The real voyage of discovery lies in not seeing new landscapes but in having new eyes. (Marcel Proust)

I am an Associate Professor and head of the Threat Analysis group within the Security Cluster of the Eindhoven University of Technology, in the Netherlands. We investigate attacker operations ([1], [2]), economics ([3], [4]), and how these are ultimately delivered to the (human) user ( [5] , [6]) to improve operational defense capabilities ([7], [8]). Our research draws from several fields, including computer security, economics, risk analysis, and criminology.

I am the Scientific Director of the Eindhoven Security Hub SOC, a facility managed by the TU/e SECurity group and devoted to delivering cutting-edge security monitoring services to its customers. Read more about it here and here.

About

        Office:         MF 6.061 
                        P.O. Box 513, 5600 MB
                        Eindhoven, The Netherlands
        Email:          l.allodi at tue.nl
        PGP fngrprnt:   950E 3DC8 EB66 DFF3 B64D  7848 A0AD 0BB6 5DC4 98F1

Public key here. Curriculum Vitae here.

LinkedIn (hardly updated) at this.
Mastodon (hardly accessed) at @securescientist@fediscience.org.
I am active on BlueSky 🦋 at @securescientist.eu.

I am neither on Facebook nor on Twitter/X. My Twitter handle was @securescientist. Following the demise of reach, pluralism, and reasoned discourse on “X”, I have deactivated and deleted my account effective on 14/12/2024.

Students

Ongoing

  • Roy Ricaldi on evolving cybercrime activities.
  • Leon Kersten on decision support for cybersecurity analysis. Website.
  • Koen Teuwen on threat intelligence operationalization.

Graduated

  • Michele Campobasso on cybercrime operations and ecosystems. Website, GScholar profile.
  • Pavlo Burda on advanced social engineering. Website, GScholar profile.

    • Some highlights

    Organization

    I am the organizer and co-chair of the multidisciplinary Workshop on Attackers and Cyber-Criminal Operations (WACCO), together with, among others, Alice Hutchings (Twitter, homepage) and Sergio Pastrana (Twitter, homepage). The workshop is held annually jointly with the IEEE European Symposium on Security and Privacy.

    A selection of publications

    • Burda, P., Allodi, L., & Zannone, N. (2024). Cognition in social engineering empirical research: a systematic literature review. ACM Transactions on Computer-Human Interaction, 31(2), 1-55. PDF
    • Marin, I. and Burda, P. and Zannone, N. and Allodi, L. (2023), The Influence of Human Factors on the Intention to Report Phishing Emails In Proceedings of the 2023 ACM CHI Conference on Human Factors in Computing Systems. Preprint.
    • Campobasso, M. and Allodi, L. (2023), Know Your Cybercriminal: Evaluating Attacker Preferences by Measuring Profile Sales on an Active, Leading Criminal Market for User Impersonation at Scale. In Proceedings of USENIX Security 2023. Preprint.
    • Martin Rosso, Michele Campobasso, Ganduulga Gankhuyag, Luca Allodi. SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers. In Proceedings of the 36th Annual Computer Security Applications Conference (ACSAC 2020). (acc. rate 23%) Distinguished Paper with Artifacts Award Preprint.
    • Amber van der Heijden, Luca Allodi. Cognitive Triaging of Phishing Attacks. In Proceedings of Usenix Security 2019. (Acc. rate 16%). Preprint.
    • Luca Allodi. 2017. Economic Factors of Vulnerability Trade and Exploitation. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘17). ACM, New York, NY, USA, 1483-1499. DOI: https://doi.org/10.1145/3133956.3133960 (Acc. rate 18%). Preprint.