The 4th Workshop on Security Information Workers
Baltimore Marriott Waterfront - Baltimore, MD, USA
August 12, 2018


Welcome and opening remarks

02:00 - 02:10

Paper Session #1: Security Professionals

02:10 - 03:10

What shape peg are you? Different cyber jobs require different cognitive skills
Susan G. Campbell; Petra Bradley (University of Maryland)
Toward Integrated Tactical Operations for Red/Blue Cyber Defense Teams
Julie M. Haney; Celeste Lyn Paul (U.S. Department of Defense)
Forming IDEAS Interactive Data Exploration & Analysis System
Robert Bridges; Maria Vincent; Kelly Huffer; John Goodall (Oak Ridge National Laboratory); Jessie Jamieson (University Nebraska); Zachary Burch (Virginia Tech)


03:10 - 03:20

Panel with Paper Session #1 speakers regarding research on security professionals

03:20 - 03:50

Paper Session #2: Developers

03:50 - 04:50

Understanding Software Developers' Approach towards Implementing Data Minimization
Awanthika Senarath; Nalin A.G. Aarachchilage (University of New South Wales)
Am I Responsible for End-User's Security? A Programmer's Perspective
Chamila Wijayarathna; Nalin Asanka Gamagedara Arachchilage (University of New South Wales)
Motivations and Amotivations for Software Security: Preliminary Results
Hala Assal; Sonia Chiasson (Carleton University)
Toward a Field Study on the Impact of Hacking Competitions on Secure Development
Daniel Votipka (University of Maryland); Hongyi Hu; Bryan Eastes (Dropbox Inc.); Michelle L. Mazurek (University of Maryland)


04:50 - 05:00

Panel with Paper Session #2 speakers regarding research on secure development

05:00 - 05:25

Closing Remarks

05:25 - 05:30

Call for Papers: 4th Workshop on Security Information Workers

The human element is often considered the weakest element in security. Although many kinds of humans interact with systems that are designed to be secure, one particular type of human is especially important, the security information worker. Security information workers include:
  • Software developers, who design and build software that manages and protects sensitive information;
  • Security and system administrators, who deploy and manage security-sensitive software and hardware systems;
  • IT professionals whose decisions have impact on end users' security and privacy;
  • Privacy workers, who handle, research, and protect user data;
  • Intelligence analysts, who collect and analyze data about security matters to understand information and make predictions; and
  • Security consultants and educators, who provide guidance to individuals and organizations on practicing good security behaviors and implementing security technologies
This half-day workshop aims to develop and stimulate discussion about security information workers. We will consider topics including, but not limited to:
  • Empirical studies of security information workers, including experiments, field studies, and surveys;
  • New tools designed to assist security information workers;
  • Infrastructure for better understanding security information workers;
  • Information visualization and other techniques designed to help security information workers do their jobs;
  • Evaluations of tools and techniques for security information workers.

Much security research could be considered about security information workers; for instance, tools that automatically find defects in program code could be construed to help software developers. However, successful submissions to this workshop will explicitly be informed by an understanding of how security information workers do their jobs, and the results will explicitly address how we understand security information workers.

We solicit short papers or extended abstracts from 2-4 pages describing new research contributions in this area, as well as work in progress, preliminary results, and position papers. Please use the SOUPS paper template for submissions available at (Microsoft Word) or (LaTeX). Submissions do not need to be anonymized. Submissions may be made at our HotCRP.

Workshop papers will be made available to attendees prior to the workshop. Paper presentations will be short, approximately 10 minutes in length depending on the number of papers submitted. Each group of related presentations will be followed by a panel to allow the presenters an opportunity to have an interactive discussion with the audience about methods, challenges, and future directions in security information workers research.

Important Dates

Paper submission deadline(extended) Wednesday, May 30, 2018 Friday, May 25, 2018
WorkshopSunday, August 12, 2018

Submission Instructions

Submission Site

Organizing Committee

  • Yasemin Acar, Leibniz University Hannover
  • Sascha Fahl, Ruhr-University Bochum
  • Julie Haney, University of Maryland, Baltimore County
  • Celeste Lyn Paul, U.S. Department of Defense
  • Daniel Votipka, University of Maryland

Program Committee Chairs

  • Yasemin Acar, Leibniz University Hannover
  • Sascha Fahl, Ruhr-University Bochum
  • Julie Haney, University of Maryland, Baltimore County
  • Celeste Lyn Paul, U.S. Department of Defense
  • Daniel Votipka, University of Maryland, College Park

Program Committee

  • Nalin Asanka Gamagedara Arachchilage, The University of New South Wales
  • Rock Stevens, University of Maryland, College Park
  • Stacey Watson, University of North Carolina at Charlotte
  • Charles Weir, Lancaster University

Web Chair

  • Christian Stransky, Leibniz University Hannover

Venue and Registration

The workshop is colocated with the 14th Symposium on Usable Privacy and Security, please refer to the conference website for further information and registration.