Yesterday, I had the privilege of serving as a Proctor in a Design Thinking session organized by the Young Professionals Network in New York, where we explored one of the most critical and complex topics in modern IT infrastructure: Access Controls in Highly Regulated Systems.

This wasn’t your typical security seminar. Instead, it was an interactive, forward-looking session designed to engage rising professionals across tech, compliance, and risk in rethinking how access is granted, managed, and audited in environments where data sensitivity and regulatory pressure leave zero margin for error.

Why Design Thinking?

When dealing with highly regulated systems – think financial services, healthcare, and critical infrastructure – the traditional approach to access control often revolves around rigid rules, layered approvals, and reactive audits. While these are necessary, they often lead to user friction, role bloat, and security fatigue.

Design Thinking flips the script by putting the user (whether an engineer, auditor, or compliance officer) at the center and asking:
“How might we create an access control experience that is secure, compliant, and intuitive?”

Key Themes from the Session

As a Proctor, my role was to guide and facilitate conversations, ensuring that participants explored the problem space deeply while staying grounded in real-world constraints. Some of the most insightful ideas emerged from cross-functional collaboration:

• Zero Trust by Design: Participants discussed how Zero Trust principles can be embedded from the start, rather than bolted on, to enable dynamic, context-aware access that evolves with risk and user behavior.
• Lifecycle Awareness: One group proposed a system where access decisions are not just event-based (e.g., hiring/firing) but continuously re-evaluated through signals like project involvement, team changes, and abnormal usage patterns.
• Human-Centered Security: Another team explored how to make access requests more transparent and explainable, not just for compliance teams, but for the end users themselves, who often feel like they’re navigating a black box.

A New Kind of Leadership

What stood out most was the energy and curiosity of the young professionals in the room. This was not a passive session. These were early-career technologists stepping up to ask the hard questions:
“Why is this access granted by default?” “What assumptions are we making about trust?” “How can we remove friction without compromising integrity?”

They weren’t afraid to challenge legacy mental models, which is exactly what our industry needs as we face increasingly sophisticated threats and rising regulatory expectations.

Closing Reflections

Participating as a proctor reaffirmed my belief that security is no longer just a checkbox—it’s a design challenge. One that demands creativity, empathy, and a systems-level view.

I left the session inspired—not just by the ideas, but by the people. If this is the future of IT leadership, I think we’re in very good hands.