Welcome

Openings: I am looking for one highly motivated PhD student to join our research team. If you have a strong interest in privacy compliance and security of emerging AI-enabled systems, please email your CV and a brief self-introduction to xueqiang.wang@ucf.edu.

Xueqiang (Brandon) Wang is an Assistant Professor of Computer Science at University of Central Florida (UCF), where he is also a member of the Cyber Security and Privacy Cluster (CyberSP). Dr. Wang obtained his Ph.D. in 2021 from Indiana University Bloomington, and worked in security and privacy teams at Symantec Research Labs, NIO USA, and Amazon Lab126. Prior to that, he earned a Master’s degree (2015) from the Institute of Information Engineering, CAS, and a Bachelor’s degree (2012) from the University of Science and Technology of China.

Dr. Wang leads the Security and PRIvacy for smarT systems (SPIRIT) lab at UCF. His recent research focuses on the privacy compliance and supply chain security of real-world systems, spanning existing mobile and IoT applications as well as emerging AI-enabled software. Recently, driven by the goal of empowering both developers and users, he has worked on and gained increasing interest in building developer-centered solutions to mitigate security and privacy issues, and educating end users to prevent further harm.

These efforts have effectively guided the SPIRIT lab toward a series of interdisciplinary research projects at the intersection of Cybersecurity and Privacy, HCI, and Software Engineering:

Privacy Compliance: [S&P'26], [USENIX Security'24], [USENIX Security'23-A], [USENIX Security'23-B], [USENIX Security'23-C], [USENIX Security'21]
Understanding and Enabling Users / Developers: [USENIX Security'25], [CHI'25]
Security Analysis and Mitigations: [USENIX Security'23-B], [DSN'23], [USENIX Security'19], [CCS'20], [SP'19], [SP'16], [NDSS'18], [NDSS'18], [CCS'17], [NDSS'17], [NDSS'15], [ICISC'14]
Cybercrime Analysis: [EuroS&P'24], [USENIX Security'21], [TDSC'19], [USENIX Security'19]

News

(09/2025) One paper on privacy compliance analysis is accepted to S&P'26. Congratulations to Jingzhou and Fares.
(09/2025) Congrats to Jingzhou for receiving the FCI Student Scholarship!
(09/2025) I am invited to serve as a PC member of ACM CCS 2026.
(08/2025) Jingzhou presented our paper on software privacy compliance at USENIX Security 2025.
(06/2025) We received an SaTC EDU award for experiential learning of dark patterns in cybersecurity and privacy.
(06/2025) I am invited to serve as a PC member of USENIX Security 2026.
(05/2025) 21 STEM students across Florida completed our summer training for secure, resilient cyber-physical energy systems.
(04/2025) I am invited to serve as a PC member of NDSS 2026.
(03/2025) Thanks to the LIFE Gerontology Research Grant for supporting our research participants.
(03/2025) Our paper won the Best Paper Award at CHI 2025. Congrats to Jingzhou and the collaborators!
(03/2025) We (Dr. Yao Li and I) gave a talk about dark patterns to the Learning Institute for Elders (LIFE) at UCF.
(02/2025) Thanks to UCF Seed Funding for supporting our research on educating older adults about cyber threats!
(01/2025) One paper is accepted to CHI 2025. Congrats to Jingzhou and collaborators!
(10/2024) I am invited to serve as a PC member of ACM CCS 2025.
(09/2024) One paper on software privacy compliance is accepted to USENIX Security 2025.
(08/2024) I am invited to serve as a PC member of AsiaCCS 2025.
(08/2024) I am invited to serve as a PC member of USENIX Security 2025.
(05/2024) Together with colleagues at FAU, USF, and FIU, we provided a 9-day summer training for secure, resilient cyber-physical energy systems.
(05/2024) One paper on the privacy compliance risks of the software supply chain is accepted to USENIX Security 2024. Congrats to Yifan and Zhaojie.
(03/2024) One paper on a new authentication method for voice-enabled IoT devices is accepted to IoT-J. Congrats to Sungbin (Bill).
(02/2024) One paper on the analysis of fake evidence (or misinformation) generators is accepted to EuroS&P 2024. Congrats to Zhaojie and Jingzhou.
(12/2023) I am invited to serve as a PC member of ACM CCS 2024.
(10/2023) I will serve as the co-registration chair for ACM CCS 2024.
(09/2023) NSF awarded our collaborative grant led by FAU through the CyberTraining program.
(08/2023) I am invited to serve as a PC member of EuroS&P 2024.
(08/2023) Welcome Jingzhou and Zhaojie to the team!
(07/2023) I will introduce cybersecurity and privacy to 8th-11th graders at UCF Camp Connect I.
(04/2023) Our paper on mobile dark user interface patterns is accepted to DSN 2023.
(03/2023) Our paper on mobile supply chain security is accepted to USENIX Security 2023.
(09/2022) Our paper on analyzing IoT data exposure is accepted to USENIX Security 2023.
(07/2022) Our paper on the security of exposed cloud services is accepted to USENIX Security 2023.
(07/2022) I am invited to serve as a PC member of ACNS 2023.
(03/2022) I will join UCF as a tenure-track assistant professor in fall 2022.
(09/2021) I will serve as a reviewer of IEEE Security & Privacy.
(01/2021) I will serve as a reviewer of ACM Transactions on Privacy and Security.
(12/2020) Our paper about malicious cross-library data harvesting (XLDH) attack is accepted by USENIX Security'21.
(06/2020) Our paper about the app-in-app paradigm was accepted by CCS'20
(04/2020) I have joined Amazon Lab126.