Hanan Hibshi is a Research and Teaching Scientist at the Information Networking Institute at Carnegie Mellon University. Hanan’s research area includes: usable security, security requirements and expert’s decision-making. Her role at the INI includes advising students who are interested in pursuing a thesis or a project as their curriculum option. 

Hanan is an INI alumna. She graduated in 2011 witha Master's in Information Security Technology and Management (MSISTM, equivalent to the MSIS now). Hanan’s INI journey inspired her to get involved in research and she obtained her PhD in Societal Computing from the School of Computer Science in 2018.

Hanan is interested in studying expert decision-making in the design and post-deployment phases of software development, and in modeling human expertise to create human-centric technical solutions that conform to the real-world reasoning. Hanan’s research involves using grounded theory and mixed-methods user experiments to extract rules for use in intelligent systems in security. Hanan has studied the intersection between security requirements risk assessment and empirical data-driven intelligent systems using fuzzy logic. Her early findings attracted the attention of an international, multi-institution collaboration with the University of Nottingham.

Hanan has published in top venues, such as the IEEE Requirements Engineering Conference (RE), and the Journal of Cybersecurity. Hanan has also been invited to present her work at multiple venues, such as the 2017 Annual Acquisition Research Symposium at the Naval Postgraduate Institute, the 2016 C3E workshop at Georgia Tech, and the National Institute of Standards and Technology (NIST).

123 4616 Henry Street


2018 Ph.D., Societal Computing, Carnegie Mellon University

2011 M.S., Information Security Technology and Management, Carnegie Mellon University

2003 B.S., Computer Science, King Abdul-Aziz University

Media mentions

CyLab Security and Privacy Institute

Three CyLab papers presented at the FTC’s PrivacyCon 2020

Three CyLab papers were presented at this year's PrivacyCon, focusing on privacy and security nutrition labels, making privacy choices easier, and perceptions of advanced video analytics.

CyLab Security and Privacy Institute

picoCTF announces next competition dates

The world's largest hacking competition, hosted by Carnegie Mellon University, has announced the dates of its next competition.

CyLab Security and Privacy Institute

IoT labels will help consumers figure out which devices are spying on them

A team of CyLab researchers have developed a prototype security and privacy “nutrition label” that performed well in user tests. To develop the label, the team consulted with a diverse group of 22 security and privacy experts across industry, government, and academia.

CyLab Security and Privacy Institute

Second round of Secure and Private IoT Initiative funded projects announced

Carnegie Mellon CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has announced its second round of funding, which will support ten IoT-related projects for one year.

CyLab Security and Privacy Institute

Nearly 40,000 compete in picoCTF

The biggest hacking competition keeps getting bigger. Earlier this month, more than 39,000 people from all 50 US states and 160 different countries participated in picoCTF, a free online hacking competition hosted by CMU.