2023-06-252023-06-25https://tore.tuhh.de/handle/11420/29955Since the beginning of my career in security, I have been studying interactive systems to understand what makes them secure (or insecure). The general aim of this research is to improve a system’s resilience and tolerance to attacks, its ability to protect critical resources and personal data, and how to make it accountable in case of an investigation. My research has been also, more specifically, to ensure a system be effective in guaranteeing such qualities once deployed in its working context. After several years of using formal methods for those tasks, I now address the question socio-technically. This means that I look at the several system’s dimensions (i.e., technical, social, and legal) and at a system’s overall components (i.e., cyber, physical, human); all of them, taken together, their protocols and ceremonies, are relevant factors that contribute to make a system effectively trustworthy and usable. Thus, I approach security holistically. Nowadays this implies, furthermore, to be able to guarantee a (presumption of) compliance with regulations and the law, for instance with the European Data Protection Regulation (GDPR) and its demands for transparency, accountability, and usability. This requires being able to carry on inter-/cross-disciplinary research. Today, I am the head of a research group called IRiSC (an acronym for Interdisciplinary Research in Sociotechnical Cybersecurity), at the Interdisciplinary Centre for Security, Reliability and Trust (SnT) of the University of Luxembourg. For me and for the members of my team, interdisciplinarity is a way of thinking and of approaching and solving problems. Often, I conduct my research in coordination with other disciplines (e.g., social science, physics, law) and I collaborate with experts from academia and industry who hold a different background than mine. Working in such an environment requires open-mindedness and a trained ability to share cross-sectors knowledge. These, besides a rigorous scientific mentality, are the qualities that I tried to nourish among the members of my group. My research is supported by national and international projects and by partnership research programs that my institute, the Interdisciplinary Center for Security, Reliability and Trust, develops with national and international industrial partners. I am active in dissemination and education. I am chair of the SocioTechnical Security (STAST) 1, an international workshop whose goal is to promote a socio-technical approach in security research. I teach in the Master of Information and Computer Sciences program of the University of Luxembourg. Occasionally, I give guest lectures at the faculty of Law or at other institutes where I have served as visiting researcher. I mentor PhD candidates and Post Doc researchers, and I promote, first in myself before anybody else, an ethical code of conduct in research. I am a member of the IEEE Society and I serve on the ethical review board of my university.