Serge Egelman - Résumé

Education

PhD student in Computation, Organizations, and Society, Expected May 2009
School of Computer Science, Carnegie Mellon University
BS in Computer Engineering, May 2004
School of Engineering and Applied Science, University of Virginia

Publications

Lorrie Cranor, Serge Egelman, Steve Sheng, Aleecia McDonald, Abdur Chowdhury. "P3P Deployment on Websites". To be published in Electronic Commerce Research and Applications. 2008.
Serge Egelman, Lorrie Cranor, Jason Hong. "You've Been Warned: An Empirical Study on the Effectiveness of Web Browser Phishing Warnings". CHI '08: Proceedings of the SIGCHI conference on Human Factors in Computing Systems (Best Paper Nominee). 2008.
Janice Tsai, Serge Egelman, Lorrie Cranor, Alessandro Acquisti. "The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study". Workshop on the Economics of Information Security (WEIS). June 2007.
Serge Egelman, Jen King, Robert C. Miller, Nick Ragouzis, Erika Shehan. "Security User Studies: Methodologies and Best Practices". CHI '07 Extended Abstracts on Human Factors in Computing Systems. April 2007.
Lorrie Faith Cranor, Serge Egelman, Jason Hong, Yue Zhang. "Phinding Phish: An Evaluation of Anti-Phishing Toolbars". NDSS: Proceedings of the ISOC Symposium on Network and Distributed System Security. Originally published as CyLab Technical Report CMU-CYLAB-06-018. February 2007.
Janice Tsai, Serge Egelman. " Conference Report: SOUPS 2006". IEEE Security & Privacy. November/December 2006.
Serge Egelman, Lorrie Faith Cranor, Abdur Chowdhury. " An Analysis of P3P-Enabled Web Sites among Top-20 Search Results". Proceedings of the Eighth International Conference on Electronic Commerce. August 2006.
Julia Gideon, Serge Egelman, Lorrie Cranor, Alessandro Acquisti. "Power Strips, Prophylactics, and Privacy, Oh My!". Proceedings of the 2006 Symposium On Usable Privacy and Security. July 2006.
Serge Egelman, Janice Tsai, Lorrie Cranor, Alessandro Acquisti. "Studying The Impact of Privacy Information on Online Purchase Decisions". Workshop on Privacy and HCI: Methodologies for Studying Privacy Issues at CHI2006. April 2006.
Serge Egelman, Lorrie Faith Cranor. " The Real ID Act: Fixing Identity Documents with Duct Tape". I/S: A Journal of Law and Policy for the Information Society. Fall/Winter 2005.
Kevin Butler, Ming Chow, Jonathon Duerig, Serge Egelman, Boniface Hicks, Francis Hsu, Stefan Kelm, Mohan Rajagopalan. "Conference Report: 14th USENIX Security Symposium". ;login:. December 2005.
Serge Egelman, Ponnurangam Kumaraguru. "Report on DIMACS Workshop and Working Group on Usable Privacy and Security Software". January 2005.
Alvin AuYoung, Eric Cronin, Marc Dougherty, Serge Egelman, Rachel Greenstadt, Stefan Kelm, Zhenkai Liang, Chad Mano, Nick Smith, Ashish Raniwala, Tara Whalen, Wei Xu. "Conference Report: 13th USENIX Security Symposium". ;login:. December 2004.
Serge Egelman. "Suing Spammers for Fun and Profit". ;login:. April 2004.
Serge Egelman. "Is The OSS Model Failing?". Editorial on Linux.com. 2000.
Serge Egelman. "Installation". Peter Norton's Complete Guide to Linux. Macmillan Computer Publishing. 1999.
Serge Egelman. "User Administration". Peter Norton's Complete Guide to Linux. Macmillan Computer Publishing. 1999.

Skills

Research Interests: Software engineering, Privacy technologies, Security technologies, Usability.

Technical Skills: Perl, C/C++, Java, PHP, Bourne shell scripting, C#, HTML.

System Administration: UNIX (primarily *BSD, Linux, OS X), Windows, Apache, MySQL, Sendmail, CUPS.

Employment History

Researcher
Carnegie Mellon University
June 2004-Present

Currently a PhD student in the Computation, Organizations, and Society program at CMU, I am advised by Prof. Lorrie Cranor. I work primarily on privacy policy and usable privacy and security systems. Current areas that I work in include creating more effective web browser trust indicators, creating usable P3P tools, Internet anonymity, and detection and prevention of phishing attacks. My accepted dissertation proposal was entitled "Trust Me: Designing Trustworthy Trust Indicators." My committee consists of Lorrie Cranor (chair), Jim Herbsleb, Jason Hong, and Steve Bellovin (Columbia U.).

Research Intern
Xerox PARC
June 2006-September 2006

During the summer of 2006 I worked in the Computer Science Lab (CSL) at PARC. My main focus was on malware detection using virtualization. The project involved creating a Windows kernel driver that would intercept system calls (like a rootkit) on the guest operating system, and then reporting back the state of the guest to the host. Additional work focused on writing security mechanisms to protect code running under a virtual machine.

Researcher
University of Virginia
May 2003-December2003

I worked as a researcher in Professor Jorg Liebeherr's Multimedia Networks Group, in the Department of Computer Science. Specifically I was working on Hypercast, which is an application-layer multicast overlay network. I was involved in designing and implementing an encryption and authentication mechanism, content delivery optimizations, as well as an XML-based configuration utility. All of this work was done in Java under both Linux and Windows.

Researcher
University of Virginia
2002

I worked as a researcher in Professor John Knight's Network Survivability Research Group, in the Department of Computer Science. This group mainly worked on creating fault resistant networks that could detect and recover from attacks. My main role was developing a network visualizer that took inputs from a variety of sensors (mainly intrusion detection systems and packet loggers), and made it easy for a network administrator to literally see all the data and thus be warned about irregularities. Most of the work was done in Java using VTK to program the OpenGL front-end.

Developer
Tovaris: The Digital Identity Company
2000-2001

I worked part time doing development in C++ for the Mithril Secure Server (an encrypted email solution). I mostly wrote CGI code for administering the servers from a front-end, although I did do some work on the back-end. This involved getting very familiar with the OpenSSL libraries. Most of the development was done under OpenBSD, using g++, though I also did some work in perl.

System Administrator
EarthSystems.org
2000-2002

I worked remotely as a part-time system administrator. My duties included maintaining DNS, Apache, and Sendmail under FreeBSD. I also troubleshooted the systems and answered technical questions.

Technical Support / Developer / System Administrator
Broadband Network Services, Inc.
1999-2000

I handled all of the technical support questions via telephone and e-mail. I maintained and administrated all of our databases using MySQL. This included setting up new database customers, adding and removing databases, and maintaining MySQL. I used PHP, Perl, and bash to write scripts to aid in system administration and to automate other common tasks. I handled most of the website development that we were hired to do; this included writing scripts, HTML, and database management. My administrative responsibilities included maintaining our primary and secondary DNS, sendmail, apache, and PHP. I also aided in creating and removing accounts, setting up new virtual hosts, setting up and maintaining network monitoring, and maintaining hardware; this included building and configuring computers.

Author
Waterside Prodctions, Inc.
1999

I was hired by Waterside Productions (Peter Norton's literary agent) to write two chapters for their book, Peter Norton's Complete Guide to Linux. The chapters were entitled "Installation" and "User Administration", the book was published in October of 1999 by Macmillan Computer Publishing.

Professional Memberships and Activities

Invited Expert
World Wide Web Consortium (W3C)
2007-Present
Web Security Context (WSC) Working Group
Poster Session Co-Chair
Anti-Phishing Working Group eCrime Researchers Summit
2007
Program Committee
CHI 2007 Workshop - Security User Studies: Methodologies and Best Practices
2007
Program Committee
Computers, Freedom, and Privacy (CFP) Conference
2006
Legislative Concerns Chair, Board of Directors
National Association of Graduate and Professional Students
2006-Present
Vice President for External Affairs
Carnegie Mellon University Graduate Student Assembly
2006-Present
Discussion Sessions Chair
Symposium on Usable Privacy and Security (SOUPS)
2005
Invited Expert
World Wide Web Consortium (W3C)
2004-2006
The Platform for Privacy Preferences (P3P) 1.1 Working Group
Member
Association for Computing Machinery
2004-Present
Member
USENIX
2004-Present
Member
American Civil Liberties Union
2001-Present

Awards

Tor Graphical User Interface Design Competition, 2006
Phase 1 Overall Winner
USENIX Student Stipend Recipient, USENIX, 2005
I was awarded a student stipend to attend the 2005 USENIX Security Conference in Baltimore, MD.
USENIX Student Stipend Recipient, USENIX, 2004
I was awarded a student stipend to attend the 2004 USENIX Security Conference in San Diego, CA.
USENIX Student Stipend Recipient, USENIX, 2003
I was awarded a student stipend to attend the 2003 USENIX Security Conference in Washington, DC.
University of Virginia Dean's List of Scholars
I was included on the Spring 2003 and 2004 Dean's List of Scholars.
Publisher's Clearing House Finalist
I may already be a winner.

Last modified October 2007.