I am a Computer Science Professor (W3) at the Rheinische Friedrich-Wilhelms-Universität Bonn and a member of the Fraunhofer FKIE in Bonn. My research interests lie in the intersection of technical IT security & privacy and behavioural research. I study the interaction effects between technical and psychological, social, economic, cognitive, and emotional factors related to the security and privacy behaviour of individuals and institutions.
Usability problems are a major cause of many of today’s IT-security incidents. Security systems are often too complicated, time-consuming, and error prone. For more than a decade researchers in the domain of usable security (USEC) have attempted to combat these problems by conducting interdisciplinary research focusing on the root causes of the end-user problems and on the creation of usable security mechanisms. I am currently particularly focusing on the human factors of experts such as IT administrators and developers, since many of the most catastrophic security incidents were not caused by end-users, but by developers or administrators. Heartbleed and Shellshock were both caused by single developers yet had global consequences. The recent Sony hack compromised an entire multi-national IT-infrastructure and misappropriated over 100 TB of data, unnoticed. Fundamentally, every software vulnerability and misconfigured system is caused by developers or administrators making mistakes. My group and I are studying these kind of incidents and developing strategies to prevent them from happening in the future.