IMPACT 2024 USA white

Dr Julie Haney

Computer Scientist and Human-Centered Cybersecurity Researcher, NIST


Building bridges between research and practice in human-centered cybersecurity


Julie Haney is a computer scientist and Usable Cybersecurity program lead at the U.S. National Institute of Standards and Technology (NIST). She conducts research about the human element of cybersecurity, including the usability and adoption of security solutions, work practices of security professionals, and people’s perceptions of privacy and security.

Previously, Julie spent over 20 years working in the U.S. Department of Defense as a cybersecurity professional and technical director. She has a PhD in Human-Centered Computing and an M.S. and B.S. in Computer Science.

Presentation overview

Human-centered cybersecurity researchers aim to improve people’s interactions with cybersecurity technologies and processes. Ultimately, improvements depend on cybersecurity and IT practitioners becoming aware of the research, understanding its relevance, and acting upon it. This is easier said than done, as human-centered cybersecurity, like other fields, may be subject to a disconnect between researchers and practitioners: the so-called “research-practice gap.” Past research in other domains reveal that the gap may be due to differing incentives, values, and work routines among the two communities. Typical recommendations to address the gap often place most of the burden on researchers, who may not have the resources or expertise needed for knowledge transfer. Further, these recommendations largely focus on research outputs, ignoring practitioner engagement throughout the entire research lifecycle to ensure research is relevant to practitioners. Because the human-centered cybersecurity field has its own unique characteristics and challenges, it is also unclear if prior findings and recommendations from other fields apply.

This talk will present results of a research effort to better understand points of interactions between the practitioner and human-centered cybersecurity research communities. Surveys capturing the perspectives of both practitioners and researchers reveal the perceived importance, challenges, frequency, and methods of interactions, knowledge sharing, and integration of research evidence into practice. While both communities appear to be eager to learn from each other, they often lack time, institutional support, or knowledge of how best to connect. Based on these findings, the talk will propose strategies and encourage attendee dialogue about how to facilitate collaboration without putting undue burden on either community. Discussion will also include the possible creation of “evidence bridges,” intermediaries that synthesize and make accessible research relevant to practitioner decision-making while engaging with practitioners to understand their research evidence needs.