This article was edited by SPRITE+ Research Associate Dmitry Dereshev, with responses and edits from Lecturer in Computing Science Dr Mohamed Khamis.
The spotlight today is on Mohamed Khamis – Lecturer in Computing Science at the University of Glasgow, a member of the Glasgow Interactive Systems (GIST) Section, and a SPRITE+ member. Some of Mohamed’s latest publications include:
How would you describe your job to a 12-year-old?
I am a lecturer at the University of Glasgow. My research focuses on how people use computers, how security of those computers affects them, and how users affect computer security themselves. I build systems that improve security and privacy, and I also study how people interact with these systems to uncover problems they face and attempt to address these problems.
Could you describe what you do during a typical workday?
In a typical research day, I think critically about the security and privacy vulnerabilities caused by new technologies and sensors that are becoming omnipresent. I do this by asking: “how can this technology be used maliciously against a person’s privacy and security?”.
Thinking like an attacker is challenging but allows you to anticipate how attacks could take place and pre-emptively develop methods to resist those attacks before they take place.
Could you describe a challenging project that you’ve recently worked on?
In a recent project, we found that if you take a thermal image of a keyboard or a touchscreen, the thermal image will show which buttons you pressed and the order of entry (see picture on the right). Now we are trying to improve our understanding of these attacks, and develop methods to overcome it through an EPSRC-funded project called TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal Imaging.
What training/experience did you have at the start of your career?
What helped me a lot is learning how to write academic papers. I learned that by using revision control systems when writing papers with my PhD supervisors. This allowed me to see the changes they made to my paper drafts which in turn helped me understand which parts of my writing style and work need to be improved. I was lucky to have two very active and hands-on supervisors who passed on a lot of their experience during my PhD studies at Ludwig-Maximilians Universität München.
How did you get into your current role?
That is an interesting story. In 2016, I wrote a paper on a topic I was so passionate about, but the paper was rejected, not once, not twice, but 5 times! Even though we improved the paper and addressed the issues raised by the reviewers every time, the reviewers always identified further points to improve. I believed in the work so I only submitted it to top conferences in my area. The final successful attempt was at a top conference that happened to be hosted by the University of Glasgow! During my visit to Glasgow, I learned about how world-leading their human-computer interaction research section is, and how it aligns nicely with my work on human factors in security systems. I also liked the city and the area a lot. This led me to apply for a lectureship post in Glasgow in 2018, and here I am a lecturer at the University of Glasgow.
What do you wish you'd known when you started your career?
That marketing your research and selling your profile are as important as the actual work done.
What would you recommend to people who want to follow in your footsteps?
Collaborate with other academics and make win-win plans that allow you to learn as much as possible from as many experienced people as possible.
What troubles did you have progressing through your career?
Every academic receives far more rejections than acceptances. I think training myself to be okay with that and persisting nevertheless was challenging – but after realizing that it is something that all academics, even the most successful ones, go through, you learn that this is part of the job and start building emotional resilience against it. Even Nobel Laureates get proposals and papers rejected!
What one stereotype would like to dispel about your job or industry?
The stereotype I would like to address is “academic research has no real-world impact”. I think this is a very wrong statement – research almost always has an impact. Sometimes the impact comes in a few weeks, months and sometimes after some years and decades. We may be privileged in cybersecurity and human-computer interaction, in that our work may have an immediate impact compared to mathematics and physics but think of Einstein’s theories which took so long to make it into “real-world” applications like GPS.
How would you describe your research or business interest in relation to SPRITE+?
My research aims to understand security and privacy implications of ubiquitous technologies and building methods to mitigate them. This aligns with SPRITE+’s challenge theme on Digital Vulnerabilities.
How do you hope to benefit from working with SPRITE+ network?
SPRITE+ has helped me by providing networking and training opportunities (e.g. through online workshops and webinars). It has also supported me in a grant application in different ways such as by committing to support my impact activities.
Which of the SPRITE+ Challenge Themes can you relate to from the job that you do? How does it impact your role?
The Digital Vulnerabilities, and Digital Technologies and Change themes align the most with my work. I relate to the former as my research aims to identify security and privacy issues associated with ubiquitous technologies and developing methods to protect users from these threats. I am also interested in studying how people’s behaviour changes depending on the technologies they use, which aligns with the latter theme.