Norman M. Sadeh is a professor in the School of Computer Science at Carnegie Mellon University. He is director of CMU’s Mobile Commerce Laboratory and its e-Supply Chain Management Laboratory, co-founder of the School’s Ph.D. Program in Societal Computing (formerly “Computation, Organizations and Society”) and co-director of the MSIT Program in Privacy Engineering. He also co-founded and directs the MBA track in Technology Leadership launched jointly by the Tepper School of Business and the School of Computer Science in 2005. Over the past dozen years, Sadeh’s primary research focus has been in the area of mobile and pervasive computing, cybersecurity, online privacy, user-oriented machine learning, and semantic web technologies, with a particular focus on mobile and social networking.
Sadeh is also well known for his seminal work in AI planning and scheduling, agent-based supply chain management, workflow management, automated trading, and negotiation, including the original design and launch of the international supply chain trading agent competition. Products based on his research have been deployed and commercialized by organizations such as IBM, Raytheon, Mitsubishi, Boeing, Numetrix (eventually acquired by JD Edwards/PeopleSoft/Oracle), ILOG (eventually acquired by IBM), and the US Army. His privacy research has been credited with influencing the design of products at companies such as Facebook and Google as well as activities at the US Federal Trade Commission. Between 2008 and 2011, Sadeh served as founding CEO of Wombat Security Technologies, a leading provider of innovative cybersecurity training products and anti-phishing solutions originally developed as part of research with several of his colleagues at CMU. As chairman of the board and chief scientist, he remains actively involved in the company, working closely with the management team on both business and technology strategies.
Sadeh has been on the faculty at CMU since 1991. In the late nineties, he was program manager with the European Commission’s ESPRIT research program, prior to serving for two years as chief scientist of its US$700M (EUR 550M) initiative in “New Methods of Work and eCommerce” within the Information Society Technologies (IST) program. As such, he was responsible for shaping European research priorities in collaboration with industry and universities across Europe. These activities eventually resulted in the launch of over 200 R&D projects involving over 1,000 European organizations from industry and research. While at the Commission, Sadeh also contributed to a number of EU policy initiatives related to eCommerce, the internet, cybersecurity, privacy, and entrepreneurship.
Sadeh received his Ph.D. in Computer Science at CMU with a major in Artificial Intelligence and a minor in Operations Research. He holds an MS degree in Computer Science from the University of Southern California and a BS/MS degree in Electrical Engineering and Applied Physics from the Free University of Brussels (Belgium) as “Ingénieur Civil Physicien”.
Sadeh has authored over 200 scientific publications. He is also the author of “m-Commerce: Technologies, Services and Business Models,” a best-selling book published by Wiley in April 2002. He served as general chair of the 2003 International Conference on Electronic Commerce and as editor-in-chief of Electronic Commerce Research Applications (ECRA). He has served on the editorial board of several other journals and is currently on the board of I/S: A Journal of Law and Policy for the Information Society.
Sadeh is also a visiting professor at Hong Kong University, where he spends two weeks each year.
1991 Ph.D., Computer Science, Carnegie Mellon University
1986 M.Sc., Computer Science, Univ. of Southern California
1985 Ingénieur Civil Physicien (5-year BS/MS degree), The Free University of Brussels
- access control and authorization
- AI and ML for security
- Applications of security and privacy
- automotive and transportation security and privacy
- cyber physical systems security and privacy
- data security and privacy
- embedded systems security
- emerging applications security
- engineering and public policy
- Formal methods
- formal methods for security
- hardware security
- human computer interaction
- Internet of Things (IoT)
- IoT security and privacy
- language-based security
- Measurement and analysis
- measurements of fraud, malware, spam
- ML and AI
- mobile and app security and privacy
- network security
- privacy algorithms
- privacy engineering
- privacy enhancing technologies
- risk analysis and management
- security and privacy economics
- security education, awareness, and training
- security of AI and ML
- security policy and regulation
- social networks security and privacy
- software security
- systems security
- threat analysis and modeling
- threat intelligence
- Usability and human behavior
- usable privacy and security