Human-Centered Security and Privacy Course Overview

Security and privacy problems are societal challenges that cannot be solved solely through technology. The increasing security and privacy incidents, including phishing, identity thefts, and attacks on consumer smart devices, highlight the growing need to establish a continuous and in-depth understanding of the critical and undeniable role that users have in these situations. This course will introduce several security and privacy topics that have a strong human factors component.

Students will learn user research methods to effectively study people's security and privacy attitudes, concerns, and practices when they interact with technologies. Below are some of the themes that we will cover throughout this course:

  • User Research Methods and Ethics
  • Equity and Inclusivity in Security and Privacy
  • Developing Security and Privacy Tools
  • Security and Privacy Education and Awareness
  • Human-Centered Security and Privacy in Emerging Technologies

This course is suitable both for students who are interested in security and privacy and would like to learn more about the role and importance of human factors and usability in cybersecurity, as well as those who are interested in usability and human-computer interaction (HCI) and are eager to know more about how fundamentals of HCI can be applied to improve people's security and privacy. Although there are no hard requirements, the course is most suitable for students who have some programming background (e.g., an undergraduate computer programming course).

This course includes weekly reading commentariesin-class discussions, a midterm exam, and a final user-centered research project. The reading assignments are designed to introduce students to a variety of research topics in human-centered security and privacy and encourage them to critically examine usable security and privacy projects and ideas. For the final research project, students will work in small groups and deliver project status updates as well as a final report. Those who are interested will have a potential mentorship opportunity to extend their user research and publish a full paper or a poster at a top-tier venue in HCI (e.g., CHI, CSCW), privacy and security (e.g., USENIX Security, IEEE S&P), or usable privacy and security (e.g., SOUPS).

Course Information

Instructor: Pardis Emami-Naeini (she/her)
Class Location: LSRC D106
Class Time: Tuesdays and Thursdays at 3:30 p.m. - 4:45 p.m.
Office Hours: Thursdays at 5:15 p.m. - 6 p.m. (If this time slot does not work for you, please email me to schedule a different time to chat.)
Office Hours Location: LSRC D327
Resources: Course schedule, Course syllabus, Sakai, Ed


Reading Commentaries: 10%
Discussion Lead: 10%
Active Class Participation: 10%
Midterm: 20%
Group Research Project: 50%

Ongoing Feedback Survey

No matter how many times I teach this course, there is always room for improvement, both on the content of the course and my teaching and mentorship. You are encouraged to talk to me/email me at anytime to share your feedback. If you want to share your thoughts anonymously, I have created a short survey where you can provide your input. I am not collecting any personal information in this survey (e.g., demographics, IP address, location). Please note that there is no best time to answer this survey, and you can and you are encouraged to answer it multiple times during the semester. Spending your time on providing feedback is not always easy, but I will value each one of your inputs and greatly appreciate them all. :)

Link to the anonymous feedback survey: TBA

Taking Care of Your Health and Happiness

This course is important, but your continued health and happiness are far more valuable. More than anything, I expect you to take care of yourself by learning what works for you. For some of us, that means taking some time from our days for meditation, exercise, or talking to a therapist. The form of self-care is not important as long as you commit to it. I will try my best to be flexible, and I am always available to hear from you. So if anything happens that you would like to share with me, please reach out. I am by no means a therapist, and you should always consider reaching out to licensed professionals, but the least I could do is listen, share my own (often wildly incomplete) view of things, and provide case-by-case accommodations if needed.