Submissions due: 16 June 2022
Publication: January/February 2023
Much usable security research has focused on improving the experience of end users. However, another group of individuals represent an especially important, but often understudied, user population also needing support: the workers who develop, use, and manipulate privacy and security information and technologies as a significant part of their jobs. Examples of security workers include:
- Software developers, who design and build software that manages and protects sensitive information and delivers critical functionality in a secure manner
- Security and system administrators, who deploy and manage security-sensitive software and hardware systems
- IT professionals whose decisions have impact on end users’ security and privacy
- Intelligence analysts, who collect and analyze security data
- Security consultants and educators, who provide guidance to individuals and organizations on practicing good security behaviors and implementing security technologies
- Privacy engineers, who ensure that privacy considerations are integrated into product design
This special issue of IEEE Security & Privacy aims to highlight research of value to security workers, as well as practices and case studies of security workers of value to usable security researchers. Topics include, but are not limited to:
- New insights or takeaways with practical implications based on empirical studies of security workers, including case studies, experiments, field studies, and surveys
- Approaches for how to find and collaborate with security workers for empirical studies
- Case studies and best practices authored by security workers, including the use of standards and practices such as Zero Trust and DevSecOps
- New tools, visualizations, or techniques designed to assist security workers or evaluations of those tools
- Frameworks for better understanding security workers and their jobs and tasks
- Overview, survey, or systemization of knowledge papers that integrate and synthesize existing knowledge to provide new insights into a previously studied area of interest to security workers
In addition to full papers, short papers and opinion pieces are welcome.
For author information and submission criteria for full papers, please visit the Author Information page. As stated there, full papers should be 4900 – 7200 words in length. Please submit full papers through the ScholarOne system, and be sure to select the special-issue name. Manuscripts should not be published or currently submitted for publication elsewhere. Please submit only full papers intended for peer review, not short papers or opinion pieces, to the ScholarOne portal.
Short papers and opinion pieces should contain 2200 – 3700 words. The title should start with the type of submission, i.e., “Short Paper:” or “Opinion:” respectively. There should be no more than 10 references. These submissions should be converted to PDF and emailed to the guest editors at firstname.lastname@example.org by the submission deadline.
Contact the guest editors at email@example.com.
Julie Haney, NIST, Usable Cybersecurity Program Lead, USA
Mary Ellen Zurko, MIT Lincoln Laboratory, Technical Staff, USA