Wanna come to Hamburg? I'm hiring! I have several positions available at both PhD and PostDoc level. If interested, please send me an email with your CV and a statement of why you want to get a PhD (with me).

I'm a full professor1 and the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany. I also hold a part-time position as full professor of software engineering at the University of Gothenburg, in Sweden.

I'm a father of two boys and spend my (limited) spare time taking photographs.

My favorite saying is "done is better than perfect".

I don't have Twitter, LinkedIn, ResearchGate, Facebook, Instagram, TikTok, you name it...

Research interests

My work focuses on the design of secure applications, particularly in the realms of μ-services and IoT ecosystems. My research goal is to build round-trip security & privacy engineering methods, which are based on lightweight design models and connect the design models with the implementation code. In this research agenda, an important role is played by the use of ML/AI, as well as the adoption security-oriented intelligent agents. My work is also characterized by the systematic use of empirical methods for security, including controlled experiments and mining software repositories.

Very condensed CV

I received my PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In my academic career I had the opportunity to work in several countries, including the United States (University of Virginia, 2003), Italy (Politecnico di Torino, 2004-2005), Belgium (KU Leuven, 2006-2014) and Sweden (University of Gothenburg, 2014-2020). Since late 2020, I'm the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

H-index: Google Scholar page


Working with young researchers (particularly, PhD students) is one the perks of being a professor. It's something I truly enjoy and dedicate time to. In 2020, I've received a honorable mention as Supervisor of the Year at the Chalmers University of Technology, Sweden, a prize given by the association of the doctoral students. The motivation says:

"His consideration, communication skills and knowledge come together in a very friendly and focussed approach to supervision."

In Sweden, I have the privilege of collaborating with these brilliant researchers:

  • Katja Tuma, (PhD student) working on security threat assessment of automotive software
  • Mazen Mohamad, (PhD student) working on security assurance cases for automotive
  • Tomasz Kosinski, (PhD student) working on privacy of IoT
  • Rodi Jolak, (PostDoc) working on resilience of automotive systems

In the past, I also worked with these bright individuals:

  • Dr. Alexander van den Berghe, graduated in March 2020 (KU Leuven) with a PhD thesis titled SMILE: A Security-Centric, Formally-Founded Modelling Language for Humans
  • Dr. Kim Wuyts, graduated in January 2014 (KU Leuven) with a PhD thesis titled Privacy Threats in Software Architectures
  • Dr. Thomas Heyman, graduated in March 2013 (KU Leuven) with a PhD thesis titled A formal analysis technique for secure software architectures
  • Dr. Koen Yskout, graduated in April 2013 (KU Leuven) with a PhD thesis titled Connecting security requirements and software architecture with patterns
  • Dr. Koen Buyens, graduated in January 2012 (KU Leuven, co-supervisor) with a PhD thesis titled Analyzing software architectures for least privilege violations

1 W3 position, if you are familiar with the German academic system.