages and it's like well gosh.

Aaron Pritz: 28:13

Phishing unfortunately dominates a lot of what workforce awareness is. I don't agree with that. But to have the cyber teams only face off to the business, be a test where you pass or fail and there are escalating HR consequences up to, in some cases, termination, that's not a good look for the cyber team who's trying to influence positive change Exactly. So next question how do we borrow some concepts from UX or user experience, design thinking in security, tool and vendor in this whole space of the challenge? And is this a corporate opportunity or a vendor opportunity? Because you could say it could be happening at the tool level from the vendor, but there's also a piece on the corporate side. So is it one or the other or both? And how do we really get into that?

Matt Belanger: 29:02

Yeah, so I'm a big fan of design thinking. Personally, I love the notion of both understanding the user, building empathy with the user what is that user? Thinking, feeling, saying and doing as well as deeply understanding the problem space, fully exploring that. And so often it's easy to rush. Oh hey, we have these three choices. We like this one and go right and not sort of diverge on the possibilities before we converge on a final solution. Right, and really explore that. You know, it's the old uh adage of uh. You know, if you've got an hour to chop down the tree, do you spend 50 minutes sharpening your axe right before you chop the tree down? And and really align with all of the other stakeholders right around? Hey, here's, here's how we understand the problem, here's how we propose the solution. What ideas do you have?

Aaron Pritz: 29:58

going on that journey together, right, so that they have equity and that they they're invested, they're bought in with you and come along on the on the journey great point, todd, you're a man of many stories and, uh, you're also a designer, both from some of your it and cyber experiences, as well as, uh, you know, building your own 3d printer. I bought mine, you know, just to jump to the to the outcome faster. But any, any insights from a design standpoint, yeah, yeah, I, I can say this.

Todd Wilkinson: 30:28

so there there was a period of my career where I was building a lot of applications and deploying them across the globe and I had to fight for funding for user experience.

Todd Wilkinson: 30:40

It was a very analytical organization, so numbers and functionality mattered most. But what I found consistently consistently is that the tools that I took the time and the funding and the exercise to sit through and go what does this look like? How are we going to use it? How do we make it a little smoother, reduce some of that friction? Those are the ones that clearly had the most success, and I usually had to fight to get that time because it was a mathematical-based organization. So give me an Excel spreadsheet and that's all we care about, which is fun to work in, by the way, I love that group, but consistently just spending that time to go through, have some education cycles and, more importantly, getting that feedback from the people in the field.

Todd Wilkinson: 31:30

Not everybody wants to give the feedback and that's fine, but you have a few folks out there that you can solicit and they'll send that message to you One. They become your advocates too. That's the other part of it. Now you're not just trying to push this thing on people. So you get that feedback, you get those iterations, you get that time and bat. Not only that, and, to be fair, user experience caused you to go back and do a few cycles and update it. So all of a sudden the product is better, it's easier to use, and I've taken that to heart. I'm going to fight for that where I can. You may not always get it, and that's okay, but I don't know. That's the one that stuck with me every time I've done it, but I don't know, that's the one that stuck with me every time I've done it.

Aaron Pritz: 32:08

My impromptu takeaway so far in this show and this discussion is this is not Talladega Nights if you're not first, you're last. This is a. You might have to slow down to go fast. You might have to break around that first turn so you don't smash into that wall, so you can power down the straightaway. And really I think technologists that really want to do things and turn on features as quick as they can and skip some of these steps that we're talking about might be into that wall in the first corner, whereas the person that was a little bit more feathering of the brake might be leading the pack. So I think that's really what it's got to be about.

Aaron Pritz: 32:44

I'm going to ask one final thoughts question, and it kind of really connects to the name of the show Simplify and Cyber. How can Simplify and Cyber benefit the companies that you work at now or the clients that you support now? What's your one takeaway for the audience as they think about the users and how simplicity might be their best friend? So toss up, jump ball, whoever wants to go first.

Todd Wilkinson: 33:12

I mean go ahead, if I can combine a secure solution that gets the whole lifecycle of the problem. So it's not just this one little pinhole thing, but it's the hey. We've made it easy to use the tool. We've made it easy to share the information and do the function. We've made it easy to use the tool. We've made it easy to share the information and do the function. We've made it easy to do it quickly and we've fought through that experience from beginning to end. People tend to want to use those tools, so cyber becomes the accidental thing. On the side that both we secured it. We got people using a repeatable process, which means you don't have them trying things on their own on the sidelines that you have to then clean up. So your data tends to become better. People are using and following the same processes, so they're communicating the same thing. So if you combine cyber with a process that you want to and it's that full stack you can improve business outcomes is what I have found.

Aaron Pritz: 34:04

My quick one will be I've had a number of on the corporate side projects where I got to truly get into the business process as part of the solution. It goes to the, you know, part of the design thinking is like you. The empathy that you talked about is you are living the life of that user so you can understand their experience. But my biggest wins, the most memorable ones, is where I found a way, unrelated to cyber, to make their process better or faster. That made it not just about securing the company or protecting the data but about making their life better. And I think wherever you can find a win in any initiative like that, you're going to get more stakeholder buy-in.

Matt Belanger: 34:42

I'm totally with you. Yeah, to me, it's about two things really. One is reducing friction. Yeah, to me, it's about two things really. One is reducing friction. How do we reduce friction and enable our users to have a delightful experience at every level? And the power of and it is so often, so often you hear about the trade-off, the trade-off Do we want to make this secure or do we want to make this easy to use? And the answer is yes, and it is a requirement to both be secure and easy to use and straightforward, and we're going to reduce friction. We work until we get that and we haven't come up with the right answer yet. It's that simple.

Aaron Pritz: 35:23

Well, Matt, I'd like to thank you for coming on to the show. Simple Well, Matt, I'd like to thank you for coming onto the show. Good luck in getting to those ands as you continue on your journey at Republic Airways and enjoy simplifying cyber as you progress in your career.

Matt Belanger: 35:33

Well, thank you both for the opportunity. It was a really great conversation. Thank you, awesome.

People on this episode

Aaron Pritz

Host

Cody Rivers

Co-host