October 2025: Our paper "It Should Be Easy but... New Users' Experiences and Challenges with Secret Management Tools" was accepted and presented at the 2025 ACM Conference on Computer and Communications Security (CCS).
I am currently a Research Staff Member in the Science, Systems, and Sustainment Division (S3D) at the Institute for Defense Analyses. At IDA, I use qualitative and quantitative research methods to assess technologies and systems used by government sponsored organizations.
I received my doctoral degree in computer science from North Carolina State University (NCSU). At NCSU, I was a member of the Wolfpack Security and Privacy Research Lab, where my broader research interests included usable security and secret management. I was also a Graduate Student Measurement Science and Engineering Fellow at the National Institute of Standards and Technology (NIST). At NIST, I worked on projects analyzing cybersecurity definitions for non-experts, as well as the influence of observable characteristics within phishing emails.
Check out my google scholar page here.
Author(s): Lorenzo Neil, Deepthi Mungara, Laurie Williams, Yasemin Acar, Bradley Reaves
We observed 21 new users in person while they used Secret Management Tools to identify their challenges and experiences using Secret Management Tools for the first time.
Published in the 2025 ACM Conference on Computer and Communications Security (CCS), October 2025
.Author(s): Lorenzo Neil, Charlotte Healy, Julie Haney
We interview 30 non-experts to identify non-expert understandings and perceptions towards published cybersecurity definitions.
Published in the 2025 CHI Conference on Human Factors in Computing Systems, April 2025
.Author(s): Lorenzo Neil, Harshini Sri Ramulu, Yasemin Acar, Bradley Reaves
We interview authors of general security advice to learn the writing processes, key decision making, and challenges for writing general security advice.
Published in the 19th Symposium on Usable Privacy and Security (SOUPS), August 2023
.Author(s): Lorenzo Neil, Julie Haney, Kerrianne Buchanan, Charlotte Healy
We systematically search for and analyze online definitions for cybersecurity non-experts are likely to encounter.
Published in the 17th IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA), July 2023
.Author(s): Setu Basak, Lorenzo Neil, Bradley Reaves, Laurie Williams
We analyze developer's questions and related solutions about checked-in secrets.
Published in the IEEE/ACM International Conference on Software Engineering, May 2023
.Author(s): Setu Basak, Lorenzo Neil, Bradley Reaves, Laurie Williams
We perform a grey literature review of Internet arifacts related to secret management in order to identify 24 practices grouped in six categories comprised of developer and organizational practices for managing secrets.
Published in the IEEE Secure Development Conference (SecDev), Oct 2022
.Author(s): Lorenzo Neil, Elijah Bouma-Sims, Evan Lafontaine, Yasemin Acar, and Bradley Reaves
We identified five key phases for online account compromise remediation and analyzed the quality of advice for account compromise remediation from 57 popular U.S.- based web services.
Published in the 17th Symposium on Usable Privacy and Security (SOUPS), August 2021
.Author(s): Lorenzo Neil, Sudip Mittal, Anupam Joshi
We mined threat intelligence about open-source systems from issue reports in GitHub public code repositories.
Published in the IEEE International Conference on Intelligence Security Informatics (ISI), Nov 2018
.October 2025: Our paper "It Should Be Easy but... New Users' Experiences and Challenges with Secret Management Tools" was accepted and presented at the 2025 ACM Conference on Computer and Communications Security (CCS).
May 2025: Career Milestone: I officially graduated with my PhD from North Carolina State University!
February 2025: Career Milestone: I officially started my new full-time position as a Research Staff Member in the Science, Systems, and Sustainment Division (S3D) at the Institute for Defense Analyses.
January 2025: Our paper ""A five-year-old could understand it" versus "This is way too confusing": Exploring Non-expert Understandings and Perceptions of Cybersecurity Definitions" was accepted into the 2025 CHI Conference on Human Factors in Computing Systems .
December 2024: Career Milestone: I successfully defended my PhD dissertation "Understanding Root Causes for Online Cybersecurity Advice Challenges" (Paper). I officially completed my PhD program!
August 2023: I will be presenting our poster in "Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues" at SOUPS 2023.
August 2023: I will be presenting our poster in "Analyzing Cybersecurity Definitions for Non-Experts" at SOUPS 2023.
August 2023: I will be presenting our paper in "Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice" at SOUPS 2023.
July 2023: Our work from "Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice" was featured in the NC State News Release Webpage.
July 2023: I will be presenting our paper in "Analyzing Cybersecurity Definitions for Non-experts" at HAISA 2023 .
May 2023: Our paper "What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?" was accepted into the IEEE/ACM International Conference on Software Engineering.
February 2023: Career Milestone: I passed my Oral Preliminary Exam/Qualifying Exam. I am officially a Doctoral candidate!
December 2022: I am serving on the 2023 ACM WiSec Program Committee.
October 2022: Our paper "What are the Practices for Secret Management in Software Artifacts?" was accepted into the IEEE Secure Development Conference (SecDev).
May 2022: I will be presenting our current research in Investigating how Experts write General Security Advice at the Capital-Area Colloquium on Trustworthy and Usable Security/Privacy (CACTUS/P).
August 2021: I will be presenting our paper in Investigating Web Service Account Remediation Advice at SOUPS 2021.
August 2021: I will be attending the GREPSEC workshop for underrepresented graduate students in computer security and privacy!
May 2021: I passed my written preliminary exam!
October 2020: I began my two year term of serving as the Treasurer for the NC State Black Graduate Student Association (BGSA).
August 2020: I will be attending the Who Are You?! Adventures in Authentication Workshop (WAY) and present my paper in "Investigating Web Service Account Remediation Advice".