August 2023: I will be presenting our poster in "Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues" at SOUPS 2023.
I am currently a Ph.D. candidate in the Department of Computer Science at North Carolina State University. I joined the Wolfpack Security and Privacy (WSPR) lab in 2019 and am advised by Dr. Bradley Reaves. Before joining NCSU, I received my B.S. in Computer Science from the University of Maryland, Baltimore County in 2019.
My research areas involve usable security and human-centered cybersecurity. I specifically focus on the quality of online security advice, as well as developer secret management practices. Currently, I am a NIST Graduate Student Measurement Science and Engineering Fellow in the Visualization and Usability Group. At NIST, I work on projects analyzing cybersecurity definitions for non-experts, as well as the influence of observable characteristics within phishing emails.
Author(s): Lorenzo Neil, Harshini Sri Ramulu, Yasemin Acar, Bradley Reaves
We interview authors of general security advice to learn the writing processes, key decision making, and challenges for writing general security advice.
Published in the 19th Symposium on Usable Privacy and Security (SOUPS), August 2023
.Author(s): Lorenzo Neil, Julie Haney, Kerrianne Buchanan, Charlotte Healy
We systematically search for and analyze online definitions for cybersecurity non-experts are likely to encounter.
Published in the 17th IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA), July 2023
.Author(s): Setu Basak, Lorenzo Neil, Bradley Reaves, Laurie Williams
We analyze developer's questions and related solutions about checked-in secrets.
Published in the IEEE/ACM International Conference on Software Engineering, May 2023
.Author(s): Setu Basak, Lorenzo Neil, Bradley Reaves, Laurie Williams
We perform a grey literature review of Internet arifacts related to secret management in order to identify 24 practices grouped in six categories comprised of developer and organizational practices for managing secrets.
Published in the IEEE Secure Development Conference (SecDev), Oct 2022
.Author(s): Lorenzo Neil, Elijah Bouma-Sims, Evan Lafontaine, Yasemin Acar, and Bradley Reaves
We identified five key phases for online account compromise remediation and analyzed the quality of advice for account compromise remediation from 57 popular U.S.- based web services.
Published in the 17th Symposium on Usable Privacy and Security (SOUPS), August 2021
.Author(s): Lorenzo Neil, Sudip Mittal, Anupam Joshi
We mined threat intelligence about open-source systems from issue reports in GitHub public code repositories.
Published in the IEEE International Conference on Intelligence Security Informatics (ISI), Nov 2018
.August 2023: I will be presenting our poster in "Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues" at SOUPS 2023.
August 2023: I will be presenting our poster in "Analyzing Cybersecurity Definitions for Non-Experts" at SOUPS 2023.
August 2023: I will be presenting our paper in "Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice" at SOUPS 2023.
July 2023: Our work from "Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice" was featured in the NC State News Release Webpage.
July 2023: I will be presenting our paper in "Analyzing Cybersecurity Definitions for Non-experts" at HAISA 2023 .
May 2023: Our paper "What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?" was accepted into the IEEE/ACM International Conference on Software Engineering.
February 2023: Career Milestone:I passed my Oral Preliminary Exam/Qualifying Exam. I am officially a Doctoral candidate!
December 2022: I am serving on the 2023 ACM WiSec Program Committee.
October 2022: Our paper "What are the Practices for Secret Management in Software Artifacts?" was accepted into the IEEE Secure Development Conference (SecDev).
May 2022: I will be presenting our current research in Investigating how Experts write General Security Advice at the Capital-Area Colloquium on Trustworthy and Usable Security/Privacy (CACTUS/P).
August 2021: I will be presenting our paper in Investigating Web Service Account Remediation Advice at SOUPS 2021.
August 2021: I will be attending the GREPSEC workshop for underrepresented graduate students in computer security and privacy!
May 2021: I passed my written preliminary exam!
October 2020: I began my two year term of serving as the Treasurer for the NC State Black Graduate Student Association (BGSA).
August 2020: I will be attending the Who Are You?! Adventures in Authentication Workshop (WAY) and present my paper in "Investigating Web Service Account Remediation Advice".