Skip to main content
Ira A. Fulton College of Engineering
Electrical and Computer Engineering
Give to ECE

Cyber Design Lab

Cyber Design Lab

The Cyber Design Lab is a collaborative research and innovation hub run by Dr. Ben Schooley and Dr. Derek Hansen. Our mission is to advance cybersecurity knowledge and practice through the design and study of innovative socio-technical systems and processes. We work with talented students, industry, and government partners to develop novel research platforms and educational experiences, as well as understand the theoretical underpinnings of behavioral cybersecurity, the adversarial mindset, and cyber design processes.

We aim to:

  • Innovate: Develop novel tools, frameworks, and strategies that support cybersecurity and usability by design.
  • Educate: Prepare the next generation of cybersecurity researchers with the theoretical undestanding, behavioral and technical expertise, and creative problem-solving skills they need to produce world-class research.
  • Collaborate: Partner with organizations to co-create solutions that address real-world security threats, leveraging our backgrounds in human computer interaction and cybersecurity.

Research & Focus Areas
Our work spans the intersection of cybersecurity, human factors, and design. Key areas include:

  1. Adversarial Mindset Training – Defining and measuring the adversarial mindset; developing experiential learning platforms to help students adopt it in the service of stronger defense. For example, we developed an LLM-backed social engineering practice platform called BAIT, which allows students to execute live social engineering campaigns as white hat hackers. We have also developed and evaluated the Cybermatics "playable case study," wherein cybersecurity novices take on the role of a penetration tester, learning how to escalate privileges and make ethically informed decisions.
  2. Security & Usability by Design – Developing novel tools, frameworks, and design processes to support the creation of secure and usable solutions. For example, we have analyzed visualizations of attack scenarios and developed and evaluated a new visual language for representing cybersecurity attack scenarios called VAPOR. We have also developed TopPrompt, a prompt engineering competition platform, which helps identify the best submitted LLM prompts and techniques for various tasks (e.g., classify SQL code as malicious or benign).  We have also designed, evaluated, and consulted on projects ranging from medical devices to international cyber defense exercises to "adversary in the middle" detection techniques to nuclear engineering augmented reality training.
  3. Behavioral Cybersecurity – Exploring new dangers posed by LLM-enabled deception and how to protect against them. For example, we have compared AI and human-created spear phishing SMS messages (spoiler: AI outperforms humans), shown how AI-generated spear phishing emails that incorporate more personal information (e.g., name of a colleague) are more persuasive, and demonstrated the viability and effectiveness of deceptive voice cloned messages. We are also exploring how technology is used by human traffickers in Africa and how anti-trafficking apps can help protect vulnerable populations.
  4. Who We Are
    Dr. Ben Schooley 
    Dr. Derek Hansen 
    ​Graduate Students
  • Jerson Francia, PhD student - AI and personalized phishing
  • Victor C. Ubakaeze, PhD student - Anti-human trafficking technologies in West Africa
  • Trevor McClellan, MS (2025) - "Development and Evaluation of CANBench: A Testbed for Assessing the Security of Automotive CAN Buses"
  • Marylynne Allen, MS student - Evaluation of the design of Large-Scale Cyber Defense Exercises
  • Jensen Wood, MS student - Adversary in the Middle detection using HTTP header modifications
  • Isaac Tuescher, MS - Design of usable and secure document encryption system

​Undergraduate Students

  • Ethan Richmond, Malaya Canite, Spencer Smith - CWE visualization; VAPOR visualization of cyber attack scenarios
  • Malaya Canite - CWE visualization; VAPOR visualization of cyber attack scenarios; voice cloned messages; adversarial mindset lit review
  • Katherine Rackliffe (2025) - "Who's on the Phone: Effectiveness of Cloned Vishing Messages" Honor's thesis
  • Spencer Smith - VAPOR visualization of cyber attack scenarios; BAIT social engineering practice platform; spear phishing
  • Jackson Knepper - Adversarial mindset lit review; BAIT social engineering practice platform
  • Jonathan Houston - BAIT social engineering practice platform
  • Katelyn Lawson - Adversarial mindset lit review; anti-human trafficking technologies
  • Penelope Gilstrap - Adversarial mindset lit review; anti-human trafficking technologies
  • Rebekah Cornelius - AI and personalized phishing
  • Jeremy Beutler - TopPrompt prompt engineering platform
  • Ezra Bradley - TopPrompt prompt engineering platform; BAIT social engineering platform