I'm a full professor and the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

I'm also the coordinator of the International Master in Information and Communication Systems.

I'm a father to two boys, a husband, and an amateur photographer.

My favorite saying is "done is better than perfect".

My favorite citation is "Wer eine Vision hat, der soll zum Arzt gehen" (anyone who has a vision should go to the doctor) from Helmut Schmidt.

I don't have LinkedIn, X, Instagram, TikTok, you name it...

Contact info

My email is:

scanda***to @ tuhh.de

You are welcome to visit me [Google Maps] at the:

Institute of Software Security
Hamburg University of Technology (TUHH)
Blohmstraße 15
21079 Hamburg

Very condensed CV

I received my PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In my academic career I had the opportunity to work in several countries, including the United States (University of Virginia, 2003), Italy (Politecnico di Torino, 2004-2005), Belgium (KU Leuven, 2006-2014) and Sweden (University of Gothenburg, 2014-2020). Since late 2020, I'm the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

Academic identifiers

Research interests

Together with my team, I apply an inter-disciplinary approach to create innovative tools and techniques to design and implement secure and privacy-friendly applications. My target application domains are micro-services, Internet-of-Things ecosystems, and cyber-physical systems. While my main interest is in the technical aspects of software security, I also investigate how security techniques can be made more effective and usable for the developers. My core research topics are:

  • Software vulnerability repair
  • Localization and prediction of software vulnerabilities
  • Localization of security features in application software
  • Generation of secure code
  • Model-based security and threat analysis
  • Usable security and privacy

In this research agenda, an important role is played by the use of ML/AI to solve cybersecurity challenges. My work is also characterized by the systematic use of empirical methods for security, including controlled experiments and mining software repositories.


Working with young researchers is one the perks of being a professor. It's something I truly enjoy and dedicate time to. I have the privilege of collaborating with the following research associates:

  • Nicolas Diaz Ferreyra, post-doctoral researcher working on privacy
  • Emanuele Iannone, post-doctoral researcher working on automated vulnerability repair and automated exploit generation
  • Catherine Tony, PhD student working on automatic generation of secure and privacy-friendly application code
  • Cuong Bui Quang, PhD student working on automated program repair techniques for security vulnerabilities
  • Simon Schneider, PhD student working on lightweight techniques to identify security features in application code (e.g., microservices)
  • Torge Hinrichs, PhD student working on predicting software vulnerabilities via machine learning


  • Pierre-Jean Quéval, PhD student at the University of Vienna, under the supervision of Prof. Uwe Zdun
  • Max Neuendorf, PhD fast-track student at the University of Hamburg, under the supervision of Prof. Mathias Fisher


In the past, I worked with these very bright individuals:

  • Dr. Mazen Mohamad, graduated in June 2023 (University of Gothenburg, co-supervisor) with a PhD thesis titled Understanding, Implementing, and Supporting Security Assurance Cases in Safety-Critical Domains
  • Mrs. Komal Kashish, collaboration on security of IoT edge frameworks in 2021-2022
  • Mrs. Anusha Bambhore Tukaram, collaboration on security of microservice applications in 2021-2022
  • Dr. Katja Tuma, graduated in January 2021 (University of Gothenburg) with a PhD thesis titled Efficiency and Automation in Threat Analysis of Software Systems
  • Dr. Rodi Jolak, PostDoc (University of Gothenburg) working on resilience of automotive systems in 2020-2021
  • Dr. Tomasz Kosinski, graduated in September 2021 (University of Gothenburg, co-supervisor) with a PhD thesis titled Privacy expectations and challenges of smart home ecosystems
  • Dr. Alexander van den Berghe, graduated in March 2020 (KU Leuven) with a PhD thesis titled SMILE: A Security-Centric, Formally-Founded Modelling Language for Humans
  • Dr. Kim Wuyts, graduated in January 2014 (KU Leuven) with a PhD thesis titled Privacy Threats in Software Architectures
  • Dr. Thomas Heyman, graduated in March 2013 (KU Leuven) with a PhD thesis titled A formal analysis technique for secure software architectures
  • Dr. Koen Yskout, graduated in April 2013 (KU Leuven) with a PhD thesis titled Connecting security requirements and software architecture with patterns
  • Dr. Koen Buyens, graduated in January 2012 (KU Leuven, co-supervisor) with a PhD thesis titled Analyzing software architectures for least privilege violations