Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Human-Centered Cybersecurity

Project Links

Overview Events

Human-Centered Cybersecurity (General)

Our team often writes articles or provides presentations that discuss and provide information about human-centered cybersecurity to various audiences, for example, cybersecurity practitioners or fellow researchers.

Currently, we are conducting a multi-phased research project to understand the interactions between human-centered cybersecurity researchers and practitioners. We hope the results will lead to the creation of mutually beneficial “bridges” between the research and practitioner communities that facilitate the relevance and application of research findings to real-world practice.

Publications

Cybersecurity Pitfalls

Papers

Users are not stupid: Six cyber security pitfalls overturned - Julie Haney. Cyber Security: A Peer-Reviewed Journal (2023)

HANDOUT - Users are not stupid: Six cybersecurity pitfalls overturned - Julie Haney & Susanne Furman (2023)

Presentations

Users Are Not Stupid: Six Cybersecurity Pitfalls Overturned (Purdue CERIAS Presentation) Recorded presentation - Julie Haney, Purdue University CERIAS webinar (2022)

Users are not stupid: Eight Cybersecurity Pitfalls Overturned Recorded presentation - Julie Haney. RSA Conference (2022)

Blogs

Is Your Cybersecurity Strategy Falling Victim to These 6 Common Pitfalls? (2023)

Podcasts

Conversations in Cybersecurity Podcast: Usability and Cybersecurity (2023)

Researcher-Practitioner Bridges

Papers

Towards Integrating Human-Centered Cybersecurity Research Into Practice: A Practitioner Survey - Julie Haney, Clyburn Cunningham, & Susanne Furman. Symposium on Usable Security and Privacy (USEC) (2024)

Mind the Gap: Exploring Human-Centered Security Researcher-Practitioner Interactions (Extended Poster Abstract) - Clyburn Cunningham, Susanne Furman, & Julie Haney. Poster session at Symposium on Usable Privacy and Security (SOUPS) (2023).

General Human-Centered (Usable) Cybersecurity

Papers

Is Usable Security an Oxymoron? – Mary Theofanos. IEEE Computer (2020).

Shouldn't All Security Be Usable? – Mary Frances Theofanos & Shari Lawrence Pfleeger. IEEE Security & Privacy (2011)

Presentations

ISPAB Panel on Usable Security – Mary Theofanos & Ellen Kowalczyk (Oct 29, 2010)

Usability Research in Support of Cybersecurity – Mary Theofanos (May 7, 2008)

Poor Usability: The Inherent Insider Threat – Mary Theofanos (Mar 21, 2008)

Blogs

Cybersecurity Awareness Month: Securing Devices at Home and Work (2020)

SANS Blog: Humans and Technology: An Insecure Mix (2020)

HelpNet Security: Inside the NIST team working to make cybersecurity more friendly (2019)

Podcasts

Beyond Technical Skills: Unlocking the Human Element in Cybersecurity | Security Masterminds Podcast (2023)

Human-Centered Cybersecurity at NIST | Unlocking the Human Factor with Julie Haney | Redefining CyberSecurity Podcast with Sean Martin (2023)

Usability and Cybersecurity | Conversations in Security Podcast (2023)

Interview with Julie Haney re: NIST Usable Cybersecurity (starting at 9:35) | Paubox HIPAA Critical Podcast (2020)

Project Links

Overview Events

Additional Pages

About Our Team Research Areas Authentication Cryptography Cybersecurity Adoption, Awareness, & Training Human-Centered Cybersecurity (General) Internet of Things Phishing Privacy User Perceptions & Behaviors Voting Youth Security & Privacy

Contacts

NIST Human-Centered Cybersecurity
human-cybersec@nist.gov

Julie Haney
julie.haney@nist.gov

Group

Information Access Division

Topics

Security and Privacy: authentication, behavior, cryptography, general security & privacy, privacy, security programs & operations, usability

Applications: cybersecurity education, cybersecurity workforce, Internet of Things, voting

Additional Pages

About Our Team Research Areas Authentication Cryptography Cybersecurity Adoption, Awareness, & Training Human-Centered Cybersecurity (General) Internet of Things Phishing Privacy User Perceptions & Behaviors Voting Youth Security & Privacy

Contacts

NIST Human-Centered Cybersecurity
human-cybersec@nist.gov

Julie Haney
julie.haney@nist.gov

Group

Information Access Division

Topics

Security and Privacy: authentication, behavior, cryptography, general security & privacy, privacy, security programs & operations, usability

Applications: cybersecurity education, cybersecurity workforce, Internet of Things, voting

Created November 17, 2016, Updated April 19, 2024