Selected writings

I direct the SPUD (Security, Privacy, Usability and Design) Lab at Georgia Tech — and not just because I like potatoes. Our rallying call: How can we design systems that encourage better cybersecur...

If you’d rather watch a video with all this content, watch the Crash Course Computer Science — Cybersecurity episode that I helped write, largely based on this post. You probably know a thing or t...

It shouldn’t have to be this way, but the burden of protecting your privacy as you browse the web is your own. I do what I can in my research and consulting to advocate for systemic change in desig...

In 2015, there was a mass shooting in San Bernardino, California, claiming the lives of 16 (including the two perpetrators) and injuring 24 others. The incident was a terrorist attack, and a traged...

Like most who entered college in the mid-aughts, I was taken by Facebook. It had a sleek interface. All my friends from high school and college were on it, being super cool with edgy profile pics. ...

It’s no secret that many people shirk expert-recommended privacy and security advice. For example, experts commonly recommend the enabling of two-factor authentication for important accounts (e.g.,...

Recently, a colleague forwarded me a request from a journalist at the Korea Times asking about how using server name identification (SNI) to block website requests could constitute a privacy violat...

For much of the developed world, the near future of IoT promises a fully connected and interactive physical environment. Smart home appliances (e.g., the Nest thermostat, smart fridges), AI assista...

Take a step back, and ask yourself: What are the largest societal problems that relate to cybersecurity today? Depending on your background, you may come with very different answers. Computer secu...