Norman Sadeh is a professor in the School of Computer Science at Carnegie Mellon University (CMU). He is director of CMU’s Mobile Commerce Laboratory and its e-Supply Chain Management Laboratory, co-Founder of the School’s Ph.D. Program in Societal Computing and co-Director of the MSIT program in Privacy Engineering. He also co-founded and for 12 years co-directed the MBA track in Technology Leadership launched jointly by the Tepper School of Business and the School of Computer Science in 2005. Sadeh’s current research interests include cybersecurity, online privacy, mobile computing, the Internet of Things, artificial intelligence, user-oriented machine learning, human computer interaction, language technologies, and semantic web technologies.

Sadeh is also well known for his seminal work in AI planning and scheduling, agent-based supply chain management, workflow management, automated trading, including the design and launch of the international supply chain trading agent competition. Products based on his research have been deployed and commercialized by organizations such as IBM, Raytheon, Mitsubishi, Boeing, Numetrix (eventually acquired by JD Edwards/PeopleSoft/Oracle), ILOG (eventually acquired by IBM), and the US Army. His privacy research has been credited with influencing the design of products at companies such as Facebook and Google as well as activities at the US Federal Trade Commission and the California Office of the Attorney General. His work on automatically recognizing mobile user activities while minimizing battery life has influenced technologies found in most modern smartphones.

Sadeh is also a successful entrepreneur, having served as founding CEO and, until its acquisition, as chairman and chief scientist of Wombat Security Technologies, a company he co-founded to commercialize anti-phishing technologies he developed as part of research with several of his colleagues at CMU. Together with his collaborators, he grew Wombat Security Technologies into a leading provider of anti-phishing and cybersecurity awareness training technologies. The company was acquired for $225M by Proofpoint (NASDAQ: PFPT) in February 2018. By that time Wombat had well over 2,000 corporate customers, and had been named a clear leader in the Gartner Group’s Magic Quadrant in Security Awareness Computer-Based Training for four years in a row (since the inception of Gartner’s Quadrant in this sector). It had also been identified as one of the 500 fastest growing technology companies in North America for three consecutive years in Deloitte’s Technology Fast 500. In May 2018, Norman was honored with the 2018 Outstanding Entrepreneur of the Year award from the Pittsburgh Venture Capital Association.

In the late nineties, Sadeh was program manager with the European Commission’s ESPRIT research program, prior to serving for two years as chief scientist of the EU’s EUR 550M (US$650M) initiative in “New Methods of Work and eCommerce,” which included all pan-European research in cybersecurity and privacy. As such, he was responsible for shaping European research priorities in collaboration with industry and universities across Europe. These activities eventually resulted in the launch of over 200 R&D projects involving over 1,000 European organizations from industry and research. While at the Commission, he also contributed to a number of EU policy initiatives related to eCommerce, the Internet, cybersecurity, privacy, and entrepreneurship.

Sadeh received his Ph.D. in Computer Science at CMU with a major in Artificial Intelligence and a minor in Operations Research. He holds a MS degree in computer science from the University of Southern California and a BS/MS degree in electrical engineering and applied physics from the Free University of Brussels (Belgium) as “Ingénieur Civil Physicien.”

Sadeh has authored or co-authored around 300 scientific publications. He is also the author of m-Commerce: Technologies, Services and Business Models, a best-selling book published by Wiley in April 2002. He served as general chair of the 2003 International Conference on Electronic Commerce and as editor-in-chief of Electronic Commerce Research Applications (ECRA). He has served on the editorial board of several other journals and is currently on the board of I/S: A Journal of Law and Policy for the Information Society. Norman also sits on the advisory board of the Future of Privacy Forum.

Sadeh’s research, as well as his views on cybersecurity, privacy, mobile, and IoT technologies are often covered in the press (e.g. Wall Street Journal, Wired, New York Times, Chronicle of Higher Education, Pittsburgh Post Gazette, Kiplinger, Huffington Post, Fast Company, Tech Crunch).

Between 2008 and 2019, he was also a visiting professor at Hong Kong University, where he would spend two weeks each year.

5303 Wean Hall
Linda Moreci
Google Scholar
Norman Sadeh
Norman Sadeh’s website


1991 Ph.D., Computer Science, Carnegie Mellon University

1986 M.Sc., Computer Science, Univ. of Southern California

1985 Ingénieur Civil Physicien (5-year BS/MS degree), The Free University of Brussels


Media mentions

CyLab Security and Privacy Institute

What if you could better control what mobile apps do with your data?

Researchers in CyLab are working to create digital “privacy assistants” that can recommend phone app privacy settings to users based on their preferences.

CyLab Security and Privacy Institute

Three CyLab papers presented at the FTC’s PrivacyCon 2020

Three CyLab papers were presented at this year's PrivacyCon, focusing on privacy and security nutrition labels, making privacy choices easier, and perceptions of advanced video analytics.

CyLab Security and Privacy Institute

How much control are people willing to grant to a personal privacy assistant?

In a new study presented at the CHI 2020 conference, CyLab researchers sought to find out how much autonomy people would feel comfortable giving to a personalized privacy assistant.

CyLab Security and Privacy Institute

Finding privacy choices on websites is hard for average users.

In a study presented at this year's ACM CHI conference, CyLab researchers show precisely how difficult it is for average users to access privacy choices online.

CyLab Security and Privacy Institute

NSF awards $1.2M to create a digital assistant to answer people’s privacy questions

The National Science Foundation (NSF) has awarded a $1.2 million grant to a team of researchers from Carnegie Mellon University, Fordham University, and Penn State University to develop a tool—a “privacy assistant”—that will allow users to simply ask questions about the privacy issues that matter to them.

CyLab Security and Privacy Institute

CyLab's Norman Sadeh speaks on plenary panel about data protection and privacy

Last week, CyLab's Norman Sadeh, a professor in the Institute for Software Research in the School of Computer Science and co-director of the Privacy Engineering program, spoke about privacy, artificial intelligence (AI), and the challenges at the intersection of the two at the International Conference of Data Protection and Privacy Commissioners (ICDPPC).

CyLab Security and Privacy Institute

Proofpoint Acquires CMU Spinoff Wombat Security for $225 Million

Proofpoint Inc., a leading cybersecurity company, has completed its acquisition of a Carnegie Mellon University spinoff, Wombat Security Technologies Inc., for $225 million. The deal was announced by Proofpoint last month.

CMU spinoff Wombat acquired for $225 million

Wombat Security Technologies, founded in 2008 by EPP/CyLab’s Lorrie Cranor and CyLab’s Norman Sadeh and Jason Hong, was recently acquired by Proofpoint Inc. for $225 million.

CyLab Security and Privacy Institute

Carnegie Mellon researchers create an AI to help us make sense of privacy policies

If you’re anything like the average Internet user, you probably didn’t spend the estimated 244 hours it would take to read every privacy policy for every website you visited last year. That’s exactly why a team led by Carnegie Mellon University just launched an interactive website aimed at helping users make sense of their privacy on the web.

CyLab Security and Privacy Institute

Carnegie Mellon hosts fifth International Data Privacy Day celebration

As information about our ourselves and our daily lives continues to become increasingly digitized, Carnegie Mellon University will host its fifth celebration of International Data Privacy Day on Friday, January 26th.

CyLab Security and Privacy Institute

CyLab’s Norman Sadeh on Privacy Engineering and the GDPR

Professor Norman Sadeh answers questions on CMU's Privacy Engineering program and the EU General Data Protection Regulation.