04.07.2023 | Sascha Fahl, CISPA


Sascha Fahl ist Leitender Wissenschaftler am CISPA Helmholtz-Zentrum für Informationssicherheit und Professor (W3) für benutzbare IT-Sicherheit an der Leibniz Universität Hannover. Vorher war er Professor an der Ruhr-Universität Bochum, Vertretungsprofessor an der Leibniz Universität Hannover und Nachwuchsgruppenleiter am Center for Information Security and Privacy (CISPA) der Universität des Saarlandes. Prof. Fahl hat Informatik an der Philipps Universität in Marburg studiert und in Informatik promoviert. Er hat im Chrome Security Team gearbeitet und war Forscher am Fraunhofer FKIE. Eine seiner For­schungs­arbeiten hat die “Best Scientific Cybersecurity Paper Competition” der NSA gewonnen. Für seine Forschung ist er mit einem Google Faculty Research Award, dem Heinz Maier-Leibnitz Preis und dem “Curious Mind” Award des Manager Magazins ausgezeichnet worden.

A Holistic Approach to Human Factors in Cybersecurity


The field of information security and privacy has taught us that developing functional and practical security mechanisms requires more than just technological innovation. Human factors play a crucial role in the success or failure of security and privacy systems. The persistent gap between the theoretical security of cryptographic algorithms and real-world vulnerabilities, data breaches, and possible attacks has highlighted the need for a holistic approach to security and privacy research.

As a researcher in this field, I have focused on identifying crucial weak points and empowering all actors involved in creating and using security and privacy-preserving technology. This includes end-users, developers, and system operators. My research has involved working with secure messaging, security indicators, and authentication mechanisms to empower end-users, improving APIs, documentation, and developer tools to support developers, and improving configuration languages and tools to benefit system operators.

In this talk, I will demonstrate how this holistic approach to human factors in cybersecurity research helps close the gap between theoretical security, privacy, and real-world deployments. I will present my past and current work on supporting expert users and protecting end-users and outlining my goals and strategies for future research. Through a combination of technical innovation and consideration of human factors, I believe we can successfully prevent involuntary loss of control over data and empower users to retain power over their security and privacy.