Send email Copy Email Address
© Felix Koltermann

Felix Koltermann

2025-01-06
Felix Koltermann

“Learning how to network at an early stage, in an uncomplicated and informal way”: In conversation with CISPA-Faculty Professor Dr. Sascha Fahl

Both the quality and the attractiveness of a scientific symposium depend on the selection of speakers. For the CISPA summer school on usable security which took place in July 2024, this responsibility as well as the scientific management of the event was in the hands of CISPA-Faculty Professor Dr. Sascha Fahl. In our interview, he tells us about his experiences in the preparation of the Summer School.

What is the significance of participating in a summer school for an academic career?

I think it can help participants to interact with others who are at the same career stage or already further along. It is also important to learn how to interact with the speakers. We are fortunate that the majority of our speakers this year are from the USA, which allows participants to get to know the US system a little better. The primary benefit of participating in a summer school is learning how to network at an early stage, in an uncomplicated and informal way.

How would you describe the subject area of this summer school on usable security?

We have a diverse and colorful selection of research topics from the field of usable security. Basically, we’re focusing on the interaction between people, IT security and data protection technology. The aim is to understand why certain technologies don't work as well in the real world as they do on paper. For example, we have a really exciting presentation by Lujo Bauer, who has spent the last 15 years examining different aspects of password security. Cori Faklaris will focus on methodology: How do we carry out our research, how do we obtain data and how can we analyze it in a way that enables us to answer our questions in a scientifically sound fashion.

Usable security is an important research cluster at CISPA. What characterizes this subject area from a CISPA perspective?

Research at CISPA is clustered into six research areas. If you look at them in terms of a spectrum ranging from theory to practice, we begin with algorithmic foundations and cryptography at one end, in the middle we have systems, networks, web security and security through machine learning, and then we come to usable security at the other end. So at the beginning, there are a lot of conceptual, theoretical and technical foundations that CISPA deals with. Usable security is the last part of this IT-security journey from the concepts to the real world. This doesn’t mean that we are only asked to make our contribution at the very last point, but we are basically the interface with the real world.

What do you think are the most important building blocks when designing a summer school?

One important point is that when selecting speakers, you should consider inviting people who you know or have been told give good presentations. This makes it easy for the audience to interact and participate. But the main thing for me is to give participants the opportunity to network at the summer school. I think we did a good job of including this in the program.

What were your criteria when selecting the speakers?

It was important to me that we have a good content mix as well as a focus on internationally recognized speakers. It was also important that we pay attention to gender diversity and that we select speakers who are still at the beginning of their career as well as others who are already very advanced.

What is the advantage of a monothematic summer school?

You can tell from the program that the topics are very diverse despite the monothematic focus. My impression is that focusing on one topic is an advantage at this point because it offers participants the opportunity to delve deeper into certain areas instead of only scratching the surface. Over the last decade, we have become much broader in usable security research, both in terms of methodology and content. It is a real advantage that this monothematic summer school allows us to represent this development.

What do you look for when selecting participants?

In principle, the motivation letters were decisive for me. It didn’t matter to me so much whether the applicants had already been published. But they had to be able to explain well what they expected from the summer school and why they were interested in the topic of usable security.  The participants come with very different levels of prior knowledge, ranging from Bachelor to PhD students.

How did you deal with this when you were planning the summer school?

Actually, our youngest participant is a 12th grade student. I brought her from Hannover and she is spending her summer holidays with us. I think that people find this diversity enriching. Thankfully, we work in a research area that is relatively accessible. Of course, this can be very different for other subject areas. But our subject areas, such as password research for example, are extremely accessible. Everyone can understand the gist of it, even if they haven’t been familiar with the topic or the methodology up to now.

What significance does the summer school have when it comes to recruiting PhD students for CISPA?

It is definitely important. And I've already talked to some participants about it. There are definitely one or two people that I will talk to again after the summer school. But this isn’t necessarily about recruiting people for me and my team, but also about mentoring from a Faculty perspective. Needless to say, I have a more or less permanent interest in recruiting and finding young talent. But of course there are always good students who don't want to join my research group for all sorts of reasons or who focus on something else thematically. I may still be able to give them some good advice, be it to orient themselves in a certain direction or to approach someone or perhaps even putting them in touch with the institution or person they would like to go. For this reason, we have also included a mentoring session in the program, where we are available for advice.

What challenges did you encounter when organizing the Summer School?

At the beginning, I thought that it would be a big challenge to invite speakers from the USA to a summer school at CISPA, especially those who are already well advanced in their careers. I was very positively surprised that it worked out so well. The two rejections I received were because people had already made others plans for the summer. But apart from that, I found organizing the summer school a very pleasant experience and would do it again.

What is the difference between a summer school and a conference in your eyes?

The summer school is a great training ground for conference visits. For example, I challenged the students and PhDs in my group to not always sit together in a row, but to meet new people. That's why we're here. And if they find someone they don't know how to approach, then we can do it together. That's certainly a good way to practise. 

Thank you very much for the interview.

CISPA-Faculty Professor Dr. Sascha Fahl heads the CISPA site at Leibniz University Hannover, where he has been Pro­fes­sor for Com­pu­ter Sci­ence and chair of Empirical Information Se­cu­ri­ty since April 2018. Pre­vious­ly, he was head of the Institute of IT-Se­cu­ri­ty (2017-2018) at Leibniz University Hannover. From 2016 to 2017, he was an in­de­pen­dent re­se­arch group lea­der of the Usa­ble Se­cu­ri­ty and Pri­va­cy Group at CISPA.