91����

Cybersecurity technology is as good as the people using it, but limited research has been conducted in the field of human-centered cybersecurity.

This concept was explored at a workshop hosted by the National Institute of Standards and Technology (NIST) and outlined in a new report with contributions from Ann Rangarajan, assistant professor of information technology and management at 91����.

Rangarajan was one of 13 listed authors of “,” which was published by the United States Department of Commerce in April 2025.

The authors, who include academics, industry professionals, and government officials, looked at how cyber attackers are increasingly reliant on exploiting people’s roles, actions, tendencies, unintentional errors, and lack of knowledge for successful attacks, as well as how to mitigate these issues.

“This report potentially holds to spark a broader movement—one that truly elevates the human element in cybersecurity,” Rangarajan says. “This work lays a crucial foundation for shifting the conversation, not just among researchers or practitioners, but across all levels of the cybersecurity ecosystem.”

ConnectCon brought together 45 cybersecurity experts to build a consensus on how human-centered cybersecurity can be recognized and addressed in the workplace.

The group identified five key challenges, and proposed solutions for each challenge.

“What struck me deeply was witnessing the walls between academia, government, and industry come down,” Rangarajan says. “It was both fascinating and inspiring to see these communities collaborate—academic research informing practical solutions and real-world challenges shaping meaningful, applied research questions.”

The group identified innovation gaps fueled by a misunderstanding of human behavior, siloed research and practitioner communities, a focus on technical rather than human solutions, and adversary flexibility. It also identified the lack of a shared agenda for human-centered cybersecurity, measurement of human-centered cybersecurity impacts, psychological stressors, and cognitive overload and decision fatigue.

The solutions developed include clearly defining human-centered cybersecurity and its goals by describing its elements and using them to leverage a standard. They also include developing outcome-based guidance that are focused on measuring the impact, creating employee engagement platforms, and building tailored education and learning programs.

From a research standpoint, Rangarajan’s work explores how human psychological stressors influence digital decision-making. “Another ‘next step’ I’m passionate about is embedding the human element more deeply into cybersecurity education,” Rangarajan says. “I believe it’s critical that we equip the next generation with both technical knowledge and an understanding of human-centered principles.”

During the workshop, Rangarajan played an active role at identifying and building consensus around the challenges that organizations and stakeholders face when implementing human-centered cybersecurity. The focus shifted toward exploring potential solutions to address these challenges. The sessions were structured with guided discussions and interactive table-top exercises, which created a collaborative environment where everyone could contribute and exchange ideas.

Rangarajan’s research focuses on socio-technical systems, an interdisciplinary approach that examines how people and technology interact to accomplish shared goals by designing tools, processes, and organizations where both human and technical components are aligned and mutually supportive. It also explores socio-technical paradigms for technology adoption across individuals, organizations, communities, and broader societies.

She also brings more than two decades of leadership experience in information technology, including Fortune 100 global teams, where she gained insight into the human element that is often overlooked when deploying otherwise robust and resilient information technology systems.

“When this aspect is neglected, the consequences can be far-reaching, impacting both organizations and their stakeholders—from the professionals who develop and maintain these systems to the end-users who must adopt and rely on them,” she says. “The mission of the NIST Human-Centered Cybersecurity program is to deliver actionable guidance, build evidence, and bridge the gap between researchers and practitioners, which strongly aligns with my combined expertise as a scholar and industry leader.”