March 2019 – March 2023
Dr.-Ing. (with summa cum laude) @ Saarland University / CISPA
Thesis: "How to Deploy Security Mechanisms Online (Consistently)"
Supervised by: Dr.-Ing. Ben Stock
I am a junior professor and head of the Chair for Cybersecurity at the University of Bayreuth in Germany.
Before, I was a post-doctoral researcher at the Security and Privacy Research Unit at TU Wien.
In 2023 I received my doctoral degree (Dr.-Ing.) with summa cum laude from Saarland University/CISPA.
My research is focused on system security as well as usable security for developers and is regularly published at top-tier venues (IEEE S&P, USENIX Security, ACM CCS, NDSS).
To keep in touch with developers and security experts from the industry, I also regularly give talks about my research at industry conferences such as OWASP AppSec or RuhrSec.
During leisure time, I organize and participate in information security competitions
called Capture the Flag (CTF)
together with saarsec
(saarsec|steg1) from Saarbrücken or with w0y from Vienna, and I'm currently in the process of building up a local team here in Bayreuth.
Education:
March 2017 – March 2019
Master Computer Science @ Saarland University
Thesis: "Content Security Policy – A Shapeshifter’s Tale"
Supervised by: Dr.-Ing. Ben Stock
October 2013 – March 2017
Bachelor Cybersecurity @ Saarland University
Thesis: "A Platform to Recruit GitHub Users for Developer Studies"
Supervised by: Prof. Dr. Sascha Fahl
August 2010 – June 2013
High School
Intensive Courses: Computer Science, Electrical Engineering, English
Balthasar Neumann Technical College Trier
August 2004 – June 2010
Secondary School
Erich Kästner Realschule Hermeskeil
Work Experience:
Since January 2025
Professor for Cybersecurity @ University of Bayreuth
Head of the Chair for Cybersecurity
April 2023 - December 2024
Post-Doctoral Researcher @ TU Wien
Hosted by: Prof. Dr. Matteo Maffei
March 2019 - March 2023
Researcher @ CISPA Helmholtz Center for Information Security
Supervised by: Dr.-Ing. Ben Stock
Summer 2020
Internship @ Hardenize Limited
Supervised by: Ivan Ristić
October 2015 – March 2019
Research Assistant @ CISPA Helmholtz Center for Information Security
Supervised by: Dr.-Ing. Ben Stock (Dec. 2017 – Mar. 2019)
Supervised by: Prof. Dr. Sascha Fahl (Oct. 2015 – Dec. 2017)
Teaching:
Thesis/Project Advisor:
Bridging Realms: Analyzing App-to-Web Interactions in Android IABs
Master Thesis by P. Beer (2024)
Honey, I Cached our Security Tokens – Re-usage of Security Tokens in the Wild
Research Immersion Lab by L. Trampert (2022)
Note: Resulted in a RAID 2023 Publication
Do you Trust your Types? A Qualitative Study on the Usability of Trusted Types to Mitigate Client-Side XSS Vulnerabilities
Bachelor Thesis by P. Baus (2022)
Note: 2nd CAST Bachelor Thesis Award 2023 & Prestudy for Trust Me If You Can
To hash or not to hash: A security assessment of the CSP directive unsafe-hashes
Bachelor Thesis by P. Stolz (2021)
Note: Resulted in a SecWeb 2022 Publication
RetroCSP: Retrofitting Web Security on the Client Side by Reinforcing Widespread CSP Support
Bachelor Thesis by M. Wilhelm (2021)
Note: Won CAST Bachelor Thesis Award 2021
Examining the Security of Embedded Browsers
Bachelor Thesis by B. Hollinger (2020)
CIDeR: Automatically Implementing Nonce-Based Content Security Policies
Master Thesis by A. Rassier (2020)
Bytewarden & SaarsecVV Service for the 2022 SaarCTF
Cybersecurity Project by P. Decker & L. Seyler
Program Committee:
> USENIX Security Symposium 2025 (USENIX '25)
> IEEE European Symposium on Security & Privacy 2025 (EuroS&P '25)
> The Web Conference 2024 (WWW '24)
> IEEE Symposium on Security & Privacy 2024 (S&P '24)
> SecWeb Workshop co-located with IEEE S&P 2024 (SecWeb '24)
> SecWeb Workshop co-located with IEEE S&P 2023 (SecWeb '23)
> SecWeb Workshop co-located with IEEE S&P 2022 (SecWeb '22)
> SecWeb Workshop co-located with IEEE Euro S&P 2021 (SecWeb '21)
Artifact Evaluation Committee:
> Annual Computer Security Applications Conference 2020 (ACSAC '20)
Subreviewer:
> The Web Conference 2022 (WWW '22)
> Network and Distributed System Security Symposium 2021 (NDSS '21)
> Annual Computer Security Applications Conference 2019 (ACSAC '19)
Others:
> Member of the CISPA Hiring Comitee 2022
> Member of the CISPA Works Council 2019-2023
> Member in the CISPA CoronaWarnApp Team 2019-2020
> USENIX Security Symposium 2025 (USENIX '25)
> IEEE European Symposium on Security & Privacy 2025 (EuroS&P '25)
> The Web Conference 2024 (WWW '24)
> IEEE Symposium on Security & Privacy 2024 (S&P '24)
> SecWeb Workshop co-located with IEEE S&P 2024 (SecWeb '24)
> SecWeb Workshop co-located with IEEE S&P 2023 (SecWeb '23)
> SecWeb Workshop co-located with IEEE S&P 2022 (SecWeb '22)
> SecWeb Workshop co-located with IEEE Euro S&P 2021 (SecWeb '21)
Artifact Evaluation Committee:
> Annual Computer Security Applications Conference 2020 (ACSAC '20)
Subreviewer:
> The Web Conference 2022 (WWW '22)
> Network and Distributed System Security Symposium 2021 (NDSS '21)
> Annual Computer Security Applications Conference 2019 (ACSAC '19)
Others:
> Member of the CISPA Hiring Comitee 2022
> Member of the CISPA Works Council 2019-2023
> Member in the CISPA CoronaWarnApp Team 2019-2020