View All Vacancies
Senior Research Associate/Research Associate: Secure Software Development by the Masses
School of Computing and Communications
£32,958 to £38,183
Friday 31 March 2017
To be confirmed
Why Johnny doesn’t Write Secure Software: Secure Software Development by the Masses
This is a fixed term position within Lancaster University’s institution-wide research centre, Security Lancaster, which is one of the UK’s Academic Centres of Excellence in Cyber Security Research. You will join a major programme of research on studying the security behaviours and decision-making processes of ‘the masses’ engaged in software development.
Developing software is no longer the domain of the select few with deep technical skills, training and knowledge. Mobile and web app development and easy-to-program hardware devices, such as Arduino and Raspberry Pi, have resulted in a wide range of people from diverse backgrounds developing software. This diversity of developers is at the heart of a range of innovations in the digital economy. The software they produce can be, and is, deployed across systems pervasive in many aspects of human activity and is used by a global user base. However, little is currently understood about the security behaviours and decision-making processes of ‘the masses’ engaged in software development. In this project (“Why Johnny doesn’t write secure software?”), we aim to develop a deep foundational understanding of these issues. Following Whitten and Tygar’s archetypal user, in this case Johnny’s are the variety of people with diverse backgrounds, know-how and cyber security expertise who can, and are, developing software used, potentially, by millions worldwide.
You will conduct in-depth research into understanding such developers’ awareness and planning with respect to security; their security decision strategies and processes and the cognitive biases that shape their programming choices and actions; and effectiveness of interventions to support/improve their security behaviours. You will develop innovative research the puts you at the forefront of work into humans dimensions of cyber security. The project offers an exciting opportunity to combine research concepts and ideas with real world problems and their solutions.
You will join a thriving inter-disciplinary community of 100 researchers within Security Lancaster. The Centre and the School of Computing and Communications (where you will be based) both offer a highly inclusive and stimulating environment for research career development. You will also work closely with leading experts in the Department of Psychology, specifically Dr. John Towse, as well as collaborators at other UK institutions (The Open University: Professor Marian Petre, Prof. Bashar Nuseibeh and Dr. Thein Thun, and University of Exeter: Professor Mark Levine) and a range of international collaborators. There is a strong expectation that you will actively contribute to the strong profile of the Centre and its inter-disciplinary ethos through participation in the development and publication of research results.
The is a fixed-term appointment starting 1 May 2017 or as soon as possible thereafter and ending 31 March 2020.
Informal enquiries should be addressed to Professor Awais Rashid, Director of Security Lancaster and Principal Investigator of the project, email: email@example.com or telephone +44 1524 510316.
We welcome applications from people in all diversity groups. We are committed to family-friendly and flexible working policies on an individual basis, as well as the Athena SWAN
Lancaster University - ensuring equality of opportunity and celebrating diversity