Who will secure the 16%? Accessible Security for 1.3 Billion Disabled People
Track 1 – 11:05am
My name: Aliyu G. Yisa Title and company name: Co-Founder, Fezzant
Bio
Aliyu G Yisa is an inclusive security advocate. He has a background in software and security engineering with almost a decade of experience. He co-founded Fezzant, which focuses on the intersection of digital accessibility and cybersecurity, and co-founded CyBlack, a non-profit that supports cybersecurity careers for ethnic minorities. He also serves as Head of Accessibility at The Cyber Helpline, a charity supporting victims of cybercrime. Aliyu is passionate about making cybersecurity more inclusive and speaks regularly at events on the intersection of accessibility and security. He co-authored "Secure by Design, Accessible by Default: Building Cybersecurity Ethics That Include Everyone" in the book Digital Accessibility Ethics: Disability Inclusion in All Things Tech.
Talk Abstract
Over 1.3 billion people worldwide live with a disability. That is 16% of the global population. These people face the same cyber threats as everyone else, but the security controls, training, and tools designed to protect them often exclude them entirely. In some cases, they even face more threats than non-disabled people. When a password manager cannot be navigated with a keyboard, people store credentials insecurely. When multi-factor authentication apps ignore screen readers, people are forced to share login details with colleagues, family, or even strangers on the internet to access essential systems. When security awareness training lacks captions or relies entirely on visual cues, a significant portion of the workforce never receives the knowledge they need to stay safe. Every one of these accessibility failures becomes a security vulnerability. On the other hand, assistive technologies also need to be protected.
This is not theoretical. The hacker group Anonymous exploited vulnerabilities in accessibility-focused plugins to destroy over 1.5 million web pages. The FTC fined an accessibility overlay provider one million dollars for deceptive compliance claims. The UK's National Cyber Security Centre has recognised accessibility as a cybersecurity priority. And the European Accessibility Act, now in effect, is bringing legal weight to what should already be standard practice. In this talk, I will break down how inaccessible security creates real, measurable risk across three layers: the security controls and tools organisations deploy, the education and training programmes they deliver, and the cybersecurity industry's own tooling that locks out talented practitioners with disabilities before they can even enter the field. Attendees will learn:
– How inaccessible authentication, CAPTCHAs, and security workflows force insecure workarounds that undermine the controls they were designed to enforce – Why accessibility gaps in security awareness training create compliance failures and leave parts of the workforce unprotected – Practical steps they can take immediately, including running the keyboard-only test on their security tools, adding accessibility requirements to vendor assessments, and ensuring training materials include captions, transcripts, and screen reader compatibility – How to frame accessibility as a security requirement when speaking to leadership, using risk language that security teams already understand
This talk is for security practitioners, programme managers, GRC professionals, and anyone responsible for protecting people. No prior accessibility knowledge is required. The goal is to give attendees the awareness and the practical starting points to begin removing barriers in their own organisations. Accessibility in cybersecurity is a growing movement, and it needs people from inside the security community to drive it forward. If your security programme is not usable by everyone it is meant to protect, it has built-in weaknesses. This talk will help you start finding and fixing them.
Intended Audience
This talk is aimed at experienced and aspiring cybersecurity professionals, including practitioners, programme managers, GRC professionals, security engineers, and anyone involved in protecting people and systems. No prior knowledge of accessibility is required. The purpose of this talk is to raise awareness of accessibility as a security concern for those who may not have encountered it before. A basic understanding of cybersecurity concepts such as authentication, security awareness training, and risk management is all that is needed to follow along.
How NSFW is this talk?
(How spicy is your talk in chilli's?)
No NSFW content