log in  |  register  |  feedback?  |  help  |  web accessibility
Revisiting what it means to be Usable: Human-Centered Security Beyond End Users
Michelle Mazurek
IRB 0318 (Gannon) or https://umd.zoom.us/j/93754397716?pwd=GuzthRJybpRS8HOidKRoXWcFV7sC4c.1
Friday, September 5, 2025, 11:00 am-12:00 pm
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)
Abstract
The human-centered security community has made significant progress in making security and privacy tools, notifications, and warnings more legible and usable for end users. However, many critical security and privacy problems remain out of the hands of end users, or -- even when simplified -- require more knowledge, time, or effort to manage than is reasonable or fair to expect from most users. As such, the next important challenge in human-centered security is to go beyond end users and explore how to make security and privacy more usable for the professionals whose decisions directly or indirectly affect end users at larger scale. These professionals include not only software developers, vulnerability analysts, and security operations personnel, but also social scientists who publish research data, product reviewers, and even YouTube influencers. In this talk, I will discuss three recent studies relevant to this goal: an experimental study evaluating the usefulness of security operations playbooks for incident response; a measurement study of the internet threat models conveyed by YouTube influencers in the process of advertising VPNs; and an interview study with social science researchers about how they de-identify datasets before they release them. 
Bio

Michelle Mazurek is an Associate Professor in the Computer Science Department and the Institute for Advanced Computer Studies at the University of Maryland, College Park, where she also directs the Maryland Cybersecurity Center. Her research aims to understand and support the human elements of digital security- and privacy-decision making. Recent projects include examining how and why developers make security and privacy mistakes; examining how security and privacy information is distributed via YouTube influencers; and analyzing how users learn about and decide whether to adopt security advice. Dr. Mazurek has served as Program Chair for the Symposium on Usable Privacy and Security (SOUPS) and the Privacy Enhancing Technologies Symposium (PETS), and currently chairs the Security Usability and Measurement track for the 2026 ACM Conference on Computer and Communications Security (CCS). She has received a number of awards, including the NSF CAREER award, DARPA Young Faculty Award, the NSA's Best Scientific Cybersecurity Paper award, and several distinguished paper awards. She received her PhD in Electrical and Computer Engineering from Carnegie Mellon University.

This talk is organized by Samuel Malede Zewdu