About Me

I am currently a Ph.D. candidate in the Department of Computer Science at North Carolina State University. I joined the Wolfpack Security and Privacy (WSPR) lab in 2019 and am advised by Dr. Bradley Reaves. Before joining NCSU, I received my B.S. in Computer Science from the University of Maryland, Baltimore County in 2019.

My research areas involve usable security and human-centered cybersecurity. I specifically focus on the quality of online security advice, as well as developer secret management practices. Currently, I am a NIST Graduate Student Measurement Science and Engineering Fellow in the Visualization and Usability Group. At NIST, I work on projects analyzing cybersecurity definitions for non-experts, as well as the influence of observable characteristics within phishing emails.

Curriculum Vitae

Click here to view my Curriculum Vitae.

Publications

Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice

Author(s): Lorenzo Neil, Harshini Sri Ramulu, Yasemin Acar, Bradley Reaves

We interview authors of general security advice to learn the writing processes, key decision making, and challenges for writing general security advice.

Published in the 19th Symposium on Usable Privacy and Security (SOUPS), August 2023

.

Analyzing Cybersecurity Definitions for Non-experts

Author(s): Lorenzo Neil, Julie Haney, Kerrianne Buchanan, Charlotte Healy

We systematically search for and analyze online definitions for cybersecurity non-experts are likely to encounter.

Published in the 17th IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA), July 2023

.

What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?

Author(s): Setu Basak, Lorenzo Neil, Bradley Reaves, Laurie Williams

We analyze developer's questions and related solutions about checked-in secrets.

Published in the IEEE/ACM International Conference on Software Engineering, May 2023

.

What are the Practices for Secret Management in Software Artifacts?

Author(s): Setu Basak, Lorenzo Neil, Bradley Reaves, Laurie Williams

We perform a grey literature review of Internet arifacts related to secret management in order to identify 24 practices grouped in six categories comprised of developer and organizational practices for managing secrets.

Published in the IEEE Secure Development Conference (SecDev), Oct 2022

.

Investigating Web Service Account Remediation Advice

Author(s): Lorenzo Neil, Elijah Bouma-Sims, Evan Lafontaine, Yasemin Acar, and Bradley Reaves

We identified five key phases for online account compromise remediation and analyzed the quality of advice for account compromise remediation from 57 popular U.S.- based web services.

Published in the 17th Symposium on Usable Privacy and Security (SOUPS), August 2021

.

Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports

Author(s): Lorenzo Neil, Sudip Mittal, Anupam Joshi

We mined threat intelligence about open-source systems from issue reports in GitHub public code repositories.

Published in the IEEE International Conference on Intelligence Security Informatics (ISI), Nov 2018

.

News

August 2023: I will be presenting our poster in "Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues" at SOUPS 2023.

August 2023: I will be presenting our poster in "Analyzing Cybersecurity Definitions for Non-Experts" at SOUPS 2023.

August 2023: I will be presenting our paper in "Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice" at SOUPS 2023.

July 2023: Our work from "Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice" was featured in the NC State News Release Webpage.

July 2023: I will be presenting our paper in "Analyzing Cybersecurity Definitions for Non-experts" at HAISA 2023 .

February 2023: Career Milestone:I passed my Oral Preliminary Exam/Qualifying Exam. I am officially a Doctoral candidate!

August 2021: I will be presenting our paper in Investigating Web Service Account Remediation Advice at SOUPS 2021.

August 2021: I will be attending the GREPSEC workshop for underrepresented graduate students in computer security and privacy!

May 2021: I passed my written preliminary exam!

Contact Information

Email: lcneil@ncsu.edu