Rich Shay

rich at richshay dot com
richshay.com
Pittsburgh, PA

Sample App

Education

Carnegie Mellon University, Pittsburgh, PA
Doctor of Philosophy in Computation, Organizations, and Society, 2015
Master of Science in Computation, Organizations, and Society, 2011
School of Computer Science
Advisor: Lorrie Faith Cranor
IGERT/CyLab Usable Privacy and Security (CUPS) Doctoral Training Program

Purdue University, West Lafayette, IN
Master of Science in Computer Science, 2007
Upsilon Pi Epsilon, International Honor Society for the Computing Sciences

Brown University, Providence, RI
A.B. in Computer Science and Classics, 2003
GTE Corporation Merit Scholarship
Graduated Magna cum Laude and with honors in classics

Thayer Academy, Braintree, MA
High School Degree, 1999
Senior Class President
Cum Laude Society

Professional Experience

Carnegie Mellon University, 2015-Present
Postdoc, Pittsburgh, PA
Advisor: Lorrie Faith Cranor

Google, 2013 (Summer)
Intern, Mountain View, CA
Examined how people perceived and understood online account hijacking.

Abine, 2012 (Summer)
Intern, Boston, MA
Collaborated with a team to develop privacy-enhancing software. Conducted usability testing both remotely and in person.

Web Development Consultant, 2008-2009
Designed and created websites

Massachusetts Office of the Inspector General, 2003-2004
Intern, Boston, MA
Redesigned and implemented database system used to record the Office's cases
Researched, wrote, and edited documents disseminated by the Office

BBN Technologies, 2001, 2002 (Summers)
Intern, Cambridge, MA
Designed and implemented graphical interfaces for internal research projects on network security
Named 2001 Verizon Northeast Region Intern of the Year

GTE/Verizon Labs, 1999, 2000 (Summers)
Senior Technician, Waltham, MA
Designed, coded, and tested a graphical interface for Verizon customer website

Teaching Experience

Usable Privacy and Security
Teaching Assistant for Lorrie Faith Cranor, Spring 2015
Duties include grading homework assignments, creating and evaluating quizzes, helping to determine the lesson plan, presenting several lectures, meeting with students, and working with students on their class projects.

Mobile and Pervasive Computing Services
Teaching Assistant for Norman Sadeh, Spring 2015
Duties include grading, meeting with students to discuss project ideas, and helping to manage the logistics of running the course.

Information Security and Privacy
Teaching Assistant for Norman Sadeh, Fall 2012
Duties included assisting with determining course content, giving a lecture, and grading the exams, assignment, and class project.

Usable Privacy and Security
Teaching Assistant for Lorrie Faith Cranor, Fall 2011
Duties included grading weekly homework assignments, helping to determine the lesson plan, presenting two lectures, and meeting students outside of the classroom to discuss homework and the class project.

Guest Lectures
Gave guest lectures on my research, 2012-2015
I have given guest lectures on my research for classes at Carnegie Mellon University. This included a practicum course for my PhD program, and a discussion in James Herbsleb's Ethics and Policy course.

Publications

Conference Papers

Measuring Real-World Accuracies and Biases in Modeling Password Guessability. USENIX Security 2015. (Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, Richard Shay)

"I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab. SOUPS 2015. (Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor)

A Spoonful of Sugar? The Impact of Guidance and Feedback on Password-Creation Behavior. CHI 2015. (Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Alain Forget, Saranga Komanduri, Michelle L. Mazurek, William Melicher, Sean M. Segreti, Blase Ur)

Telepathwords: Preventing Weak Passwords by Reading Users' Minds. USENIX 2014. (Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter)

Can Long Passwords be Secure and Usable?. CHI 2014. (Richard Shay, Saranga Komanduri, Adam L. Durity, Phillip (Seyoung) Huh, Michelle L Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor)

My Religious Aunt Asked Why I Was Trying to Sell Her Viagra: Experiences with Account Hijacking. CHI 2014. (Richard Shay, Iulia Ion, Robert W. Reeder, Sunny Consolvo)

Measuring Password Guessability for an Entire University. CCS 2013. (Michelle Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, Blase Ur)

What Matters to Users? Factors that Affect Users' Willingness to Share Information with Online Advertisers. SOUPS 2013. (Pedro G. Leon, Blase Ur, Yang Wang, Manya Sleeper, Rebecca Balebako, Richard Shay, Lujo Bauer, Mihai Christodorescu, Lorrie Faith Cranor)

The Impact of Length and Mathematical Operators on the Usability and Security of System-Assigned One-Time PINs. USEC 2013. (Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor)

Guess Again (and again and again): Measuring password strength by simulating password-cracking algorithms. Oakland 2012. (Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez)

How does your password measure up? The effect of strength meters on password creation. USENIX 2012. (Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor)

Smart, Useful, Scary, Creepy: Perceptions of Online Bebahavioral Advertising. SOUPS 2012. (Blase Ur, Pedro G. Leon, Lorrie Faith Cranor, Richard Shay, Yang Wang)

Correct horse battery staple: Exploring the usability of system-assigned passphrases. SOUPS 2012. (Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle Mazurek, Blase Ur, Timothy Vidas, Lujo Bauer, Nicholas Christin, Lorrie Faith Cranor)

Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising. CHI 2012. (Pedro Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang)

Of Passwords and People: Measuring the Effect of Password-Composition Policies. CHI 2011. (Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle Mazurek, Lujo Bauer, Nicholas Christin, Lorrie Faith Cranor, and Serge Egelman)

Exploring Reactive Access Control. CHI 2011. (Michelle Mazurek, Peter Klemperer, Richard Shay, Hassan Takabi, Lujo Bauer, and Lorrie Faith Cranor)

Encountering Stronger Password Requirements: User Attitudes and Behaviors. SOUPS 2010. (Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Leon, Michelle Mazurek, Lujo Bauer, Nicholas Christin, and Lorrie Faith Cranor)

Access Control for Home Data Sharing: Attitudes, Needs and Practices. CHI 2010. (Michelle Mazurek, J.P. Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, and Michael K. Reiter)

Journal Papers

AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements. I/S: A Journal of Law and Policy for the Information Society 2012. (Saranga Komanduri, Richard Shay, Greg Norcie, Blase Ur, and Lorrie Faith Cranor)

A Comprehensive Simulation Tool for the Analysis of Password Policies. International Journal of Information Security 2009. (Richard Shay and Elisa Bertino)

Doctoral Thesis

Creating Usable Policies for Stronger Passwords with MTurk. PhD Thesis 2015. (Richard Shay)

Workshop Papers

Measuring the Effectiveness of Privacy Tools for Limiting Behavioral Advertising. W2SP 2012. (Rebecca Balebako, Pedro Leon, Richard Shay, Blase Ur, and Lorrie Faith Cranor)

Password Policy Simulation and Analysis. DIM 2007. (Richard Shay, Abhilasha Bhargav-Spantzel, and Elisa Bertio)

Magazine Articles

CyLab Usable Privacy and Security Laboratory. ACM XRDS Magazine 2013. (Rich Shay)

Helping Users Create Better Passwords . USENIX ;login: Magazine 2012. (Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Julio López)

Posters

The Art of Password Creation. Oakland 2013. (Blase Ur, Saranga Komanduri, Richard Shay, Stephanos Matsumoto, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Michelle L. Mazurek, Timothy Vidas)

Exploring Reactive Access Control. CHI 2010. (Richard Shay, Michelle Mazurek, Peter Klemperer, and Hassan Takabi)

Undergraduate Thesis

Jesus and Hierarchy. Brown University Senior Thesis 2003. (Richard Shay)

Hobbies and Interests

I am a professional Magic: the Gathering player. I have been playing since 1997, and have attended several Pro-Tours. I have written several articles on Magic that have been published online.

I enjoy playing board games. I am the former New England champion in Agricola, Power Grid, Dominion, and Notre Dame.

I am interested in ancient Greek and Roman philosophy, especially the works of Plato.

I am a native English speaker. I have been proficient at reading Latin, but am rusty. I have proficiency with Ruby, Rails, Java, C, C++, and LaTeX. I have proficiency analyzing large data sets using R. I have experience with SQL and Perl.