Serge Egelman - Résumé Contact Information: Serge Egelman 612 S. Dallas Avenue Pittsburgh, PA 15217 USA Mobile Phone: (434) 227-1337 Email: serge@guanotronic.com Education: PhD student in Computation, Organizations, and Society, Expected May 2009 School of Computer Science, Carnegie Mellon University BS in Computer Engineering, May 2004 School of Engineering and Applied Science, University of Virginia Publications: Lorrie Cranor, Serge Egelman, Steve Sheng, Aleecia McDonald, Abdur Chowdhury. "P3P Deployment on Websites". To be published in Electronic Commerce Research and Applications. 2008. Serge Egelman, Lorrie Cranor, Jason Hong. "You've Been Warned: An Empirical Study on the Effectiveness of Web Browser Phishing Warnings". CHI '08: Proceedings of the SIGCHI conference on Human Factors in Computing Systems (Best Paper Nominee). 2008. Janice Tsai, Serge Egelman, Lorrie Cranor, Alessandro Acquisti. "The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study". Workshop on the Economics of Information Security (WEIS). June 2007. Serge Egelman, Jen King, Robert C. Miller, Nick Ragouzis, Erika Shehan. "Security User Studies: Methodologies and Best Practices". CHI '07 Extended Abstracts on Human Factors in Computing Systems. April 2007. Lorrie Faith Cranor, Serge Egelman, Jason Hong, Yue Zhang. "Phinding Phish: An Evaluation of Anti-Phishing Toolbars". NDSS: Proceedings of the ISOC Symposium on Network and Distributed System Security. Originally published as CyLab Technical Report CMU-CYLAB-06-018. February 2007. Janice Tsai, Serge Egelman. " Conference Report: SOUPS 2006". IEEE Security & Privacy. November/December 2006. Serge Egelman, Lorrie Faith Cranor, Abdur Chowdhury. " An Analysis of P3P-Enabled Web Sites among Top-20 Search Results". Proceedings of the Eighth International Conference on Electronic Commerce. August 2006. Julia Gideon, Serge Egelman, Lorrie Cranor, Alessandro Acquisti. "Power Strips, Prophylactics, and Privacy, Oh My!". Proceedings of the 2006 Symposium On Usable Privacy and Security. July 2006. Serge Egelman, Janice Tsai, Lorrie Cranor, Alessandro Acquisti. "Studying The Impact of Privacy Information on Online Purchase Decisions". Workshop on Privacy and HCI: Methodologies for Studying Privacy Issues at CHI2006. April 2006. Serge Egelman, Lorrie Faith Cranor. " The Real ID Act: Fixing Identity Documents with Duct Tape". I/S: A Journal of Law and Policy for the Information Society. Fall/Winter 2005. Kevin Butler, Ming Chow, Jonathon Duerig, Serge Egelman, Boniface Hicks, Francis Hsu, Stefan Kelm, Mohan Rajagopalan. "Conference Report: 14th USENIX Security Symposium". ;login:. December 2005. Serge Egelman, Ponnurangam Kumaraguru. "Report on DIMACS Workshop and Working Group on Usable Privacy and Security Software". January 2005. Alvin AuYoung, Eric Cronin, Marc Dougherty, Serge Egelman, Rachel Greenstadt, Stefan Kelm, Zhenkai Liang, Chad Mano, Nick Smith, Ashish Raniwala, Tara Whalen, Wei Xu. "Conference Report: 13th USENIX Security Symposium". ;login:. December 2004. Serge Egelman. "Suing Spammers for Fun and Profit". ;login:. April 2004. Serge Egelman. "Is The OSS Model Failing?". Editorial on Linux.com. 2000. Serge Egelman. "Installation". Peter Norton's Complete Guide to Linux. Macmillan Computer Publishing. 1999. Serge Egelman. "User Administration". Peter Norton's Complete Guide to Linux. Macmillan Computer Publishing. 1999. Skills: Research Interests: Software engineering, Privacy technologies, Security technologies, Usability. Technical Skills: Perl, C/C++, Java, PHP, Bourne shell scripting, C#, HTML. System Administration: UNIX (primarily *BSD, Linux, OS X), Windows, Apache, MySQL, Sendmail, CUPS. Employment History: Researcher Carnegie Mellon University June 2004-Present Currently a PhD student in the Computation, Organizations, and Society program at CMU, I am advised by Prof. Lorrie Cranor. I work primarily on privacy policy and usable privacy and security systems. Current areas that I work in include creating more effective web browser trust indicators, creating usable P3P tools, Internet anonymity, and detection and prevention of phishing attacks. My accepted dissertation proposal was entitled "Trust Me: Designing Trustworthy Trust Indicators." My committee consists of Lorrie Cranor (chair), Jim Herbsleb, Jason Hong, and Steve Bellovin (Columbia U.). Research Intern Xerox PARC June 2006-September 2006 During the summer of 2006 I worked in the Computer Science Lab (CSL) at PARC. My main focus was on malware detection using virtualization. The project involved creating a Windows kernel driver that would intercept system calls (like a rootkit) on the guest operating system, and then reporting back the state of the guest to the host. Additional work focused on writing security mechanisms to protect code running under a virtual machine. Researcher University of Virginia May 2003-December2003 I worked as a researcher in Professor Jorg Liebeherr's Multimedia Networks Group, in the Department of Computer Science. Specifically I was working on Hypercast, which is an application-layer multicast overlay network. I was involved in designing and implementing an encryption and authentication mechanism, content delivery optimizations, as well as an XML-based configuration utility. All of this work was done in Java under both Linux and Windows. Researcher University of Virginia 2002 I worked as a researcher in Professor John Knight's Network Survivability Research Group, in the Department of Computer Science. This group mainly worked on creating fault resistant networks that could detect and recover from attacks. My main role was developing a network visualizer that took inputs from a variety of sensors (mainly intrusion detection systems and packet loggers), and made it easy for a network administrator to literally see all the data and thus be warned about irregularities. Most of the work was done in Java using VTK to program the OpenGL front-end. Developer Tovaris: The Digital Identity Company 2000-2001 I worked part time doing development in C++ for the Mithril Secure Server (an encrypted email solution). I mostly wrote CGI code for administering the servers from a front-end, although I did do some work on the back-end. This involved getting very familiar with the OpenSSL libraries. Most of the development was done under OpenBSD, using g++, though I also did some work in perl. System Administrator EarthSystems.org 2000-2002 I worked remotely as a part-time system administrator. My duties included maintaining DNS, Apache, and Sendmail under FreeBSD. I also troubleshooted the systems and answered technical questions. Technical Support / Developer / System Administrator Broadband Network Services, Inc. 1999-2000 I handled all of the technical support questions via telephone and e-mail. I maintained and administrated all of our databases using MySQL. This included setting up new database customers, adding and removing databases, and maintaining MySQL. I used PHP, Perl, and bash to write scripts to aid in system administration and to automate other common tasks. I handled most of the website development that we were hired to do; this included writing scripts, HTML, and database management. My administrative responsibilities included maintaining our primary and secondary DNS, sendmail, apache, and PHP. I also aided in creating and removing accounts, setting up new virtual hosts, setting up and maintaining network monitoring, and maintaining hardware; this included building and configuring computers. Author Waterside Prodctions, Inc. 1999 I was hired by Waterside Productions (Peter Norton's literary agent) to write two chapters for their book, Peter Norton's Complete Guide to Linux. The chapters were entitled "Installation" and "User Administration", the book was published in October of 1999 by Macmillan Computer Publishing. Professional Memberships and Activities: Invited Expert World Wide Web Consortium (W3C) 2007-Present Web Security Context (WSC) Working Group Poster Session Co-Chair Anti-Phishing Working Group eCrime Researchers Summit 2007 Program Committee CHI 2007 Workshop - Security User Studies: Methodologies and Best Practices 2007 Program Committee Computers, Freedom, and Privacy (CFP) Conference 2006 Legislative Concerns Chair, Board of Directors National Association of Graduate and Professional Students 2006-Present Vice President for External Affairs Carnegie Mellon University Graduate Student Assembly 2006-Present Discussion Sessions Chair Symposium on Usable Privacy and Security (SOUPS) 2005 Invited Expert World Wide Web Consortium (W3C) 2004-2006 The Platform for Privacy Preferences (P3P) 1.1 Working Group Member Association for Computing Machinery 2004-Present Member USENIX 2004-Present Member American Civil Liberties Union 2001-Present Awards: * Tor Graphical User Interface Design Competition, 2006 Phase 1 Overall Winner * USENIX Student Stipend Recipient, USENIX, 2005 I was awarded a student stipend to attend the 2005 USENIX Security Conference in Baltimore, MD. * USENIX Student Stipend Recipient, USENIX, 2004 I was awarded a student stipend to attend the 2004 USENIX Security Conference in San Diego, CA. * USENIX Student Stipend Recipient, USENIX, 2003 I was awarded a student stipend to attend the 2003 USENIX Security Conference in Washington, DC. * University of Virginia Dean's List of Scholars I was included on the Spring 2003 and 2004 Dean's List of Scholars. * Publisher's Clearing House Finalist I may already be a winner. Last modified October 2007.