Norman Sadeh is a professor in the School of Computer Science at Carnegie Mellon University (CMU). He is director of CMU’s Mobile Commerce Laboratory and its e-Supply Chain Management Laboratory, co-Founder of the School’s Ph.D. Program in Societal Computing and co-Director of the MSIT program in Privacy Engineering. He also co-founded and for 12 years co-directed the MBA track in Technology Leadership launched jointly by the Tepper School of Business and the School of Computer Science in 2005. Sadeh’s current research interests include cybersecurity, online privacy, mobile computing, the Internet of Things, artificial intelligence, user-oriented machine learning, human computer interaction, language technologies, and semantic web technologies.
Sadeh is also well known for his seminal work in AI planning and scheduling, agent-based supply chain management, workflow management, automated trading, including the design and launch of the international supply chain trading agent competition. Products based on his research have been deployed and commercialized by organizations such as IBM, Raytheon, Mitsubishi, Boeing, Numetrix (eventually acquired by JD Edwards/PeopleSoft/Oracle), ILOG (eventually acquired by IBM), and the US Army. His privacy research has been credited with influencing the design of products at companies such as Facebook and Google as well as activities at the US Federal Trade Commission and the California Office of the Attorney General. His work on automatically recognizing mobile user activities while minimizing battery life has influenced technologies found in most modern smartphones.
Sadeh is also a successful entrepreneur, having served as founding CEO and, until its acquisition, as chairman and chief scientist of Wombat Security Technologies, a company he co-founded to commercialize anti-phishing technologies he developed as part of research with several of his colleagues at CMU. Together with his collaborators, he grew Wombat Security Technologies into a leading provider of anti-phishing and cybersecurity awareness training technologies. The company was acquired for $225M by Proofpoint (NASDAQ: PFPT) in February 2018. By that time Wombat had well over 2,000 corporate customers, and had been named a clear leader in the Gartner Group’s Magic Quadrant in Security Awareness Computer-Based Training for four years in a row (since the inception of Gartner’s Quadrant in this sector). It had also been identified as one of the 500 fastest growing technology companies in North America for three consecutive years in Deloitte’s Technology Fast 500. In May 2018, Norman was honored with the 2018 Outstanding Entrepreneur of the Year award from the Pittsburgh Venture Capital Association.
In the late nineties, Sadeh was program manager with the European Commission’s ESPRIT research program, prior to serving for two years as chief scientist of the EU’s EUR 550M (US$650M) initiative in “New Methods of Work and eCommerce,” which included all pan-European research in cybersecurity and privacy. As such, he was responsible for shaping European research priorities in collaboration with industry and universities across Europe. These activities eventually resulted in the launch of over 200 R&D projects involving over 1,000 European organizations from industry and research. While at the Commission, he also contributed to a number of EU policy initiatives related to eCommerce, the Internet, cybersecurity, privacy, and entrepreneurship.
Sadeh received his Ph.D. in Computer Science at CMU with a major in Artificial Intelligence and a minor in Operations Research. He holds a MS degree in computer science from the University of Southern California and a BS/MS degree in electrical engineering and applied physics from the Free University of Brussels (Belgium) as “Ingénieur Civil Physicien.”
Sadeh has authored or co-authored around 300 scientific publications. He is also the author of m-Commerce: Technologies, Services and Business Models, a best-selling book published by Wiley in April 2002. He served as general chair of the 2003 International Conference on Electronic Commerce and as editor-in-chief of Electronic Commerce Research Applications (ECRA). He has served on the editorial board of several other journals and is currently on the board of I/S: A Journal of Law and Policy for the Information Society. Norman also sits on the advisory board of the Future of Privacy Forum.
Sadeh’s research, as well as his views on cybersecurity, privacy, mobile, and IoT technologies are often covered in the press (e.g. Wall Street Journal, Wired, New York Times, Chronicle of Higher Education, Pittsburgh Post Gazette, Kiplinger, Huffington Post, Fast Company, Tech Crunch).
Between 2008 and 2019, he was also a visiting professor at Hong Kong University, where he would spend two weeks each year.
1991 Ph.D., Computer Science, Carnegie Mellon University
1986 M.Sc., Computer Science, Univ. of Southern California
1985 Ingénieur Civil Physicien (5-year BS/MS degree), The Free University of Brussels
- access control and authorization
- AI and ML for security
- Applications of security and privacy
- automotive and transportation security and privacy
- cyber physical systems security and privacy
- data security and privacy
- embedded systems security
- emerging applications security
- Formal methods
- formal methods for security
- Internet of Things (IoT)
- IoT security and privacy
- language-based security
- Measurement and analysis
- measurements of fraud, malware, spam
- ML and AI
- mobile and app security and privacy
- privacy algorithms
- privacy engineering
- privacy enhancing technologies
- risk analysis and management
- security and privacy economics
- security education, awareness, and training
- security of AI and ML
- security policy and regulation
- social networks security and privacy
- software security
- threat analysis and modeling
- threat intelligence
- Usability and human behavior
- usable privacy and security