Security Professionals Are Users Too!: Human-Centered Security Research Beyond the End User



Event Details
Thursday, December 5, 2019
Talk:
3:30 p.m., Avery 115

Reception:
4:30 p.m., Avery 115

Daniel Votipka

Ph.D. Candidate, University of Maryland, College Park

Abstract

The human-centered security community has endeavored to improve end-user security tools' usability and effectiveness for the past 20 years. But security-critical decisions are made by more than just end users. It is necessary that we also simplify the security-critical tasks of security professionals such as secure development, vulnerability discovery, network defense, and malware analysis. In this talk, I will discuss recent research applying human-centered security methods and results to the study of security professionals. This talk will focus primarily on two case studies demonstrating this approach. First, I will discuss my research investigating what vulnerabilities developers commonly introduce, why these occur, and possible approaches to support improved outcomes. I will also present the results of my work studying the processes and mental models of white-hat hackers and malware analysts; developing an interaction model and guidelines to support more usable tool development.

Speaker Bio

Daniel Votipka is a Computer Science PhD Candidate at the University of Maryland, College Park. His research focuses on security-related decision making, focusing primarily on security professionals, including: understanding why developers introduce vulnerabilities; studying reverse engineering and vulnerability discovery processes; and how security professionals develop expertise. Daniel has received a USENIX Security Distinguished Paper award and was a finalist for the Facebook Fellowship Program and Symantec Research Labs Graduate Fellowship. He received his MS in Information Security, Technology, and Management from Carnegie Mellon University and his BS in Computer Science from the Illinois Institute of Technology.