I'm a full professor and the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany. I also hold a part-time position as full professor of software engineering at the University of Gothenburg, in Sweden.

I'm a father of two boys and spend my (limited) spare time taking photographs.

My favorite saying is "done is better than perfect".

I don't have Twitter, Facebook, Instagram, TikTok, you name it...

Research interests

My work focuses on the design of secure and privacy-friendly applications, particularly in the realms of μ-services, IoT ecosystems, and cyber-physical systems (e.g., automotive). My research goal is to build round-trip security & privacy engineering methods, which are based on lightweight design models and connect the design models with the implementation code. In this research agenda, an important role is played by the use of ML/AI, as well as the adoption security-oriented intelligent agents. My work is also characterized by the systematic use of empirical methods for security, including controlled experiments and mining software repositories.

Very condensed CV

I received my PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In my academic career I had the opportunity to work in several countries, including the United States (University of Virginia, 2003), Italy (Politecnico di Torino, 2004-2005), Belgium (KU Leuven, 2006-2014) and Sweden (University of Gothenburg, 2014-2020). Since late 2020, I'm the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

H-index: Google Scholar page


Working with young researchers (particularly, PhD students) is one the perks of being a professor. It's something I truly enjoy and dedicate time to. In 2020, I've received a honorable mention as Supervisor of the Year at the Chalmers University of Technology, Sweden, a prize given by the association of the doctoral students. The motivation says:

"His consideration, communication skills and knowledge come together in a very friendly and focussed approach to supervision."

In Germany, I have the pleasure of supervising the following PhD students:

  • Catherine Tony, (PhD student) working on innovative dev-bots assisting software developers in the creation of secure and privacy-friendly applications
  • Cuong Bui Quang, (PhD student) working on automated security and privacy repairs at both model and code level
  • Komal Kashish, (PhD student) working on the design and implementation of secure and privacy friendly applications in the domain of Internet of Things (IoT)

In Sweden, I have the privilege of collaborating with these brilliant researchers:

  • Rodi Jolak, (PostDoc) working on resilience of automotive systems
  • Mazen Mohamad, (PhD student) working on security assurance cases for automotive
  • Tomasz Kosinski, (PhD student) working on privacy of IoT (I'm his co-supervisor)

In the past, I also worked with these bright individuals:

  • Dr. Katja Tuma, graduated in January 2021 (University of Gothenburg) with a PhD thesis titled Efficiency and Automation in Threat Analysis of Software Systems
  • Dr. Alexander van den Berghe, graduated in March 2020 (KU Leuven) with a PhD thesis titled SMILE: A Security-Centric, Formally-Founded Modelling Language for Humans
  • Dr. Kim Wuyts, graduated in January 2014 (KU Leuven) with a PhD thesis titled Privacy Threats in Software Architectures
  • Dr. Thomas Heyman, graduated in March 2013 (KU Leuven) with a PhD thesis titled A formal analysis technique for secure software architectures
  • Dr. Koen Yskout, graduated in April 2013 (KU Leuven) with a PhD thesis titled Connecting security requirements and software architecture with patterns
  • Dr. Koen Buyens, graduated in January 2012 (KU Leuven, co-supervisor) with a PhD thesis titled Analyzing software architectures for least privilege violations