Photo of Hanan Hibshi

Hanan Hibshi

Office: Wean Hall - WEH 4125
Phone: 412-268-4885
Email: hhibshi [at] cmu [dot] edu

About Me

I am a Ph.D student in the Computation, Organizations & Society program at the School of Computer Science at Carnegie Mellon University. In May 2011, I got my Masters degree in Information Security Technology & Management from the Information Networking Institute (INI) at Carnegie Mellon University. Prior to my life as a CMU student, I worked as a Teaching Assistant in King Abdul-Aziz University for one year. I had also worked in the banking industry for almost 4 years.


My research interests are usable security and privacy requirements. With all the current and different threats facing technology users today, and with people's huge reliance on those technologies; it becomes important to find ways where we understand security analysts decision-making and risk assessment in a way that would help in quantifying the security risk, prioritizing requirements and draw dependence relationships among the security requirements.

Currently, I am working with Dr. Travis Breaux in the Requirements Engineering Laboratory at CMU . We work primarily on security requirements where we aim to make security requirements more usable by experts, developers, and systems engineers. This research area is very interdisciplinary in nature combining theories and practices from areas like: psychology, decision science, computer security, information science, fuzzy logic and others.

Privacy research is another aspect of my research that I find very interesting to apply my interdisciplinary approach to. I have also worked as a teaching assistant for two privacy courses at CMU: privacy,policy, law, and technology; and engineering privacy in software.

I am a student member of the Cylab Usable Privacy and Security (CUPS) laboratory at CMU directed by Dr. Lorrie Cranor. Dr. Cranor was the advisor for my Masters Thesis: Usability of Digital Forensics Tools and we still work together to conduct more research that helps improving the usability aspects of such security tools.