Serge Egelman receives 2025 CyLab Distinguished Alumni Award

Serge Egelman, founder and chief scientist at AppCensus, has been named CyLab's 2025 Distinguished Alumni Award recipient, in honor of his impactful contributions to privacy research, policy, and industry innovation.

Currently a research faculty member at UC Berkeley and the research director of the Usable Security and Privacy Group at the International Computer Science Institute (ICSI), Egelman is recognized as a leading voice in understanding and addressing mobile privacy risks and bridging the divide between technical research and public policy.

Reflecting on his time at Carnegie Mellon University, Egelman credits the university’s deeply interdisciplinary environment as a formative influence on his career.

“It was a great environment,” he said. “Looking back, what I really appreciated was how easy it was to engage across departments. That level of interdisciplinary collaboration is something I haven’t seen replicated elsewhere.”

Egelman earned his Ph.D. in the School of Computer Science at Carnegie Mellon in 2009, working under current CyLab director Lorrie Cranor in the Computation, Organizations, and Society PhD program (now called Societal Computing). His early research explored how users make decisions about online privacy and how they interact with security warnings—two threads that would continue to shape his academic and applied work for years to come.

“Privacy was always an area I found interesting,” he said. “And warnings became a big part of usable security as that field started to emerge.”

Cranor recalls that research on phishing warnings Serge conducted as a Ph.D. student influenced the design of Microsoft browser warnings.

“Serge led a study in which we pretended to phish participants in our lab and watched to see what happened after their web browsers warned them about the phish," Cranor said. "He gained insights into why people were ignoring the warnings. During his internship at Microsoft, Serge presented his research to members of the browser team and convinced them to change their warning design.”

Egelman was also a member of a CMU research team that conducted an online shopping study that demonstrated that some people will pay a premium for better privacy when privacy information is made salient and accessible. In a follow-up paper leg by Egelman, the team demonstrated that the timing of privacy information plays an important role.

“Serge helped come up with creative study designs that pushed the envelope in the usable privacy and security space at the time,” said Cranor, noting that the online shopping studies tasked participants with purchasing privacy-sensitive items to elevate the potential privacy risk.

Following his time at CMU, Egelman held a postdoctoral position at Brown University before joining the National Institute of Standards and Technology (NIST). He ultimately transitioned to UC Berkeley, where he has spent the last 15 years conducting privacy research.

In 2019, Egelman co-founded AppCensus, a startup spun out of his academic work, which develops tools that allow enterprises to automatically test mobile apps for compliance with privacy laws and platform policies. AppCensus is currently Startup Partner in the CyLab Venture Network.

“AppCensus was born out of our research,” he said. “It’s mostly used by organizations with large app portfolios or those hosting app marketplaces who need to ensure compliance; not just with laws, but also with internal privacy policies.”

In recent years, Egelman has also turned his attention to the legal implications of privacy violations, consulting on litigation and publishing research aimed at improving technical literacy among legal professionals. His latest study, which will be published in a forthcoming law review, examines the claims made by companies and data brokers in privacy lawsuits, often revealing how little is understood about the technical realities of data collection and sharing.

“A lot of myths persist in courtrooms about how data is collected and used,” Egelman noted. “And yet, these decisions have far-reaching consequences.”

When asked what advice he’d offer to today’s students, Egelman returns to the theme that shaped his own experience: take full advantage of CMU’s multidisciplinary offerings.

“The ability to combine technical depth with exposure to policy, law, and human factors, that’s a rare and powerful combination,” he said.

In the CyLab Distinguished Alumni Award's sixth year, Egelman joins 2024 winner Alina Oprea, 2023 winner Aaron Roth, 2022 winner Michelle Mazurek, 2021 winner Yinglian Xie, and 2020 winner Elaine Shi.

Egelman will be presented with the award and give a presentation on his research at CyLab's annual Partners Conference on October 29, 2025.