I am a Principal Researcher at Microsoft Research. I am interested in data and signal analysis problems that reduce complexity and remove pain points for users. My current interests include data-mining for fraud and abuse, authentication, safety and data-driven security. I received my PhD from Columbia University, my MSEE from Georgia Tech and my BE from University College Cork, Ireland.
Some of my recent work explains why Nigerian scammers say they’re from Nigeria, why those scary numbers you hear about billions lost to cybercrime are junk, and why you’re right to suspect that most security advice is a waste of time.
Here’s a short profile of me done by MSR, and some media coverage of my work: All Things Considered (NPR), the Boston Globe, the NY Times, Wired, Ars Technica, theAtlantic, Bloomberg TV, The Economist, the Wall St Journal. An OpEd I wrote for the NY Times.
Videos of recent talks:
Unfalsifiability of Security Claims, Invited talk at Usenix 2016
Pushing on String: the don’t care regions of password strength, talk at PasswordsCon Las Vegas, August 2015
Passwords: a Guide to the Ruins, talk at CMU October 2014