We are in an age of regular news stories about vulnerabilities in organization IT being exploited, for theft of customer data or injection of malware and ransomware. The costs seem to be rising, yet organizations do not still appear to be patching their IT systems, and keeping software up-to-date.
The reality is that organizations face a painful dilemma: patch too soon and incur potential downtime and failures; patch too late and get compromised by attacks. As a result, organizations take a long time to patch even critical security vulnerabilities. The way to get out of this catch-22 is to radically change the risk governance of patching. That is the objective of the NWO-funded THESEUS project.
In this project, we work with real-world partner organizations, such as KLM-AirFrance, Rijkswaterstaat, City of Amsterdam, City of The Hague, KPN, CyberSprint, and the National Cyber Security Center. We engage with risk management and patch management professionals to understand the challenges they face. We will also engage with organization decision-makers and the wider workforce to rationalize their perspective on the benefits and disruptions of keeping systems patched in a timely manner. This work will complement efforts at partner universities to explore automatic vulnerability and patch triaging, risk profiling, and legal instruments such as incentive mechanisms.
We are looking for a motivated researcher interested in collecting and analyzing various types of data from within the partner organizations—such as interviews, surveys, ticketing systems, and incident logs—to understand the organizational and technical practices around patching.
Your degree and experiences could be from social science or an interdisciplinary program, but also from information system, telecommunications or computer science. You could have a background in social and organizational research and be willing to learn about the technical factors at play. Or vice versa: you could be a technically trained person with an interest in the social aspects. You would work in close collaboration with researchers from computer science and social science disciplines.
The candidate will be part of an interdisciplinary team of over 20 scientists who jointly research cybersecurity issues. The team consists of people from different disciplines, countries, and backgrounds. Your project also offers the unique opportunity to collaborate with real-world companies in government, healthcare, and various other sectors, within which we, for example, would work closely with security managers and IT management teams. We also work with government organizations and leading solutions providers who are developing policies and practices for organizations. The candidate will have the opportunity to present their work at international conferences, to conduct research abroad and to collaborate with the world’s leading researchers working towards a secure digital future.
– In possession or expect to obtain a master of Science (MSc) or equivalent, in a field that would enable you to undertake some of the research activities outlined above. This could mean a degree in a social science / behavioural science / organisational science; or a degree from an interdisciplinary field like business informatics / business administration / systems engineering / management of technology; or a degree in computer science with work in the area of human factors.
– English language skills
– Dutch is a plus because we will conduct interviews with employees of Dutch organizations
– Good academic writing skills and excellent communication skills
– Being able to organize your work independently
– Curious and critical mind
– Can work together in an interdisciplinary team
Conditions of employment
TU Delft offers PhD-candidates a 4-year contract, with an official go/no go progress assessment after one year. Salary and benefits are in accordance with the Collective Labour Agreement for Dutch Universities, increasing from € 2434 per month in the first year to € 3111 in the fourth year. As a PhD candidate you will be enrolled in the TU Delft Graduate School. The TU Delft Graduate School provides an inspiring research environment with an excellent team of supervisors, academic staff and a mentor. The Doctoral Education Programme is aimed at developing your transferable, discipline-related and research skills.
The TU Delft offers a customisable compensation package, discounts on health insurance and sport memberships, and a monthly work costs contribution. Flexible work schedules can be arranged. For international applicants we offer the Coming to Delft Service and Partner Career Advice to assist you with your relocation.
TU Delft (Delft University of Technology)
Delft University of Technology is built on strong foundations. As creators of the world-famous Dutch waterworks and pioneers in biotech, TU Delft is a top international university combining science, engineering and design. It delivers world class results in education, research and innovation to address challenges in the areas of energy, climate, mobility, health and digital society. For generations, our engineers have proven to be entrepreneurial problem-solvers, both in business and in a social context. At TU Delft we embrace diversity and aim to be as inclusive as possible (see our Code of Conduct). Together, we imagine, invent and create solutions using technology to have a positive impact on a global scale.
Challenge. Change. Impact!