Meet the Team: Behavioral Engineering
The rockstar engineers behind our Behavioral Engineering team are focused on privacy, security, and safety, and driving a safety-first mindset for Robinhood customers and employees. Hear from some members of the team about what it means to be a Behavioral Engineer, the impact their work has on the company and our customers, and their top recommendations to keep your accounts secure — whether on Robinhood or on other apps and services.
Behavioral Engineering — Security & Privacy
- Christina Kapadia (She/Her)
- Jess Chang (She/Her)
- Masha Arbisman (She/Her)
What is Behavioral Engineering at Robinhood, and what does it mean to be a Behavioral Engineer?
Behavioral Engineering is the practice of using behavioral science to make positive privacy, security, and safety behaviors as easy as possible to adopt. At Robinhood, Behavioral Engineering has four pillars:
We use behavioral design to understand a customer’s expectations, and help them make informed privacy, security, and safety-related decisions.
To encourage adoption of security and privacy features, it’s important for us to provide customers with an understanding of why these features are important and how and when to use them. For example, we proactively communicate about active scams with our customers, and provide guidance on how to identify and report them. For employees, we introduce our safety-first culture on day one through security and privacy onboarding and continue to nurture best practices for their digital habits — both in the workplace and in their personal lives.
To create a sense of agency and ownership in how customers and our employees make informed privacy, security, and safety decisions, we have to understand how human behaviors we’re all familiar with — things like procrastination, fear, or not paying attention — can be barriers to adoption. This helps us better determine how to build in these features by default and incentivize their adoption.
Our team tackles risk reduction and security adoption through programs that help set the guardrails for our customers and our employees. Data and metrics help inform our work and ensure we’re continuing efforts on the tactics that encourage positive behaviors and iterating on those that don’t.
What are some examples of skills/skillsets Behavioral Engineers use?
Behavioral engineering relies heavily on threat modeling, and our diverse disciplinary backgrounds — including psychology, education, offensive engineering, marketing, data science, and more — allow us to recognize the role technology plays in the lives of our customers, understand how bad actors manipulate technology and human instinct to cause harm, and analyze potential vectors of abuse.
We approach our work with empathy and curiosity. Understanding how our customers work helps us identify and build safer solutions from multiple angles that empower them to make informed security decisions without impeding their work and the usability of our application.
What are your top recommendations for keeping your information and accounts secure online?
1. One Password Manager to rule them all! The best way to create strong and unique passwords is to use a password manager. Think of a password like a physical key. You would never use the same physical key for your house, your car, and your bike lock, right? Your passwords are digital keys safeguarding your money and personal information. They should be unique for every site/service. We recommend stand-alone password managers like LastPass or 1Password for generating and storing strong passwords.
2. MFA all day. Traditional passwords are a great start, but as attackers continue to become more sophisticated, using a password alone is insufficient. Multi-Factor Authentication (MFA) provides an extra layer of protection to your account as proof that you are you by doing the following:
- Pairing something you know (like a password or pin); with
- Something you have (like a hardware key or security token); OR
- Something you are (biometric, like your fingerprint or FaceID).
For most people, using an authenticator app like Google Authenticator, Authy, or Duo is phenomenal (we recommend it over SMS). Pro tip: Start by enabling MFA on your Robinhood account, personal email, bank, and social media accounts.
3. Don’t wait…update! Yes, we’re talking about those pesky icons asking you to update your software, operating system, browser, etc. — basically, anything you have connected to the internet. Keeping your software and operating system up-to-date can significantly reduce your risk of being a victim of malware.
4. (Don’t) go phish. Phishing scammers are incredibly creative these days, whether they try to trick you via email, phone call, text message, or social media. Phishing is a form of social engineering where someone uses psychological manipulation to get you to perform actions or divulge confidential information that you wouldn’t if you knew the person’s true identity. Stay safe by verifying the source of these communications. Go directly to your app to login vs. trusting a link within an email. Keeping social media accounts private and removing geotagging also helps reduce information someone can use to phish you.
What’s something you’ve worked on that you’re most proud of?
Being at Robinhood means that we are working on novel problems to keep our customers safe. Our mission to democratize finance for all requires us to be inclusive, innovate responsibly, and prioritize privacy, security, and safety for a generation of investors leading a change in the financial markets. That’s why we’re proud of our Safety by Design program, which helps us conduct threat modeling for privacy, security, and safety concerns for each new product and feature at Robinhood. Our Behavioral Engineering team works hard to earn our customers’ trust and ensure their safety on our platform.
To design and evolve our products with a deep understanding of technology and the psychology and motivations of those who interact with it, it’s important to nurture an environment that is inclusive of individuals of all types of backgrounds and celebrates a broad range of ideas and thoughts within the cybersecurity industry.
We are always looking for more individuals who share our commitment to building a diverse team and creating an inclusive environment as we continue in our journey in democratizing finance for all. Check out our open positions — we can’t wait to hear from you!
Robinhood and Medium are separate and unique companies and are not responsible for one another’s views or services.
© 2022 Robinhood Markets, Inc.