Prof. Dr. Alena Naiakshina

Alena Naiakshina (PhD, 2020) is a Professor of IT Security at the University of Cologne, Germany. She was a Professor at Ruhr University Bochum from 2021 to 2024 and, prior to that, a researcher at the University of Bonn from 2017 to 2021, where she earned her Dr. rer. nat. (equivalent to a PhD) in November 2020. She received the John Karat Usable Privacy and Security Student Research Award in 2021 for her contributions. Her research focuses on developer-centered security, usable security and privacy, and security study design. She regularly serves on the program committees of leading international conferences in security, privacy, and human factors, including S&P, CCS, USENIX Security, CHI, and SOUPS.

Vita:

• Full Professor for IT Security
  Institute of Computer Science, University of Cologne, Germany
  Since January 2026
• Associate Professor for IT Security
  Institute of Computer Science, University of Cologne, Germany
  October 2024 - January 2026
• Associate Professor for Developer-centered Security
  Faculty of Computer Science, Ruhr University Bochum (RUB), Germany
  April 2023 - September 2024
• Assistant Professor for Developer-centered Security
  Faculty of Computer Science, Ruhr University Bochum (RUB), Germany
  November 2021 - April 2023
• Post-doctoral researcher
  University of Bonn, Germany
  December 2020 - October 2021
• Dr. rer. Nat. (equiv. PhD) with distinction
  University of Bonn, Germany
  November 2020
• PhD student
  University of Bonn, Germany
  January 2017 - November 2020
• Master of Science (M.Sc.) in Computer Science with distinction
  University of Bonn, Germany
  April 2014 - December 2016
• Bachelor of Science (B.Sc.) in Computer Science
  University of Bonn, Germany
  October 2010 - March 2014

My research interests are focused on the following areas:

• Developer-centered Security: Exploring ways to equip developers with usable security tools to integrate secure practices in their workflow.
• Usable Security and Privacy: Exploring security and privacy solutions that are intuitive and accessible, ensuring higher adoption and better user experiences.
• Security Study Design: Exploring methodologies for conducting security studies with developers.
• Human Factors in Security: Investigating how human behavior affects security practices and how security measures can be better aligned with human capabilities.

Awards

• Honorable Mention: Women Security Experts Are Not The Enemy: A Qualitative Study on Gender-Related Communication Challenges (CHI’25)
• Honorable Mention: Exploring the Impact of Intervention Methods on Developers’ Security Behavior in a Manipulated ChatGPT Study (CHI’25)
• Distinguished Paper Award: Let’s Hash: Helping Developers with Password Security – A User Study (SOUPS’22)
• Finalist at the CAST/GI IT Security Dissertation Award (CAST/GI Promotionspreis IT-Sicherheit) 2022
• John Karat Usable Privacy and Security Student Research Award (SOUPS’21)
• Honorable Mention: “If you want, I can store the encrypted password”: A Password-Storage Field Study with Freelance Developers (CHI’19) 

Press & Media

• SECURITY.COM: “Developers Not Immune to Sloppy Password Practices"
• ZDNet: “Study shows programmers will take the easy way out and not implement proper password security”
• Cyclonis: “Study Shows How Developers Deal with Secure Password Storage"

Academic Service

2026

• Program Committee (PC) Member: ACM Conference on Computer and Communications Security (CCS 2026) 

2025

• Program Committee (PC) Member: ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2026)

2024

• Program Committee (PC) Member: USENIX Security Symposium (USENIX’25)
• Program Committee (PC) Member: IEEE Symposium on Security and Privacy (S&P’25)
• Program Committee (PC) Member: Symposium on Usable Privacy and Security (SOUPS’24)
• Reviewer: ACM Transactions on Privacy and Security (TOPS) 2024, Privacy & Security subcommittee for CHI’24

2023

• Associate Chair (AC): Privacy & Security subcommittee for CHI’24
• Program Committee (PC) Member: IEEE Symposium on Security and Privacy (S&P’24)
• Program Committee (PC) Member: Symposium on Usable Privacy and Security (SOUPS’23)
• Program Committee (PC) Member: IEEE Secure Development conference (SecDev’23)
• Program Committee (PC) Member: European Symposium on Usable Security (EuroUSEC’23)
• Reviewer: Journal of Cybersecurity 2023, ACM SIGCHI Conference on Computer-Supported Cooperative Work & Social Computing (CSCW’23)

2022

• Associate Chair (AC): Privacy & Security subcommittee for CHI’23
• Program Committee (PC) Member and Member of the 2022 Karat Award Committee: Symposium on Usable Privacy and Security (SOUPS’22)
• Program Committee (PC) Member: IEEE Secure Development (SecDev’22) conference
• Program Committee (PC) Member: European Symposium on Usable Security (EuroUSEC’22)
• Program Committee (PC) Member and Session Chair: Symposium on Usable Security and Privacy (USEC’22) in conjunction with NDSS
• Reviewer: Transactions on Software Engineering and Methodology (TOSEM), Journal of Cybersecurity, IEEE Security & Privacy: Special Issue on Usable Security for Security Workers

2021

• Associate Chair (AC): Privacy & Security subcommittee for CHI’22
• Program Committee (PC) Member: SOUPS workshop WAY (Who Are You!? Adventures in Authentication)
• Poster Jury Member: Symposium on Usable Privacy and Security (SOUPS)

2020

• Associate Chair (AC): Privacy & Security subcommittee for CHI’21
• Program Committee (PC) Member: SOUPS workshop WAY (Who Are You!? Adventures in Authentication)
• Workshop Leader for the BSI & UKB: „Networked with Security: Digitization, Cybersecurity & Me – Healthcare Perspectives“
   

Publications:

• The Impact of AI-Assisted Development on Software Security: A Study of Gemini and Developer Experience
  Nadine Jost, Benjamin Berens, Manuel Karl, Stefan Albert Horstmann, Martin Johns, Alena Naiakshina
  arXiv preprint arXiv:2603.15298 (2026)
   
• “The AI tool can’t make it any worse.” Investigating Developers’ Security Behavior with AI Assistants in a Password Storage Study
  Asli Yardim, Raphael Serafini, Nadine Jost, Anna-Marie Ortloff, Alena Naiakshina
  CHI Conference on Human Factors in Computing Systems (CHI 2026)
   
• Robust Methods for Developer Screening in Rapidly Evolving AI Contexts
  Raphael Serafini, Nino Weber, Asli Yardim, Stefan Albert Horstmann, Alena Naiakshina
  CHI Conference on Human Factors in Computing Systems (CHI 2026)
   
• “I need to learn better searching tactics for privacy policy laws." Investigating Software Developers' Behavior When Using Sources on Privacy Issues
  Stefan Albert Horstmann, Sandy Hong, Maziar Niazian, Cristiana Santos, Alena Naiakshina
  International Conference on Software Engineering (ICSE 2026)
   
• “It's not my responsibility to write them”: An Empirical Study of Software Product Managers and Security Requirements
  Houda Naji, Felix Reichmann, Tobias Bruns, and M. Angela Sasse, Alena Naiakshina
  USENIX Security Symposium (USENIX 2025)
   
• "Sorry for bugging you so much." Exploring Developers’ Behavior Towards Privacy-Compliant Implementation
  Stefan Albert Horstmann, Sandy Hong, David Klein, Raphael Serafini, Martin Degeling, Martin Johns, Veelasha Moonsamy, Alena Naiakshina
  IEEE Symposium on Security and Privacy (S&P 2025)
   
• Relationship Status: “It’s complicated” Developer-Security Expert Dynamics in Scrum
  Houda Naji, Marco Gutfleisch, Alena Naiakshina
  International Conference on Software Engineering (ICSE 2025)
   
• A Taxonomy of Functional Security Features and How They Can Be Located
  Kevin Hermann, Simon Schneider, Catherine Tony, Asli Yardim, Sven Peldszus, Thorsten Berger, Riccardo Scandariato, M. Angela Sasse, Alena Naiakshina
  Empirical Software Engineering (EMSE 2025)
   
• Women Security Experts Are Not The Enemy: A Qualitative Study on Gender-Related Communication Challenges
  (Honorable Mention)
  Asli Yardim, Stefan Horstmann, Raphael Serafini, Joshua Speckels, Alena Naiakshina
  CHI Conference on Human Factors in Computing Systems (CHI 2025)
   
• Exploring the Impact of Intervention Methods on Developers’ Security Behavior in a Manipulated ChatGPT Study
  (Honorable Mention)
  Raphael Serafini, Asli Yardim, Alena Naiakshina
  CHI Conference on Human Factors in Computing Systems (CHI 2025)
   
• Bridging the Gap Between Usable Security Research and Open-Source Practice — Lessons From a Long-Term Engagement With VeraCrypt
  Felix Reichmann, Annalina Buckmann, Konstantin Fischer, Angela Sasse, Alena Naiakshina
  CHI Conference on Human Factors in Computing Systems (CHI 2025)
   
• Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns
  Jan H. Klemmer, Stefan Albert Horstmann, Nikhil Patnaik, Cordelia Ludden, Cordell Burton Jr, Carson Powers, Fabio Massacci, Akond Rahman, Daniel Votipka, Heather Lipford, Awais Rashid, Alena Naiakshina, Sascha Fahl
  ACM SIGSAC Conference on Computer and Communications Security (CCS 2024)
   
• Defying the Odds: Solana’s Unexpected Resilience in Spite of the Security Challenges Faced by Developers
  Sebastien Andreina, Tobias Cloosters, Lucas Davi, Jens-Rene Giesen, Marco Gutfleisch, Ghassan Karame, Alena Naiakshina, Houda Naji
  ACM SIGSAC Conference on Computer and Communications Security (CCS 2024)
   
• Engaging Company Developers in Security Research Studies: A Comprehensive Literature Review and Quantitative Survey
  Raphael Serafini, Stefan Albert Horstmann, Alena Naiakshina
  USENIX Security Symposium (USENIX 2024)
   
• ChatGPT-Resistant Screening Instrument for Identifying Non-Programmers
  Raphael Serafini, Clemens Otto, Stefan Albert Horstmann, Alena Naiakshina
  In Proceedings of the 46th International Conference on Software Engineering 2024 (ICSE 2024)
• Supplementary Material
   
• „Those things are written by lawyers, and programmers are reading that.“
  Mapping the Communication Gap Between Software Developers and Privacy Experts
  Stefan Albert Horstmann, Samuel Domiks, Marco Gutfleisch, Mindy Tran, Yasemin Acar, Veelasha Moonsamy, Alena Naiakshina
  Privacy Enhancing Technologies Symposium (PETS 2024)
   
• On the Recruitment of Company Developers for Security Studies: Results from a Qualitative Interview Study
  Raphael Serafini, Marco Gutfleisch, Stefan Albert Horstmann, Alena Naiakshina
  Symposium on Usable Privacy and Security (SOUPS 2023)
   
• Let’s Hash: Helping Developers with Password Security
  (Distinguished Paper Award)
  Lisa Geierhaas, Anna-Marie Ortloff, Matthew Smith, Alena Naiakshina
  Symposium on Usable Privacy and Security (SOUPS 2022)
   
• Testing Screener Questions for Software Developer Studies with Time Limits
  Anastasia Danilova, Stefan Horstmann, Matthew Smith, Alena Naiakshina
  International Conference on Software Engineering (ICSE 2022)
   
• Do you really code? Designing and Evaluating Screening Questions for Online Surveys with Programmers
  Anastasia Danilova, Alena Naiakshina, Stefan Horstmann, Matthew Smith
  International Conference on Software Engineering 2021 (ICSE 2021)
   
• Code Reviewing as Methodology for Online Security Studies with Developers – A Case Study with Freelancers on Password Storage
  Anastasia Danilova, Alena Naiakshina, Anna Rasgauski, Matthew Smith
  Symposium on Usable Privacy and Security (SOUPS 2021)
   
• On Conducting Security Developer Studies with CS Students: Examining a Password-Storage Study with CS Students, Freelancers, and Company Developers
  Alena Naiakshina, Anastasia Danilova, Eva Gerlitz, Matthew Smith
  CHI Conference on Human Factors in Computing Systems (CHI 2020)
   
• One Size Does Not Fit All: A Grounded Theory and Online Survey Study of Developer Preferences for Security Warning Types
  Anastasia Danilova, Alena Naiakshina, Matthew Smith
  International Conference on Software Engineering 2020 (ICSE 2020)
   
• Replication: On the Ecological Validity of Online Security Developer Studies: Exploring Deception in a Password-Storage Study with Freelancers
  Anastasia Danilova, Alena Naiakshina, Johanna Deuter, Matthew Smith
  Symposium on Usable Privacy and Security (SOUPS 2020)
   
• If you want, I can store the encrypted password.” A Password-Storage Field Study with Freelance Developers 
  (Honorable Mention)
  Alena Naiakshina, Anastasia Danilova, Eva Gerlitz, Emanuel von Zezschwitz, Matthew Smith
  CHI Conference on Human Factors in Computing Systems (CHI 2019)
   
• “In Encryption We Don’t Trust: The Effect of End-To-End Encryption to the Masses on User Perception”
  Sergej Dechand, Alena Naiakshina, Anastasia Danilova, Matthew Smith
  IEEE European Symposium on Security and Privacy (Euro S&P 2019)
   
• Deception Task Design in Developer Password Studies: Exploring a Student Sample
  Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Matthew Smith
  Symposium on Usable Privacy and Security (SOUPS 2018)
   
• Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
  Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith
  ACM SIGSAC Conference on Computer and Communications Security (CCS 2017)
   
• Obstacles to the Adoption of Secure Communication Tools
  Ruba Abu-Salma, M. Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, Matthew Smith
  IEEE Symposium on Security and Privacy (S&P 2017)