Christopher Soghoian
csoghoian @ gmail . com
Education: August 2006 - present
School of Informatics, Indiana University, Bloomington, IN, USA
Degree in Progress: PhD in Informatics, focus in cyber security, minor in law.

September 2003 - May 2005
Information Security Institute, The Johns Hopkins University, Baltimore, MD, USA
Degree: M.S. Security Informatics.

August 1999 - May 2002
James Madison University, Harrisonburg, Virginia, USA
Degree: B.S. Computer Science
Work
Experience:		 September 2008 - present
Student Fellow
Berkman Center For Internet And Society, Harvard University, Boston, MA, USA
  • Studying, documenting and analyzing surveillance around the world as part of a MacArthur Foundation funded project.
  • Worked with the Harvard cyber-law clinic to write and file a request for an exemption to the Digitial Millennium Copyright Act's anti-circumvention prohibitions.
September 2007 - March 2009
Blogger (Independent Contractor)
CNET Networks/CBS Interactive, San Francisco, California.
  • Wrote a regular, widely-read weblog column on security, privacy, cyber-law and policy related topics.
  • Regularly reached traffic numbers of 100,000+ unique visitors per month.
    •
May 2008 - July 2008
Policy Intern
American Civil Liberties Union of Northern California, San Francisco, CA, USA.
  • Worked on a civil liberties and privacy educational document for start-up companies.
  • Researched, wrote and edited white papers on privacy issues in cloud computing, mobile location privacy, online photo sharing and other Web 2.0 technologies.
  • Wrote blog posts for the ACLU of Northern California Technology blog.
February 2008 - June 2008
Technology Policy Fellow
Electronic Privacy Information Center, Washington, DC, USA.
  • Conducted public advocacy, research, and policy work related to privacy risks on social networks.
    •
May 2007 - July 2007
Internship
DoCoMo Communications Laboratories Europe, Munich, Germany.
  • Researched methods for remotely fingerprinting wireless devices.
  • Invented, designed and implemented a secure and privacy preserving electronic payment system that permits third party delegation.
  • Invention submitted to European Patent Office.
    •
June 2006 - November 2006
Internship
Application Security Group, Google, Mountain View, California, USA.
  • Invented and designed a new anti-phishing tool. Submitted to US Patent Office.
  • Invented and designed a new model for mobile-phone based account verification. Submitted to US Patent Office.
  • Performed forensic analysis / reverse engineering on malicious software that threatened the company's advertising system through click fraud.
  • Studied log data to try and predict per-ip click-fraud via other indicators of malicious network activity (email spam, denial of service, etc).
  • Studied click-fraud from a game theoretic/incentive based perspective.
June 2005 - August 2005
Internship
Security Technology Group, Apple Computer, Cupertino, California, USA.
  • Proactively audited major OS components. Discovered a significant network-exploitable vulnerability, which was reported and escalated to the responsible developers.
  • Designed, developed and deployed a secure, fault tolerant and tamper evident logging infrastructure spread across multiple data-centers.
  • Designed, developed and optimized high-load network surveillance systems.
  • Worked on high-speed port scanning code for use on extremely large networks.
  • Developed tools to automate the forensic-evidence gathering process.
 May 2004 - August 2004
Internship
Global Security Analysis Lab, IBM Research, Zurich, Switzerland.
  • Research focused on Intrusion Prevention Systems.
  • Invented, designed and patented a 0-day virus/worm defense technique based on virtual machines.
  • Researched methods of intelligently responding to security attacks.
 July 2002 - August 2003
Unix System Administrator/Security Analyst
Ubizen -> Cybertrust -> Verizon Business, Leuven, Belgium.
  • Analysed suspect packets flagged by intrusion detection systems on clients networks for possible security issues.
  • Designed and created an easily configurable and robust multi-system monitor for a diverse network of 300+ hosts.
  • Detected and worked to eliminate bottlenecks in mission-critical applications used by the operations team.
Scholarships and Awards: Institute For Humane Studies: Humane Studies Fellowship. Awarded 2008.
America's Future Foundation College Blogger Contest. Third place, 2008.
Institute For Humane Studies: Hayek Fund Grant. Awarded 2007.
Hispanic College Fund: Google Graduate Scholarship. Awarded 2006, 2007.
GEM Graduate Engineering Fellowship. Awarded 2005.
Privacy Enhancing Technologies Symposium Stipend. Awarded 2005, 2006, 2007.
Half-tuition Scholarship, JHU Information Security Institute. Awarded 2003.
Usenix Security Student Stipend. Awarded 2003.
Publications:
Markus Jakobsson and Christopher Soghoian, The Human Factor in Phishing, Under Submission.

Christopher Soghoian and Imad Aad, Secure and Privacy Preserving Delegated Payments, Under Submission.

Christopher Soghoian, Legal Risks For Phishing Researchers, The Third Anti-Phishing Working Group eCrime Researchers Summit, October 2008.

Christopher Soghoian, Oliver Friedrichs and Markus Jakobsson, The Threat of Political Phishing, The International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), July 2008.

Christopher Soghoian, Caveat Venditor: Technologically Protected Subsidized Goods and the Customers Who Hack Them. Northwestern Journal of Technology and Intellectual Property, Fall 2007.

Christopher Soghoian, Insecure Flight: Broken Boarding Passes and Ineffective Terrorist Watch Lists. First IFIP WG 11.6 working conference on Policies & Research in Identity Management (IDMAN 07), October 2007.

Christopher Soghoian, The Problem of Anonymous Vanity Searches. I/S: A Journal of Law and Policy for the Information Society, Winter 2007.

Patents: A Method or Apparatus for Managing a Server Process in a Computer System, A. Garg, K. Julisch, C. Soghoian, A. Tanner. IBM Research Zurich. (Pending)
User Activity Modeling For Account Authentication, C. Soghoian, E. Berls. Google. (Pending)
Anti-Phishing System and Method, C. Soghoian, K. Caine. Google. (Pending)
A Method For Secure and Privacy Preserving Delegated Payments, C. Soghoian, I. Aad. DoCoMo Euro Labs. (Pending)
Method And Apparatus For Mutual Authentication Using Small Payments, C. Soghoian, M. Jakobsson. Palo Alto Research Labs. (Pending)
Method And Apparatus For Throttling Access Using Small Payments, C. Soghoian, M. Jakobsson. Palo Alto Research Labs. (Pending)