Norman Sadeh
Professor of Computer Science, Software and Societal Systems Department
Co-Director, Privacy Engineering Program
Professor of Computer Science, Software and Societal Systems Department
Co-Director, Privacy Engineering Program
Norman Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University (CMU). Sadeh has (co-)founded and (co-)directed several groundbreaking graduate programs at CMU. This includes the Privacy Engineering Program (co-founder and co-director,2012-present), the Ph.D. Program in Societal Computing (co-founder and co-director, 2003-2013), and the MBA track in Technology Strategy and Product Management launched jointly by the Tepper School of Business and the School of Computer Science (co-founder and director, 2005-2017). Sadeh's current research interests include cybersecurity, online privacy, Human-AI Interaction, AI governance, mobile computing, the Internet of Things, user-oriented machine learning, language technologies, and semantic web technologies.
Sadeh is well known for his pioneering work on AI-based privacy enhancing technologies, including the development of privacy assistants, the development of automated privacy compliance tools, and the development of NLP-based privacy enhancing technologies. He has also conducted foundational work on modeling people's privacy expectations and preferences and on privacy and security nudging. His work has been credited with influencing the development of privacy-enhancing solutions at companies that include Apple, Google and Facebook/Meta (e.g., more expressive mobile app permissions, background privacy reminders/nudges, privacy dashboards, privacy compliance tools, mobile app privacy labels). Sadeh is the lead designer of CMU's Privacy Infrastructure for the Internet of Things (IoT). Results of his research have also informed privacy policy and activities at regulatory agencies, including the Federal Trade Commission and the California Office of the Attorney General (e.g., mobile app privacy compliance, CCPA privacy opt-out notices, IoT privacy).
Sadeh is also a successful entrepreneur. He was the founding CEO and, until its acquisition, the chairman and chief scientist of Wombat Security Technologies, a company that defined the multi-billion dollar user-oriented cybersecurity market. Wombat was acquired by Proofpoint in February 2018. By that time Wombat had well over 2,000 corporate customers, and had been named a clear leader in the Gartner Group’s Magic Quadrant in Security Awareness Computer-Based Training for four years in a row (since the inception of Gartner’s Quadrant in this sector). It had also been identified as one of the 500 fastest growing technology companies in North America for three consecutive years in Deloitte’s Technology Fast 500. In May 2018, Sadeh was honored with the 2018 Outstanding Entrepreneur of the Year award from the Pittsburgh Venture Capital Association. As of 2024, technologies Norman developed with colleagues at CMU and Wombat are used to protect tens of millions of users around the world against cybersecurity attacks such as phishing, including employees at over 75 percent of the Fortune 100 companies.
Earlier in his career, Sadeh conducted seminal work in AI planning and scheduling, agent-based supply chain management, workflow management, automated trading, including the design and launch of the international supply chain trading agent competition. His work on constrained-based scheduling introduced a probabilistic model of the search space for constraint satisfaction problems and demonstrated how this model could inform the development of particularly effective variable and value ordering search heuristics. His work on agent-based supply chain management was among the very first to demonstrate the importance of modeling the decentralized and competitive nature of supply chains and of offering practical approaches for studying and managing these interactions. Products based on this earlier research were deployed and commercialized by organizations such as IBM, CACI, Raytheon, Mitsubishi, Boeing, Numetrix (eventually acquired by JDEdwards/PeopleSoft/Oracle), ILOG (eventually acquired by IBM), and the U.S. Army.
Sadeh's 2001 best-selling book on M-Commerce provided an overview of emerging trends and anticipated future developments that eventually coalesced into the emergence and broad adoption of smartphones. It highlighted usability, security and privacy challenges mobile commerce ecosystems would have to address, the need for standardized APIs for managing contextual attributes and associated privacy decisions and previewed how smart assistants would eventually usher a new wave of innovation in this space.
Sadeh's work with his collaborators on the livelihoods project, using social media data to interpret the dynamic patterns of cities and help understand their social fabric, was recognized with a test of time award by the AAAI Conference on Web and Social Media (ICWSM). His work on automatically recognizing mobile user activities while minimizing battery life has also influenced technologies found in most modern smartphones.
In the late nineties, Sadeh served as Chief Scientist of the EUR 550 million European Union's e-Commerce initiative, which included all pan-European research in cybersecurity and privacy as well as contributions to several major European public policy initiatives. The initiative resulted in the launch of over 200 multimillion-dollar projects involving over 1,000 European organizations from industry and academia, with half the funding provided by industry and the other half by the European Commission.
Sadeh received his Ph.D. in Computer Science at CMU with a major in Artificial Intelligence and a minor in Operations Research. He holds a MS degree in computer science from the University of Southern California and a BS/MS degree in electrical engineering and applied physics from the Free University of Brussels (Belgium) as “Ingénieur Civil Physicien.”
Sadeh's research as well as his views on cybersecurity, privacy, mobile and IoT technologies are often covered in the press (e.g. "The Wall Street Journal," "Wired," "The New York Times," "The Chronicle of Higher Education," "Pittsburgh Post-Gazette," "Kiplinger," "THe Huffington Post," "Fast Company," "TechCrunch").
Between 2008 and 2019, he was also a visiting professor at Hong Kong University, where he would spend two weeks each year.
1991 Ph.D., Computer Science, Carnegie Mellon University
1986 M.Sc., Computer Science, Univ. of Southern California
1985 Ingénieur Civil Physicien (5-year BS/MS degree), The Free University of Brussels
CyLab Security and Privacy Institute
A team of Carnegie Mellon University researchers is studying prompt engineering techniques that could coax large language models (LLMs) to generate more effective answers to everyday cybersecurity questions.
CyLab Security and Privacy Institute
This year, CyLab has awarded more than $400K in seed funding to 16 CMU students, faculty, and staff members from five departments at the university.
CyLab Security and Privacy Institute
To meet the needs of busy professionals eager to deepen their expertise without leaving their full-time jobs, Carnegie Mellon University’s Software and Societal Systems Department has launched a new part-time master’s degree program: the MS in Privacy Technology and Policy.
CyLab Security and Privacy Institute
Carnegie Mellon University offers several Ph.D. programs that attract students interested in pursuing research careers in security and privacy.
CyLab Security and Privacy Institute
On Sept. 4-5, more than 500 of the world’s leading cyber-systems researchers convened in Pittsburgh for the 2024 National Science Foundation Secure and Trustworthy Cyberspace Principal Investigators’ Meeting (NSF SaTC PI), hosted by Carnegie Mellon University’s CyLab Security and Privacy Institute.
CyLab Security and Privacy Institute
Carnegie Mellon faculty and students presented on a wide range of topics at the 33rd USENIX Security Symposium. Held in Philadelphia on August 14-16, the event brought together experts from around the world, who highlighted the latest advances in the security and privacy of computer systems and networks.
CyLab Security and Privacy Institute
Carnegie Mellon faculty and students shared their research at the 2024 Symposium on Usable Privacy and Security (SOUPS), which took place August 11-13 in Philadelphia.
CyLab Security and Privacy Institute
Created by researchers at Carnegie Mellon University, Privacy Label Wiz is an easy-to-use, step-by-step resource to help developers create accurate mobile app privacy labels
Seattle Times
SCS Professor Norman Sadeh explains why privacy should be top of mind for technology companies and shares his thoughts on the regulatory environment around artificial intelligence.
CyLab Security and Privacy Institute
Have you noticed the new icon popping up on websites across the Internet? Thanks to researchers at Carnegie Mellon’s CyLab Security and Privacy Institute, the University of Michigan, and Fordham University, users can now easily make choices about how websites use their personal information, all in one convenient spot.
CyLab Security and Privacy Institute
Each year, CyLab recognizes high-achieving Ph.D. students pursuing security and/or privacy-related research with a CyLab Presidential Fellowship that covers one year of tuition.
CyLab Security and Privacy Institute
There is no shortage of Carnegie Mellon (CMU) students and faculty participating in this year's Symposium on Usable Privacy and Security (SOUPS).