hero image
Professor Awais Rashid - University of Bristol. Bristol, , GB

Professor Awais Rashid Professor Awais Rashid

Professor of Cyber Security | University of Bristol


Tackling largescale cyber security and privacy attacks against systems serving society

Areas of Expertise (8)

IT Systems Protection

Computer Fraud

Security Vulnerabilities


Computer Science

Cyber Crimes

Cyber Criminals

Computer Scams


Professor Awais Rashid is based in the Department of Computer Science, where his research concerns the computer security of large connected infrastructures such as power supply systems, large scale manufacturing plants and water treatment systems. He also leads a national programme of research on protecting citizens online from privacy threats and online harms arising from cyber criminals. He studies why our critical infrastructure systems become vulnerable and the deception techniques used by cyber criminals. He has studied security of software and hardware systems deployed in critical services such as water supply, smart buildings and manufacturing. He has also explored different types of online crime, such as mass marketing fraud, insurance scams, fake online romances, and online grooming.

Professor Rashid is currently heading a centre training the next generation of doctoral researchers in cyber security of large-scale infrastructures. He is also directing the National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online. He is heading, as editor-in-chief, an international initiative called the Cyber Security Body of Knowledge, designed to embed stronger foundations for cyber security. He is also a Fellow of the Alan Turing Institute, chairs the Scientific Advisory Board of the EPSRC-NCSC Research Institute on Science of Cyber Security and is a member of the EPSRC Digital Economy Programme Advisory Board and the Scientific Advisory Board, National Research Center for Applied Cybersecurity (ATHENE), Germany.







Professor Awais Rashid on Cyber Security Introduction to Security Lancaster (Awais Rashid) Global Cyber Attack: Interview with Awais Rashid, Lancaster University



Media Appearances (3)

Twitter: hackers got a few accounts’ DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.

CyberWire  online


Twitter updates the news of last week’s incident: the attackers seem to have accessed some direct messages. France’s partial permission for Huawei to operate in that country now looks like a ban with a 2028 deadline. A quiet cryptominer. The cyber threat to British sport. Awais Rashid from the University of Bristol on cyber security and remote working. John Ford from IronNet Cybersecurity with updated 2020 predictions and cyber priorities. And bosses and employees see things differently, cyberwise.

view more

Watch: Is TikTok spying on me and should I be worried?

The Telegraph  online


The video-sharing app has been downloaded more than 2 billion times but now it's under fire for the data it collects from users.

view more

Himalayas-Born Cyber Tycoon Climbs Into World's Richest Club

Bloomberg  online


“The world runs on large-scale networks and data systems that are inherently complex and highly connected," said Awais Rashid, professor of cybersecurity at the University of Bristol in England. “If we can’t protect them or be confident in their integrity, it leads to serious problems for society at large."

view more

Articles (5)

"So if Mr Blue Head here clicks the link...": Risk thinking in cyber security decision making

Journal ACM Transactions on Privacy and Security

Ben Shreeve, Joseph Hallett, Matthew Edwards, Pauline Anthonysamy, Sylvain Frey, Awais Rashid


Cyber security decision making is inherently complicated, with nearly every decision having knock-on consequences for an organisation’s vulnerability and exposure. This is further compounded by the fact that decision-making actors are rarely security experts, and may have an incomplete understanding of the security that the organisation currently has in place. We study the risk thinking strategies employed by teams of participants in an existing data set derived from a tabletop cyber-physical systems security game.

view more

Automatically dismantling online dating fraud

IEEE Transactions on Information Forensics and Security

Guillermo Suarez-Tangil, Matthew Edwards, Claudia Peersman, Gianluca Stringhini, Awais Rashid, Monica Whitty


Online romance scams are a prevalent form of mass-marketing fraud in the West, and yet few studies have presented data-driven responses to this problem. In this type of scam, fraudsters craft fake profiles and manually interact with their victims. Because of the characteristics of this type of fraud and of how dating sites operate, traditional detection methods (e.g., those used in spam filtering) are ineffective. In this paper, we investigate the archetype of online dating profiles used in this form of fraud, including their use of demographics, profile descriptions, and images, shedding light on both the strategies deployed by scammers to appeal to victims and the traits of victims themselves.

view more

Skip, Skip, Skip, Accept!!! A Study on the Usability of Smartphone Manufacturer Provided Default Features and User Privacy

Proceedings on Privacy Enhancing Technologies

Marvin Ramokapane, Anthony C Mazeli, Awais Rashid


Smartphone manufacturer provided default features (e.g., default location services, iCloud, Google Assistant, ad tracking) enhance the usability and extend the functionality of these devices. Prior studies have highlighted smartphone vulnerabilities and how users’ data can be harvested without their knowledge. However, little is known about manufacturer provided default features in this regard - their usability concerning configuring them during usage, and how users perceive them with regards to privacy. To bridge this gap, we conducted a task-based study with 27 Android and iOS smart- phone users in order to learn about their perceptions, concerns and practices, and to understand the usability of these features with regards to privacy.

view more

The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game

IEEE Transactions on Software Engineering

Sylvain Frey, Awais Rashid*, Pauline Anthonysamy, Maria Pinto-Albuquerque, Syed Asad Naqvi


Stakeholders' security decisions play a fundamental role in determining security requirements, yet, little is currently understood about how different stakeholder groups within an organisation approach security and the drivers and tacit biases underpinning their decisions. We studied and contrasted the security decisions of three demographics-security experts, computer scientists and managers-when playing a tabletop game that we designed and developed.

view more

Scoping the Cyber Security Body of Knowledge

IEEE Security and Privacy

Awais Rashid, George Danezis, Howard Chivers, Emil Lupu, Andrew Martin, Makayla Lewis, Claudia Peersman


Cybersecurity is becoming an important element in curricula at all education levels. However, the foundational knowledge on which the field of cybersecurity is being developed is fragmented, and as a result, it can be difficult for both students and educators to map coherent paths of progression through the subject. The Cyber Security Body of Knowledge (CyBOK) project (www.cybok.org) aims to codify the foundational and generally recognized knowledge on cybersecurity.

view more