In 2021 I joined the Foundational and Experimental Security research group as Assistant Professor (Universitair docent 2) and am working at the Department of Computer Science at Vrije Universiteit Amsterdam. I hold a Ph.D. in Computer Science and Engineering, which I completed at the University of Gothenburg.
Ph.D. Candidate on Diversity in Security Threat Analysis and Risk Assessment for 4 years: We are looking for a highly motivated and innovative candidate with a background in computer science / software engineering & architecture / security and risk analysis to tackle the investigation of diversity effects in threat analysis and risk assessment. Entry salary is €2,395 PM (first year) up to €3,061 PM. Read more here, apply here. Apply until September 30, 2021.
2 research assistants (0.2 FTE) for 10 months: Are risks perceived differently (or equally) by male or female analysis? What other diversity processes are taking place in a threat analysis and risk assessment discussion? Join us in this exciting new interdisciplinary research journey! Read more here and contact me.
I am passionate about building and evaluating methods for analyzing security threats and vulnerabilities in software systems. I like to work on solving practical problems with direct impact to the society. I particularly focus on:
Security-by-design. Threat modeling and risk analysis, automating security analysis of software architecture, compliance of code to the intended security.
Empirical methods for security. Designing and conducting controlled experiments, industrial case studies and studies involving human participants.
Seven pain points of threat analysis & risk assessment in the automotive domain (IEEE), K. Tuma and M. Widman, in IEEE Security & Privacy Magazine.
Checking Security Compliance between Models and Code (PDF), K. Tuma, S. Peldszus, R. Scandariato, J. Jürjens, in submission to Journal on Software and Systems Modeling (SoSyM)
Finding Security Threats That Matter: Two Industrial Case Studies (PDF), K. Tuma, C. Sandberg, U. Thorsson, M. Widman, T. Herpel, R. Scandariato, in Journal of Systems and Software (JSS), 2021.
Efficiency and Automation in Threat Analysis of Software Systems (PDF), K. Tuma, Department of Computer Science and Engineering (University of Gothenburg), defended in January 2021
Course design and teaching
Currently working on new courses at the VU.
Guest lecture in the M.Sc course Software Oriented Design (405061) coordinated and taught by Patricia Lago from the Software and Sustainability (S2) research group.
Co-creation, coordination and assistance in teaching the B.Sc flipped classroom course Mathematical Foundations or Software Engineering (DIT022).
Previous teaching assistance
Foraging mushrooms. This is what I see when I look at a forest. Recently, also rock-climbing.