Dr Nalin Asanka Gamagedara Arachchilage



Nalin Asanka Gamagedara Arachchilage is a Lecturer in Cyber Security and Privacy (Usable Security and Privacy) in the School of Computer Science at the University of Auckland, New Zealand. He is also an Honorary Associate Professor in Cyber Security at the University of Warwick, UK. 

Previously, he was a Senior Research Fellow (Research Associate Professor in the USA - from 2019 to 2021) in Cyber Security in the Department of Computer Science and Information Technology at La Trobe University, Australia. Before joining La Trobe, Nalin worked as a Lecturer in Cyber Security (from 2015 to 2019) and then a Visiting Researcher (2019 - 2021) in the School of Engineering and Information Technology of the University of New South Wales at the Australian Defence Force Academy (ADFA), where he led the Usable Security Engineering research group. 

Nalin holds a PhD in Computer Science (Cyber Security) from Brunel University London, UK, where he developed a game design framework for teaching people how to protect themselves from phishing attacks. At Oxford University, he cut his teeth as a Postdoctoral Researcher in Systems Security Engineering (2013 - 2014) in the Department of Computer Science and then joined the University of British Columbia (UBC), Canada as Postdoctoral Research Fellow in Usable Security and Privacy (2014 - 2015).

Nalin's primary research interests are at the intersection of computer security, human-computer interaction (HCI), software engineering, Information systems security and serious games, in an area known as usable security and privacy engineering. 

In his research, he applies HCI methods and concepts to the Cyber Security and Privacy domain. He also works on Secure Software Engineering (i.e., developer-centred) and Machine Learning for Cyber/Usable Security, specifically threat modelling through the cybercriminals' and end users' behavioural analysis. Nalin's research is inter-disciplinary in nature and has published numerous articles at the world’s leading conferences and high-impact journals. Notably, Nalin's recent research work has contributed ("i.e., Global impact") to improving the OWASP Enterprise Security API and its Javadoc for the ESAPI Encoder interface - this will appear in their ESAPI release [https://owasp.org]

Nalin has presented his research at Facebook Headquarters, Menlo Park, California, USA and collaborated with HP in a research capacity at the HP Lab, Bristol, UK. His research has been featured in numerous media outlets including ABC TV News, Sky TV News Australia, ABC News Radio, WIN TV Australia, 2GB 873 AM Radio, SYN Radio 90.7 FM, Daily show on Radio 2SER 107.3, Choice - Australia, Guardian labs (sponsored by Intel Corporation, Australia) and UNSW TV. He has been an invited speaker for conferences both nationally and internationally.

Nalin also worked on a number of "Visiting/Sessional" lecturing positions in Computer Science in the UK (Brunel University London, University of Bedfordshire, Westminster University, and Central Bedfordshire College), Canada (University of British Columbia), and Australia (Deakin University, Victoria University, and Central Queensland University (CQUniversity).

Nalin has extensive teaching experience across all levels of teaching in relatively small (size of cohort: 20) and large classes (size of cohort more than 250). Notably, he developed, delivered and managed the curriculum for several courses from scratch (ZEIT3120 Programming for Security, ZEIT8036 Humans and Security and ZEIT8037 Cyber Security Risk Management) at the University of New South Wales (Australian Defence Force Academy). He was the course convener for the ZEIT8029 Network and Mobile Device Forensics in 2016. Besides, Nalin took up the course convener role of the Bachelor of Computing and Cyber Security (Honours) programme (i.e., Chief of Army honours students) at the UNSW/ADFA in 2017 and 2018, in which he took a leadership role in developing and managing the entire course from scratch.

Nalin obtained a BSc (MIS) Hons from University College Dublin, National University of Ireland, and has completed a master's degree, MSc Information Management and Security at the University of Bedfordshire, UK. He is a Sun Certified Java Programmer (SCJP) at Sun Microsystems (now Oracle), USA.

*** "If you are a good student, keen to be supervised your research project (PhD, Master's or Honours) in the area of cybersecurity, please feel free to get in touch with Dr Nalin A.G. Arachchilage on nalin.arachchilage@auckland.ac.nz" ***

Research | Current

Cyber Security, Usable Security and Privacy, Information Systems Security, Human-Computer Interaction, Software Security Engineering, Secure Programming, Cyber Security Education, and Serious Games 

Teaching | Current

COMPSCI 316 - Cyber Security [Lecturer]

COMPSCI 702 - Security for Smart-Devices [Lecturer]

COMPSCI 726 - Network Defence and Countermeasures [Lecturer]

COMPSCI 1000 MC - Cyber Forensics and Security [Course Coordinator and Lecturer]

COMPSCI 789 A and B - BSc (Hons) Dissertation [Deputy Honours Coordinator]

Postgraduate supervision

Completed Student Supervisions:

1. Awanthika Senarath, University of New South Wales (UNSW)  [Dean's Award for Outstanding Ph.D. Theses] [Primary Supervisor]

Ph.D. Thesis Title: Embedding Privacy into Software Systems: A Privacy Engineering Methodology for Data Minimisation.

2. Chamila Wijayarathna, University of New South Wales (UNSW)  [Primary Supervisor]

Ph.D. Thesis Title: Developing a systematic approach to evaluate the usability of security APIs.

3. Han Ayshan, University of New South Wales (UNSW)  [Co-Supervisor]

Ph.D. Thesis Title: Investigating how promotional and storytelling aspects of video game trailers encourage violence.

4. Gitanjali Baral, University of New South Wales (UNSW) [Primary Supervisor]

MPhil Thesis Title: Building Confidence not to be Phished: Conceptualising User's Self-Efficacy In Phishing Threat Avoidance Behaviour

5. Peter Newman, University of New South Wales (UNSW) [Primary Supervisor]

MPhil Thesis Title: Understanding How Social Media Application Design Artefacts Can Influence Cyberbullying Avoidance Behaviour

6. Tatyana Stojnic, La Trobe University, Australia [Primary Supervisor]

MSc Thesis Title: Understanding the Strategy of Leveraging Phishing Attacks: A Phishing email perspective


2021: A project Nalin led improved OWASP Enterprise Security API and its Javadoc for the ESAPI Encoder interface - this will appear in their ESAPI release [https://owasp.org]

2018: Best Paper Award at EASE [International Conference on Evaluation and Assessment in Software Engineering - CORE Rank A]

2016: Nominated for the Cyber Security Educator of the Year Award by the Australian Information Security Association

2014: Developed a trust domain platform for sharing (sensitive) data at HP Laboratory in Bristol.

Committees/Professional groups/Services

2022: USENIX SOUPS [Programme Committee - PC]

2022, 2021: ACM CSCW [Associate Chair (AC) - "security and privacy track"]

2021: SOUPS [Karat Award Chair]

2021, 2020, 2019, 2018: ACM CHI [Reviewer - "security and privacy track"]

2020: SOUPS [Mentor for Doctoral Students]

2020: ACM CSCW [Reviewer - "security and privacy track"]

2020: MISQ Journal [Reviewer - "security and privacy track"]

2020, 2015, 2014: Computers & Security, Elsevier [Reviewer]

2019, 2018: ACM CHI [Reviewer - "security and privacy track"]

2019, 2018: SOUPS [Publicity Co-Chair]

2019: Frontiers in Psychology [Associate Editor "cyber security behaviour track"]

2019: ACM EASE [Poster Chair]

2019: ACM CHI [Associate Chair - "security and privacy track"]

2019: USENIX SOUPS [Programme Committee - PC]

2019: SOUPS [Reviewer]

2018: ICIS [Reviewer - "security and privacy track"]

2018: WSIW [PC Committee]

2018: WSIW [Reviewer]

2017: External Advisory Forum (EAF), UNSW and Australian Defence Force Academy [Board Member]

2017: International Conference on Cyber Security Education at UNSW/ADFA [Conference organiser with Professor Greg Austin]

2017: Academic Recruitment at UNSW [Selection Panel]

2017: OzCHI [Demos and Work in Progress Chair]

2017, 2016: IEEE International Requirements Engineering Conference [Workshop PC Committee]

2016: ACISP [Publicity Chair]

2018, 2017, 2016: Computers in Human Behavior [Reviewer - "security and privacy track"]

2015, 2014: IEEE Symposium on Security and Privacy [Sub-Reviewer]

2015: International Journal of Human-Computer Studies [Reviewer - "security and privacy track"]

2015, 2014: UBC Postdoctoral Association [Executive Team Member]

2014: Software Quality Journal, Springer [Reviewer - "security and privacy track"]

2013: British HCI [Technical Chair]

2012: Computers and Education [Reviewer -  "security and privacy track"]

Contact details

Primary office location

SCIENCE CENTRE 303 - Bldg 303
Level 4, Room 409
New Zealand

Social links