Abstract

The field of information security and privacy has taught us that developing functional and practical security mechanisms requires more than just technological innovation. Human factors play a crucial role in the success or failure of security and privacy systems. The persistent gap between the theoretical security of cryptographic algorithms and real-world vulnerabilities, data breaches, and possible attacks has highlighted the need for a holistic approach to security and privacy research.

As a researcher in this field, I have focused on identifying crucial weak points and empowering all actors involved in creating and using security and privacy-preserving technology. This includes end-users, developers, and system operators. My research has involved working with secure messaging, security indicators, and authentication mechanisms to empower end-users, improving APIs, documentation, and developer tools to support developers, and improving configuration languages and tools to benefit system operators.

In this talk, I will demonstrate how this holistic approach to human factors in cybersecurity research helps close the gap between theoretical security, privacy, and real-world deployments. I will present my past and current work on supporting expert users and protecting end-users and outlining my goals and strategies for future research. Through a combination of technical innovation and consideration of human factors, I believe we can successfully prevent involuntary loss of control over data and empower users to retain power over their security and privacy.