Portrait of Cormac Herley

Cormac Herley

Principal Researcher


I am a Principal Researcher at Microsoft Research. I am interested in data and signal analysis problems that reduce complexity and remove pain points for users. My current interests include data-mining for fraud and abuse, authentication, safety and data-driven security. I received my PhD from Columbia University (opens in new tab), my MSEE from Georgia Tech (opens in new tab) and my BE from University College Cork (opens in new tab), Ireland.

Some of my recent work explains why Nigerian scammers say they’re from Nigeria (opens in new tab), why those scary numbers you hear about billions lost to cybercrime are junk (opens in new tab), and why you’re right to suspect that most security advice is a waste of time (opens in new tab).

Here’s a short profile of me  (opens in new tab)done by MSR, and some media coverage of my work: All Things Considered (NPR) (opens in new tab), the Boston Globe (opens in new tab), the NY Times (opens in new tab)Wired (opens in new tab)Ars Technica (opens in new tab)theAtlantic (opens in new tab)Bloomberg TV (opens in new tab)The Economist (opens in new tab), the Wall St Journal (opens in new tab). An OpEd I wrote (opens in new tab) for the NY Times.

Videos of recent talks:

Unfalsifiability of Security Claims (opens in new tab), Invited talk at Usenix 2016
Pushing on String: the don’t care regions of password strength (opens in new tab), talk at PasswordsCon Las Vegas, August 2015
Passwords: a Guide to the Ruins (opens in new tab), talk at CMU October 2014