Katsiaryna (Kate) Labunets

Kate (Katsiaryna) Labunets

Assistant Professor in Cybersecurity

Utrecht University

Personal profile

I am an Assistant Professor in the Department of Information and Computing Sciences at Utrecht University in the Netherlands. Before joining Utrecht University, I was a cyber security postdoc for the VSNU Digital Society track on Safety and Security and H2020 CYBECO projects at the Delft University of Technology. I hold a PhD in Information and Communication Technology from the University of Trento (Italy) and a Master in Mathematics from Belarussian State University (Minsk, Belarus).

As a researcher, I am passionate about using empirical methods to solve problems in the intersection of cyber security and human factors fields. During my PhD, I studied the effectiveness of existing security methods and whether current security methods are worthy of being adopted. The main goal behind these studies was to help practitioners save time and money in selecting the most appropriate security method among dozens of existing approaches.

As a supervisor, I enjoy bringing out the best in my students and junior colleagues and helping them discover where their strengths lie.

My research interests: security behaviour, human aspects, cyber risk management, and empirical methods.

Academic positions

Assistant Professor at Utrecht University (Netherlands)

Jan 2022 - now

Duties: conducting cutting-edge research in human factors in cybersecurity at Utrecht University; designing and teaching specialized courses in cybersecurity and research methods; supervising student research projects at both undergraduate and graduate levels; collaborating with interdisciplinary teams to integrate human behavioral insights into cybersecurity strategies; disseminating research results to foster knowledge exchange in cybersecurity and human factors.

Postdoc Researcher at TU Delft (Netherlands)

Jun 2019 - May 2021

Duties: leading research on cyber security within Safety & Security track from TU Delft side; organizing workshops at the project conferences.

Postdoc Researcher at TU Delft (Netherlands)

Jun 2017 - May 2019

Duties: work package leadership; project review meetings; organization of the final dissemination event; research on cyber insurance ecosystem, cyber insurance decision-making in organisations, and policy analysis.

Postdoctoral Research Fellow at University of Trento (Italy)

Jun 2016 - May 2017

Duties: research on empirical evaluation of security risk assessment methods; contribution to the research project proposals for H2020 program; supervision of junior researchers.

Research projects

DiSa -- VSNU Digital Society project

June 2019 - May 2021

CYBECO -- Supporting Cyberinsurance from a Behavioural Choice Perspectiv

June 2017 - May 2019

JESE -- Joint seminar series "Empirical Software Engineering"

Dec 2015 - May 2017

EMFASE -- Empirical Framework for Security Design and Economic Trade-Off

Sep 2013 - Mar 2016

NESSOS -- Network of Excellence on Engineering Secure Future Internet Software Services and Systems

Oct 2012 - Mar 2014

Education

University of Trento, Italy

Nov 2011 - Apr 2016

PhD in Information and Communication Technology.
Thesis: "Security Risk Assessment Methods: An Evaluation Framework and Theoretical Model of the Criteria Behind Methods' Success"

Belarussian State University, Minsk, Belarus

Sep 2009 - Jun 2010

MSc in Mathematics.
Thesis: "Fuzzy Graphs and Fuzzy Hypergraphs"

Belarussian State University, Minsk, Belarus

Sep 2004 - Jun 2009

Diploma of Science in Mathematics.
Thesis: "Fuzzy Line Graphs of Fuzzy Hypergraphs"

Publica-
tions

  1. K. Labunets, W. Pieters, M. van Eeten, D. Branley-Bell, L. Coventry, P. Briggs, I. Martinez, and J. Sewnandan. The Cyber Insurance Landscape. In: Security Risk Models for Cyber Insurance, Chapman & Hall/CRC, 2020. Available online + related project deliverable (PDF).
  2. D. Insua Rios, A. Couce-Vieira, J. A. Rubio, W. Pieters, K. Labunets, and D. G. Rasines. 2019. An adversarial risk analysis framework for cybersecurity. In Risk Analysis. Available open access.
  3. K. Labunets. 2018. No Search Allowed: What Risk Modeling Notation to Choose?. In Proc. of ESEM 2018. Available online.
  4. I. Martinez, K. Labunets. Drivers and impediments for cyber insurance adoption (poster). ICT.OPEN 2018. Available online.
  5. L. Allodi, S. Biagioni, B. Crispo, K. Labunets, F. Massacci, and W. Santos. Estimating the assessment diculty of cvss environmental metrics: an experiment. In Proc. of FDSE 2017.
  6. K. Labunets, F. Massacci, and A. Tedeschi. Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels. In Proc. of ESEM 2017. Authors' draft version is available at SSRN.
  7. K. Labunets, A. Janes, M. Felderer, and F. Massacci. Teaching predictive modeling to junior software engineers---seminar format and its evaluation: poster. In Proc. of ICSE-C 2017. Authors' draft paper and poster.
  8. K. Labunets, F. Massacci, and F. Paci. On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment. In Proc. of REFSQ 2017. Authors' draft.
  9. K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations. Empirical Software Engineering, 2017. Available at SSRN.
  10. O. Gadyatskaya, K. Labunets, and F. Paci. Towards Empirical Evaluation of Automated Risk Assessment Methods. In Proc. of CRiSIS 2016.
  11. K. Labunets, Y. Li, F. Massacci, F. Paci, M. Ragosta, B. Solhaug, K. Stølen, and A. Tedeschi. Preliminary Experiments on the Relative Comprehensibility of Tabular and Graphical Risk Models. In Proc. of SIDs 2015. Available online.
  12. K. Labunets, F. Paci, and F. Massacci. Which Security Catalogue Is Better for Novices? In Proc. of EmpiRE Workshop at IEEE RE 2015. Available online.
  13. M. de Gramatica, K. Labunets, F. Massacci, F. Paci, and A. Tedeschi. The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals. In Proc. of REFSQ 2015. Available online.
  14. K. Labunets, F. Massacci, F. Paci, M. Ragosta, B. Solhaug, K. Stølen, and A. Tedeschi. A First Empirical Evaluation Framework for Security Risk Assessment Methods in the ATM Domain. In Proc. of SIDs 2014. Available online.
  15. K. Labunets, F. Paci, F. Massacci, and R. Ruprai. An Experiment on Comparing Textual vs. Visual Industrial Methods for Security Risk Assessment. In Proc. of EmpiRE Workshop at IEEE RE 2014. Available online.
  16. R. Scandariato, F. Paci, L.M.S. Tran, K Labunets, K. Yskout, F. Massacci, and W. Joosen. Empirical Assessment of Security Requirements and Architecture: Lessons Learned. In: Advances in Engineering Secure Future Internet Services and Systems, volume 8431 LNCS, Springer, 2014.Available online.
  17. K. Labunets, F. Massacci, F. Paci, and L.M.S. Tran. An experimental comparison of two risk-based security methods. In Proc. of the ESEM 2013. Available online.

Talks

  1. [Nov 2017] K. Labunets. Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity. Presentation at ESEM 2017, Toronto, Canada. Slides.
  2. [Sep 2017] K. Labunets. Cyber risk and insurance. Presentation at Amsterdam Centre for Insurance Studies (ACIS) symposium, University of Amsterdam, the Netherlands. Slides.
  3. [Mar 2017] K. Labunets. On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment. Presentation at REFSQ 2017, Essen, Germany. Slides.
  4. [Dec 2015] K. Labunets. Preliminary Experiments on the Relative Comprehensibility of Tabular and Graphical Risk Models. Presentation at SIDs 2015, Bologna, Italy. Slides.
  5. [Aug 2015] K. Labunets. Which Security Catalogue Is Better for Novices? Presentation at EmpiRE Workshop at IEEE RE 2015, Ottawa, Canada. Slidesx.

Work experience

Business Systems Analyst at Itransition (Minsk, Belarus)

Nov 2009 - Oct 2011

Junior Business Systems Analyst at Itransition (Minsk, Belarus)

Jul 2008 - Nov 2009

 

More details on my work in idustry can be found on my LinkedIn page.