How did you experience the genesis of the ERS department at CISPA?
When the whole thing started with Michael Schilling as the first employee, we had hardly any in-house expertise in the field of user-centered studies. In this respect, it was a perfect addition to our research. Unlike in IT, the methods required for this are taught extensively in social sciences and psychology. The goal from the outset was to transfer this approach to methods from other disciplines into our field of research. This was also linked to the idea of taking on a pioneering role.
How would you describe the range of methods used in your field of research?
To me personally, there are two specific fields of research. One of them is classic system design. Here, for example, security solutions have to be evaluated. This should be done using a clear methodology, e.g., through statistical tests. At our university, however, statistics is not taught at all in computer science. This is a knowledge gap where the ERS team is really worth its weight in gold. The second area of my work, which is much closer to the core competencies of the ERS team, are studies in the field of user-centered research. These are studies on password security or passwordless authentication, for example, where we work with users. Data is collected via surveys, interviews or laboratory studies.
How does the collaboration with the department work in practice?
Let’s say you have an idea for a new study and already have a research question. In that case, you contact the ERS team to inquire if they have the capacity and interest in the project. Together with the ERS team, the research question is then broken down and refined: What exactly is the research question, what are the sub-research questions, and how can these be translated into testable hypotheses? Then, you collaborate on deciding what type of data is needed and how to collect it. It’s important to determine how to test the hypotheses to answer the research question, driven by the data. The ERS team then also takes on part of the recruitment of study participants, data collection, and, together with us, the analysis.
Is methodological consulting through a dedicated department standard in academia, or is it a unique CISPA feature?
No, that’s not a standard practice. In my opinion, it’s something quite special. I know others working in this field have taught themselves and trained others. They usually handle this within their own research groups or, like in the American system, across two or three groups. However, a dedicated team that provides, develops, and maintains infrastructure, and also assists with setting up studies, is truly something unique. We’re fortunate to have that team.
What do you appreciate most about the ERS team?
What I value most about the ERS team is that they go beyond being a mere service department; they take a proactive approach. For instance, they initiate their own projects, such as Rudolf Siegel’s Cysec4Psych initiative. If, as a center, we can support them in a way that enables them to not only function as a service unit but also develop a distinct scientific profile at the intersection of IT security, computer science, and methodology, I find that truly remarkable.
Thank you for the conversation.
Dr. Sven Bugiel is a CISPA faculty and security researcher specializing in the security of (mobile) operating systems and trusted data processing. In the past, his work has focused particularly on Mandatory Access Control (MAC) for the Android operating system and the integration of hardware security components into mobile operating systems.
