/////////////////////////////////////////////////////////////////////////////////// // // CURRICULUM VITAE // // Sid Stamm, Ph.D. // // stammsl@rose-hulman.edu // http://research.sidstamm.com // // 5500 Wabash Ave // Terre Haute, IN 47803 // /////////////////////////////////////////////////////////////////////////////////// Deeply technical educator, engineering manager, security and privacy software architect, developer, and researcher. __ EDUCATION __ 2009 - Ph.D. Computer Science, Indiana University Thesis: "Anticipating and Hardening the Web Against Socio-Technical Security Attacks" 2005 - M.S. Computer Science, Indiana University Concentrations: Computer Security and Programming Language Design 2003 - B.S. Computer Science (honors), Rose-Hulman Institute of Technology Thesis: "Mixed Nuts: Atypical Classroom Techniques for Computer Science Courses" __ ACADEMIC APPOINTMENTS __ ASSOCIATE PROFESSOR Rose-Hulman Institute of Technology Department of Computer Science and Software Engineering ( September 2015 - Now ) ADJUNCT ASSISTANT PROFESSOR Indiana University School of Informatics, Computing, and Engineering ( October 2014 - Now ) VISITING PART-TIME FACULTY Rose-Hulman Institute of Technology Department of Computer Science and Software Engineering ( December 2014 - May 2015 ) INSTRUCTOR / CURRICULUM DEVELOPMENT Indiana University, Computer Science ( Summer 2004 ) - A201: Introduction to Programming with Java TEACHING ASSISTANT Indiana University, Computer Science ( Spring 2008 ) - C212: Programming in Java ( Fall 2005 ) - B548: Information Technology Essentials for Lawyers ( 2003 - 2004 ) - Multiple Introductory CS Classes RESEARCH ASSISTANT Indiana University ( Fall 2007 ) - "Distributed Phishing Attacks," Dr. Markus Jakobsson ( Spring 2007 ) - "Trawler Phishing," Dr. Steven A. Myers ( Spring 2005 ) - "Language Support for Morton Order Matrices," Dr. David Wise VISITING RESEARCHER University of Wollongong (Australia) Smart Internet Technology CRC ( Feb-Jun 2006 ) - "SITDRM with Trusted Computing," Dr. Rei Safavi-Naini __ INDUSTRY POSITIONS __ CYBER STRATEGY ADVISOR TO THE CISO HP, Inc. ( Sep 2021 - August 2022 ) On sabbatical from Rose-Hulman, advising the Chief Information Security Officer on software supply-chain security strategy and other special projects. VISITING PROFESSOR, SECURITY RESEARCH Brave Software ( June 2018 - August 2018 ) Investigated using machine learning techniques to identify potentially malicious browser extensions. * Identified method for vetting extensions for Brave (web browser) * Specified, designed, and prototyped ranking classifier for browser extensions * Worked with engineering to automate, operationalize, and deploy classifier * Presented work at Brave Faculty Summit (Nov 2018 symposium) PRINCIPAL ENGINEER, SECURITY AND PRIVACY Mozilla Corporation ( August 2014 - July 2015 ) Lead architect and engineer on security and privacy for Firefox. * Top advisor for executives on security and privacy topics * Chief spokesperson for security and privacy issues * Representative for Mozilla on discussions in standards groups * Set technical direction and strategy for security and privacy engineering team * Defined, implemented, maintained and improved core Firefox security features SENIOR ENGINEERING MANAGER, SECURITY AND PRIVACY Mozilla Corporation ( November 2011 - August 2014 ) Grew and focused team on building features to empower consumers with a safer web and better choice and control over their data in their online lives. * Defined team strategy and aligned team's work towards strategic goals * Grew team by recruiting new hires and expanding team's work with volunteers * Advised trade, standards and political groups on technology + public policy * Defined, implemented, maintained and improved security feature code modules PRINCIPAL SOFTWARE WHIZ RavenWhite, Inc. ( January 2006 - May 2012 ) Active in limited part-time role * Research & Development on products, prototypes, infrastructure management. ENGINEERING MANAGER, PRIVACY Mozilla Corporation ( October 2011 - November 2012 ) Built and leading team of software engineers with the mission to empower people with better transparency, choice and control regarding how their data is used and shared online. * Feature work: Tracking Control, HTTPS improvements, fingerprint minimization * Integrated HTTPS web searching, identity management, mobile OS controls * Advocating public web standards and communication of best practices * Built and deployed support system to help our engineers build privacy into our products * Played key role in guiding design and release of projects that collect and use data about our users SOFTWARE ENGINEER, SECURITY Mozilla Corporation ( February 2009 - October 2011 ) Research and development of web and Internet security and privacy technologies * Design, build and deploy web security features in Firefox (CSP, HSTS, etc) * Design, build and deploy privacy initiatives (DNT, identity system, etc) * Construct and deploy internal product privacy strategy for Firefox * Represent Mozilla's interest in SSL- and privacy-related policy work SOFTWARE ENGINEERING INTERN Google ( May 2008 - September 2008 ) Designed and implemented Android platform security tools. ( May 2007-August 2007 ) Designed and implemented security and anti-fraud tools. __ RESEARCH ADVISING __ 2023 - Katharina Haggenmueller, "Examining the Safety of Biometric Authentication" (B.S. Thesis) 2023 - Luke Lighthart, "Opportunistic Data Collection in Prospect Enhancement Tools" (B.S. Thesis) 2021 - Cherise McMahon, "Reimagining Password Creation: Creating Strength Through Prediction" (B.S. Thesis) 2019 - Cherise McMahon, "Bluetooth Location Privacy and Tracking" (RSURF Grant-Funded Research) 2019 - Dylan Vener, "Privacy in an ML-enabled world" (B.S. Thesis) 2019 - Jack McClary, "Users don't do privacy risk analysis on social media." (B.S. Thesis) 2017 - Connor Bade, "Bluetooth Location Privacy and Re-identification" (RSURP Grant-Funded Research) 2016 - Samantha Staszak, "Privacy Protection Online: Measuring the Gap of User Understanding" (B.S. Thesis) 2015 - Jake Patterson, "Investigating the Spatial Complexity of Various PKE-PEKS Schemes" (RSURP Grant-Funded Research) __ ADVISORY ROLES __ Abine, Inc ( October 2013 - Now ) * Member of Technical Advisory Board RavenWhite, Inc ( May 2012 - Now ) * Member of Technical Advisory Board __ SELECT SPEAKING ENGAGEMENTS __ Invited Talk, US Air Force Academy Cybersecurity Seminar Series 4/2023 (XSS/Security) Panelist, OWASP AppSec USA "Building next-gen Security Engineers" 9/2015 (Security) Panelist, UC Berkeley ICSI "1984+30" Workshop 10/2014 (Privacy) Panelist, NIST Privacy Engineering Workshop 9/2014 (Privacy) Panelist, PETS Workshop 2013 (Privacy) Invited Talk, PETools Workshop 2013 (Privacy) Panelist, FTC Workshops on Data Collection 12/2012 and DNT 1/2012 (Privacy) Panelist, WOOT 2012 (SSL/Security) Panelist, RSA 2012 SSL Revocation panel (SSL/Security) Keynote, hotPETS 2011 (Privacy) Invited Talk, USENIX Security'10 (Security) Invited Talk, 2005 ACM Computer Security/Privacy series, University of Minnesota __ SERVICE ACTIVITY __ PC Member, Conference, Usable Security and Privacy Symposium (2023) PC Member, Conference, AsiaUSEC (2020) PC Member, Conference, PST (2019, 2018, 2017) PC Member, Conference, WWW (2017, 2014, 2012) PC Member, Conference, USENIX Enigma (2016) PC Member, Workshop, IEEE Web 2.0 Security & Privacy (2016, 2014) Reviewer, Journal, IEEE Transactions on Dependable and Secure Computing (2015) Reviewer, Magazine, IEEE Security & Privacy (Regular) PC Member, Workshop, Usable Security (2012) PC Meber, Conference, APWG eCrime Researchers Summit (2013, 2012) __ HONORS AND AWARDS __ Prof of the Month, Delta Delta Delta (Gamma Pi) 2016 Doc Criss Best Senior Thesis/Project award, RHIT 2003 Rose-Hulman Presidential Scholarship, 1999-2003 Member, Upsilon Pi Epsilon (Computer Science) Nominated Member, Pi Mu Epsilon (Mathematics) Nominated Member, Iota Nu Phi (Informatics) __ PUBLICATIONS __ "Desired Qualifications Sought in Entry Level Software Engineers.", Sid Stamm. 2023. In Proceedings of the 54th ACM Technical Symposium on Computing Science Education V. 1 (SIGCSE 2023), March 15-18, 2023, Toronto, ON, Canada. ACM, New York, NY, USA, 7 pages. "Understanding How People Weigh the Costs and Benefits of Using Facebook", Jack McClary and Sid Stamm. 2021. In Proceedings of the 7th International Conference on Information Systems Security and Privacy (ICISSP). Online, Streaming; 11-13 February, 2021. SCITEPRESS. "The impact of changing homework frequency in a computer architecture course." Micah Taylor, Sid Stamm, and Christine Taylor. 2018. Journal of Computing Sciences in Colleges. 34, 1 (October 2018), 60-70. "Injecting CSP for Fun and Security", Christoph Kerschbaumer, Sid Stamm, and Stefan Brunthaler. 2nd International Conference on Information Systems Security and Privacy (ICISSP) February 2016. Rome, Italy. "Contextual identity: Freedom to be all your selves", Monica Chew and Sid Stamm. Proceedings of the Workshop on Web 2.0 Security and Privacy, 2013 "Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper)" In G. Danezis (Ed.) Proceedings of the Fifteenth International Conference on Financial Cryptography and Data Security. February 2011, St. Lucia. "Reining in the Web with Content Security Policy" In proceedings of the 19th International World Wide Web Conference (WWW2010). April 26-30 2010. Raleigh, NC,USA. "Practice and Prevention of Home-Router Mid-Stream Injection Attacks", Steven A. Myers and Sid Stamm. In proceedings of the 2008 APWG eCrime Researcher's Summit. October 15-16, 2008. Atlanta, GA, USA. Contributing author for portions of "Crimeware: Understanding New Attacks and Defenses", Markus Jakobsson (Editor), Zulfikar Ramzan (Editor). Paperback, 608 pages. Addison-Wesley Professional, April 28, 2008. ISBN: 0321501950 "Drive-by Pharming" Sid Stamm, Zulfikar Ramzan, and Markus Jakobsson. In Proceedings of Sihan Qing, Hideki Imai, Guilin Wang (Eds.): Information and Communications Security, 9th International Conference (ICICS 2007), Zhengzhou, China, December 12-15, 2007. Lecture Notes in Computer Science 4861 Springer 2008, ISBN 978-3-540-77047-3. Pages 495-506. "Implementing Trusted Terminals with a TPM and SITDRM" Sid Stamm, Nicholas Paul Sheppard, Reihaneh Safavi-Naini. In the First International Workshop on Run-Time Enforcement for Mobile and Distributed Systems (REM'07). "Fighting Unicode-Obfuscated Spam" Changwei Liu and Sid Stamm. In proceedings of the 2007 APWG eCrime Researcher's Summit. "Web Camouflage: Protecting Your Clients from Browser Sniffing Attacks," Markus Jakobsson and Sid Stamm. In the IEEE Security & Privacy Magazine. November/December 2007. "Combatting Click Fraud via Premium Clicks," Ari Juels, Sid Stamm, and Markus Jakobsson. Proceedings of the 16th USENIX Security Symposium, August 6-10 2007. "Web 2.0 Security Position Paper: JavaScript Breaks Free!" Markus Jakobsson, Zulfikar Ramzan and Sid Stamm. In the W2SP: Web 2.0 Security Workshop, held in conjunction with the 2007 Symposium on Security and Privacy (Oakland'07). May 24, 2007. Contributing author for portions of "Phishing and Countermeasures : Understanding the Increasing Problem of Electronic Identity Theft", Markus Jakobsson (Editor), Steven Myers (Editor). Hardcover, 739 pages. Wiley, November 2006. ISBN: 978-0-471-78245-2 "Invasive Browser Sniffing and Countermeasures" Markus Jakobsson and Sid Stamm. Proceedings of The 15th annual World Wide Web Conference, (WWW2006). "Privacy-Preserving Polling using Playing Cards" Sid Stamm and Markus Jakobsson. Cryptology ePrint Archive, Report 2005/444. 2005. "Privacy on the Internet" Kay Connelly, Katie Moor, Tom Jagatic, Ashraf Khalil, Yong Liu and Sid Stamm. Proceedings of WWW @ 10 Conference (www@10 '04), 2004. "Java Engagement for Teacher Training: An Experience Report" Raja Sooriamurtthi, Arijit Sengupta, Suzanne Menzel, Katie Moor, Sid Stamm, and Katy Börner. Proceedings of the Frontiers in Education (FIE'04), 2004. "Mixed Nuts: Atypical Classroom Techniques for Computer Science Courses" Sid Stamm. ACM Crossroads issue 10.4, Summer 2004.