Home Consulting


I am accepting new clients for the following services:

User Experience Research
I employ rigorous, scientific methodologies to help you understand what your customers need and assess how your product or service measures up. This can include both qualitative (interviews, focus groups) and quantitative (large-scale data analyses) methods.
Privacy by design consultation
I can help you ensure that your product or service is more respectful of your customers’ privacy, while still providing its intended utility or value.
Machine learning / data science consultation
I can help you make the most out of your data — be it creating models with high production accuracy, testing hypotheses, or learning generalizable insights.
Cyber-defense training
I provide expert training on how to keep yourself, your employees, and others in your organization safe and secure online, even for those with little background knowledge.
Expert witnessing
I provide expert opinions for litigation involving online safety, digital privacy or cybersecurity violations that affect consumers.
I give talks to educate audiences about state-of-the-art research in human-centered cybersecurity and privacy.
Other services
I am open to more general inquiries. Assuming I have the skillset you are looking for, and that what you are asking accords with my personal values, we may still be a good fit.


Need more information about me and my background before you decide? Here’s a brief bio.

You can also just send me a direct email if you prefer.

Why Hire Me?

There’s an old quip: “Those who can’t do, teach!” Another one goes: “Those who can’t do, consult!”

So where does that leave me as a professor who consults?

Look, these things are always awkward. In an ideal world, I wouldn’t have to write any of this. But c’est la vie.

The fact of the matter is that while I am an experienced consultant for companies ranging from tiny start-ups to large consumer-facing tech companies (e.g., Facebook), I spend the vast majority of my time “do”-ing: i.e., advancing the state-of-the-art in human knowledge in the disciplines in which I specialize — human-centered cybersecurity and privacy. That means that much of the knowledge you get from me is coming from the the person who discovered that knowledge — I’m not a mouthpiece for a book I read in a course. I’m the one writing the book (or the papers that those books cite).

I also know what it’s like to own a project from end-to-end. Much of my research is in designing consumer-facing cybersecurity and privacy systems. This means everything from ideation, to design iteration, to implementation, to user evaluation, to deployment — I have owned and done all of it, many times over for many different projects. When I worked at Facebook, I wrote code that ran on billions of people’s web browsers and phones — all for a project that I ultimately owned and for which I was responsible. That gives me perspective that it’s hard to have as a full-time consultant.

Hire me if you need deep expertise; the sort of deep expertise that one can only develop spending 10+ years doing research that expands the frontiers of human knowledge.


I am an experienced public speaker; my talks center around my research on human-centered cybersecurity and privacy. I have given over two-dozen technical presentations across academia, industry and government. If you would like me to give a talk at your event, please contact me with details. Below are a few of the talks I’ve given in the past few years.

RSA Conference — Asia Pacific & Japan 2020


USENIX Enigma 2018