///////////////////////////////////////////////////////////////////////////////////
//
// CURRICULUM VITAE
//
// Sid Stamm, Ph.D.
//
// http://research.sidstamm.com
//
// 5500 Wabash Ave
// Terre Haute, IN 47803
//
///////////////////////////////////////////////////////////////////////////////////
Deeply technical educator, engineering manager, security and privacy
software architect, developer, and researcher.
__ EDUCATION __
2009 - Ph.D. Computer Science, Indiana University
Thesis: "Anticipating and Hardening the Web Against Socio-Technical Security Attacks"
2005 - M.S. Computer Science, Indiana University
Concentrations: Computer Security and Programming Language Design
2003 - B.S. Computer Science (honors), Rose-Hulman Institute of Technology
Thesis: "Mixed Nuts: Atypical Classroom Techniques for Computer Science Courses"
__ ACADEMIC APPOINTMENTS __
PROFESSOR
Rose-Hulman Institute of Technology
Department of Computer Science and Software Engineering
( Summer 2024 - Now )
ASSOCIATE PROFESSOR
Rose-Hulman Institute of Technology
Department of Computer Science and Software Engineering
( September 2015 - Summer 2024 )
Built cybersecurity program from ground up, including new interdisciplinary
Minor in Cybersecurity accessible to all our university's STEM students.
* Designed and deployed more than 8 courses in 8 years
* Continuously assess and improve curricular efficacy
* 150-200 students annually experience curriculum I've created
ADJUNCT ASSISTANT PROFESSOR
Indiana University
School of Informatics, Computing, and Engineering
( October 2014 - Now )
VISITING PART-TIME FACULTY
Rose-Hulman Institute of Technology
Department of Computer Science and Software Engineering
( December 2014 - May 2015 )
INSTRUCTOR / CURRICULUM DEVELOPMENT
Indiana University, Computer Science
( Summer 2004 ) - A201: Introduction to Programming with Java
TEACHING ASSISTANT
Indiana University, Computer Science
( Spring 2008 ) - C212: Programming in Java
( Fall 2005 ) - B548: Information Technology Essentials for Lawyers
( 2003 - 2004 ) - Multiple Introductory CS Classes
RESEARCH ASSISTANT
Indiana University
( Fall 2007 ) - "Distributed Phishing Attacks," Dr. Markus Jakobsson
( Spring 2007 ) - "Trawler Phishing," Dr. Steven A. Myers
( Spring 2005 ) - "Language Support for Morton Order Matrices," Dr. David Wise
VISITING RESEARCHER
University of Wollongong (Australia)
Smart Internet Technology CRC
( Feb-Jun 2006 ) - "SITDRM with Trusted Computing," Dr. Rei Safavi-Naini
__ INDUSTRY POSITIONS __
CYBER STRATEGY ADVISOR TO THE CISO
HP, Inc.
( Sep 2021 - August 2022 )
On sabbatical from Rose-Hulman, advising the Chief Information Security Officer
on software supply-chain security strategy and other special projects.
VISITING PROFESSOR, SECURITY RESEARCH
Brave Software
( June 2018 - August 2018 )
Investigated using machine learning techniques to identify potentially
malicious browser extensions.
* Identified method for vetting extensions for Brave (web browser)
* Specified, designed, and prototyped ranking classifier for browser extensions
* Worked with engineering to automate, operationalize, and deploy classifier
* Presented work at Brave Faculty Summit (Nov 2018 symposium)
PRINCIPAL ENGINEER, SECURITY AND PRIVACY
Mozilla Corporation
( August 2014 - July 2015 )
Lead architect and engineer on security and privacy for Firefox.
* Top advisor for executives on security and privacy topics
* Chief spokesperson for security and privacy issues
* Representative for Mozilla on discussions in standards groups
* Set technical direction and strategy for security and privacy engineering team
* Defined, implemented, maintained and improved core Firefox security features
SENIOR ENGINEERING MANAGER, SECURITY AND PRIVACY
Mozilla Corporation
( November 2011 - August 2014 )
Grew and focused team on building features to empower consumers with a safer web
and better choice and control over their data in their online lives.
* Defined team strategy and aligned team's work towards strategic goals
* Grew team by recruiting new hires and expanding team's work with volunteers
* Advised trade, standards and political groups on technology + public policy
* Defined, implemented, maintained and improved security feature code modules
PRINCIPAL SOFTWARE WHIZ
RavenWhite, Inc.
( January 2006 - May 2012 )
Active in limited part-time role
* Research & Development on products, prototypes, infrastructure management.
ENGINEERING MANAGER, PRIVACY
Mozilla Corporation
( October 2011 - November 2012 )
Built and leading team of software engineers with the mission to empower
people with better transparency, choice and control regarding how their data
is used and shared online.
* Feature work: Tracking Control, HTTPS improvements, fingerprint minimization
* Integrated HTTPS web searching, identity management, mobile OS controls
* Advocating public web standards and communication of best practices
* Built and deployed support system to help our engineers build privacy into
our products
* Played key role in guiding design and release of projects that collect and
use data about our users
SOFTWARE ENGINEER, SECURITY
Mozilla Corporation
( February 2009 - October 2011 )
Research and development of web and Internet security and privacy technologies
* Design, build and deploy web security features in Firefox (CSP, HSTS, etc)
* Design, build and deploy privacy initiatives (DNT, identity system, etc)
* Construct and deploy internal product privacy strategy for Firefox
* Represent Mozilla's interest in SSL- and privacy-related policy work
SOFTWARE ENGINEERING INTERN
Google
( May 2008 - September 2008 )
Designed and implemented Android platform security tools.
( May 2007-August 2007 )
Designed and implemented security and anti-fraud tools.
__ RESEARCH ADVISING __
2023 - Katharina Haggenmueller, "Examining the Safety of Biometric
Authentication" (B.S. Thesis)
2023 - Luke Lighthart, "Opportunistic Data Collection in Prospect
Enhancement Tools" (B.S. Thesis)
2021 - Cherise McMahon, "Reimagining Password Creation: Creating Strength
Through Prediction" (B.S. Thesis)
2019 - Cherise McMahon, "Bluetooth Location Privacy and Tracking"
(RSURF Grant-Funded Research)
2019 - Dylan Vener, "Privacy in an ML-enabled world" (B.S. Thesis)
2019 - Jack McClary, "Users don't do privacy risk analysis on social media."
(B.S. Thesis)
2017 - Connor Bade, "Bluetooth Location Privacy and Re-identification"
(RSURP Grant-Funded Research)
2016 - Samantha Staszak, "Privacy Protection Online: Measuring the Gap of
User Understanding" (B.S. Thesis)
2015 - Jake Patterson, "Investigating the Spatial Complexity of Various
PKE-PEKS Schemes"
(RSURP Grant-Funded Research)
__ ADVISORY ROLES __
Abine, Inc ( October 2013 - Now )
* Member of Technical Advisory Board
RavenWhite, Inc ( May 2012 - Now )
* Member of Technical Advisory Board
__ SELECT SPEAKING ENGAGEMENTS __
Invited Talk, US Air Force Academy Cybersecurity Seminar Series
4/2023 (XSS/Security)
Panelist, OWASP AppSec USA "Building next-gen Security Engineers"
9/2015 (Security)
Panelist, UC Berkeley ICSI "1984+30" Workshop 10/2014 (Privacy)
Panelist, NIST Privacy Engineering Workshop 9/2014 (Privacy)
Panelist, PETS Workshop 2013 (Privacy)
Invited Talk, PETools Workshop 2013 (Privacy)
Panelist, FTC Workshops on Data Collection 12/2012 and DNT 1/2012 (Privacy)
Panelist, WOOT 2012 (SSL/Security)
Panelist, RSA 2012 SSL Revocation panel (SSL/Security)
Keynote, hotPETS 2011 (Privacy)
Invited Talk, USENIX Security'10 (Security)
Invited Talk, 2005 ACM Computer Security/Privacy series, University
of Minnesota
__ SERVICE ACTIVITY __
PC Member, Conference, Usable Security and Privacy Symposium (2023)
PC Member, Conference, AsiaUSEC (2020)
PC Member, Conference, PST (2019, 2018, 2017)
PC Member, Conference, WWW (2017, 2014, 2012)
PC Member, Conference, USENIX Enigma (2016)
PC Member, Workshop, IEEE Web 2.0 Security & Privacy (2016, 2014)
Reviewer, Journal, IEEE Transactions on Dependable and Secure Computing (2015)
Reviewer, Magazine, IEEE Security & Privacy (Regular)
PC Member, Workshop, Usable Security (2012)
PC Meber, Conference, APWG eCrime Researchers Summit (2013, 2012)
__ HONORS AND AWARDS __
Prof of the Month, Delta Delta Delta (Gamma Pi) 2016
Doc Criss Best Senior Thesis/Project award, RHIT 2003
Rose-Hulman Presidential Scholarship, 1999-2003
Member, Upsilon Pi Epsilon (Computer Science)
Nominated Member, Pi Mu Epsilon (Mathematics)
Nominated Member, Iota Nu Phi (Informatics)
__ PUBLICATIONS __
"Desired Qualifications Sought in Entry Level Software Engineers.",
Sid Stamm. 2023. In Proceedings of the 54th ACM Technical Symposium on
Computing Science Education V. 1 (SIGCSE 2023), March 15-18, 2023, Toronto, ON,
Canada. ACM, New York, NY, USA, 7 pages.
"Understanding How People Weigh the Costs and Benefits of Using Facebook", Jack
McClary and Sid Stamm. 2021. In Proceedings of the 7th International Conference
on Information Systems Security and Privacy (ICISSP). Online, Streaming; 11-13
February, 2021. SCITEPRESS.
"The impact of changing homework frequency in a computer architecture course."
Micah Taylor, Sid Stamm, and Christine Taylor. 2018. Journal of Computing
Sciences in Colleges. 34, 1 (October 2018), 60-70.
"Injecting CSP for Fun and Security", Christoph Kerschbaumer, Sid Stamm, and
Stefan Brunthaler. 2nd International Conference on Information Systems Security
and Privacy (ICISSP) February 2016. Rome, Italy.
"Contextual identity: Freedom to be all your selves", Monica Chew and Sid
Stamm. Proceedings of the Workshop on Web 2.0 Security and Privacy, 2013
"Certified Lies: Detecting and Defeating Government Interception Attacks
against SSL (Short Paper)" In G. Danezis (Ed.) Proceedings of the Fifteenth
International Conference on Financial Cryptography and Data Security. February
2011, St. Lucia.
"Reining in the Web with Content Security Policy" In proceedings of the 19th
International World Wide Web Conference (WWW2010). April 26-30 2010. Raleigh,
NC,USA.
"Practice and Prevention of Home-Router Mid-Stream Injection Attacks", Steven
A. Myers and Sid Stamm. In proceedings of the 2008 APWG eCrime Researcher's
Summit. October 15-16, 2008. Atlanta, GA, USA.
Contributing author for portions of "Crimeware: Understanding New Attacks and
Defenses", Markus Jakobsson (Editor), Zulfikar Ramzan (Editor). Paperback, 608
pages. Addison-Wesley Professional, April 28, 2008. ISBN: 0321501950
"Drive-by Pharming" Sid Stamm, Zulfikar Ramzan, and Markus Jakobsson. In
Proceedings of Sihan Qing, Hideki Imai, Guilin Wang (Eds.): Information and
Communications Security, 9th International Conference (ICICS 2007), Zhengzhou,
China, December 12-15, 2007. Lecture Notes in Computer Science 4861 Springer
2008, ISBN 978-3-540-77047-3. Pages 495-506.
"Implementing Trusted Terminals with a TPM and SITDRM" Sid Stamm, Nicholas Paul
Sheppard, Reihaneh Safavi-Naini. In the First International Workshop on
Run-Time Enforcement for Mobile and Distributed Systems (REM'07).
"Fighting Unicode-Obfuscated Spam" Changwei Liu and Sid Stamm. In proceedings
of the 2007 APWG eCrime Researcher's Summit.
"Web Camouflage: Protecting Your Clients from Browser Sniffing Attacks," Markus
Jakobsson and Sid Stamm. In the IEEE Security & Privacy Magazine.
November/December 2007.
"Combatting Click Fraud via Premium Clicks," Ari Juels, Sid Stamm, and Markus
Jakobsson. Proceedings of the 16th USENIX Security Symposium, August 6-10 2007.
"Web 2.0 Security Position Paper: JavaScript Breaks Free!" Markus Jakobsson,
Zulfikar Ramzan and Sid Stamm. In the W2SP: Web 2.0 Security Workshop, held in
conjunction with the 2007 Symposium on Security and Privacy (Oakland'07). May
24, 2007.
Contributing author for portions of "Phishing and Countermeasures :
Understanding the Increasing Problem of Electronic Identity Theft", Markus
Jakobsson (Editor), Steven Myers (Editor). Hardcover, 739 pages. Wiley,
November 2006. ISBN: 978-0-471-78245-2
"Invasive Browser Sniffing and Countermeasures" Markus Jakobsson and Sid Stamm.
Proceedings of The 15th annual World Wide Web Conference, (WWW2006).
"Privacy-Preserving Polling using Playing Cards" Sid Stamm and Markus
Jakobsson. Cryptology ePrint Archive, Report 2005/444. 2005.
"Privacy on the Internet" Kay Connelly, Katie Moor, Tom Jagatic, Ashraf Khalil,
Yong Liu and Sid Stamm. Proceedings of WWW @ 10 Conference (www@10 '04), 2004.
"Java Engagement for Teacher Training: An Experience Report" Raja
Sooriamurtthi, Arijit Sengupta, Suzanne Menzel, Katie Moor, Sid Stamm, and Katy
Börner. Proceedings of the Frontiers in Education (FIE'04), 2004.
"Mixed Nuts: Atypical Classroom Techniques for Computer Science Courses" Sid
Stamm. ACM Crossroads issue 10.4, Summer 2004.