Education

Ph.D. Computer Science, 10/2007
University of Cambridge, United Kingdom
Adviser: Dr. Ross Anderson
Primary Funding: Marshall Scholarship

M.Sc. in International Relations with Merit, 12/2003
London School of Economics, London, United Kingdom
Primary funding: Marshall Scholarship

B.S. in Computer Science, 12/2000
Georgia Institute of Technology Atlanta, Georgia, USA
Highest Honors — GPA 3.9/4.0
Certificates in History, Music, and Business Spanish
Primary funding: President’s Scholarship

Employment

MIT Lincoln Laboratory, Information Systems Technology Group
05/2006 – 06/2007 Research Sub-Contractor
09/2005 – 04/2006 Associate Technical Staff
Boston, Massachusetts, USA

  • Researched the economic, business, political, and technical challenges to the deployment of security upgrades to the Internet’s infrastructure: e.g. the DNS security protocol (DNSSEC).
  • Worked with team to design and implement usability study of web browsers’ HTTPS interfaces.
  • Investigated effect of study design on participants’ behavior in security usability studies.

Merrill Lynch, 06/2005 – 09/2005
Summer Analyst, Information Security & Privacy
London, United Kingdom

  • Assisted forensics investigations; gained exposure to EnCase, an industry-standard forensics tool.
  • Utilized a new, firm-wide security policy to create a risk-assessment questionnaire for developers.
  • Wrote Perl scripts to automate forensics tasks, saving the firm over two person-hours per case.

Keio University, 04/2005 – 05/2005
Research Assistant, Graduate School of Media and Governance
Cambridge, United Kingdom

  • Provided background research for a case study comparing the US and Japan.
  • Investigated the underlying physical, logical, and regulatory characteristics of telecom networks.

Georgia Institute of Technology, 07/2001 – 07/2002
Research Scientist I, College of Computing
Atlanta, Georgia, USA

  • Joint position: both information security research and applied operations work.
  • Implemented both host and network intrusion detection systems; initiated regular network scanning.
  • Operational responsibility for the security of the College’s systems and networks.
  • Added and maintained encrypted network services.
  • Researched international cooperation issues with respect to information security.

Nortel Networks, 01/1998 – 03/1999
Software Engineer (Co-op)
Atlanta, Georgia, USA

  • Improved a call center management project as part of a nine person team.
  • Participated in all parts of the design process: worked with customers to develop requirements, designed architecture, coded features, conducted code reviews, and wrote user manual entries.
  • Received a Peer Quality Award, an honor normally reserved for full-time employees.

Honors

  • Marshall Scholar
  • UK Overseas Research Student Award
  • Leslie Wilson Research Scholar, Magdalene College, Cambridge
  • GT Alumni Association Student Leadership Award
  • Georgia Tech President’s Scholar
  • Omicron Delta Kappa Leadership Honorary
  • National Merit Scholar
  • Tandy Technology Scholar

Publications

Andy Ozment. “Improving Vulnerability Discovery Models: Problems with Definitions and Assumptions.” In the proceedings of the Third Workshop on Quality of Protection (QoP’07). October 29, 2007: Alexandria, VA, USA.

Ross Anderson, Tyler Moore, Shishir Nagaraja, and Andy Ozment. “Incentives and Information Security in Networks.” In Algorithmic Game Theory. Edited by Noam Nisan, Tim Roughgarden, Eva Tardos, and Vijay Vazirani. Cambridge University Press. To be published in October 2007.

Stuart E. Schechter, Rachna Dhamija, Andy Ozment, and Ian Fischer. “The Emperor’s New Security Indicators: An Evaluation of Website Authentication and the Effect of Role Playing on Usability Studies.” In the proceedings of the 2007 IEEE Symposium on Security and Privacy. May 20 – 23, 2007: Oakland, CA, USA.

Andy Ozment and Stuart E. Schechter. “Milk or Wine: Does Software Security Improve with Age?” In the proceedings of the Fifteenth Usenix Security Symposium. July 31 – August 4 2006: Vancouver, BC, Canada.

Andy Ozment and Stuart E. Schechter. “Bootstrapping the Adoption of Internet Security Protocols.” Presented at the Fifth Workshop on the Economics of Information Security (WEIS). June 26-28 2006: Cambridge, UK.

Andy Ozment, Stuart E. Schechter, and Rachna Dhamija. “Web Sites Should Not Need to Rely On Users to Secure Communications.” Presented at the W3C Workshop on Transparency and Usability of Web Authentication. March 15-16, 2006: New York, NY, USA.

Andy Ozment. “Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models.” In the proceedings of the First Workshop on Quality of Protection (QoP). September 15, 2005: Milan, Italy.

Andy Ozment. “The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting.” Presented at the Fourth Workshop on the Economics of Information Security (WEIS). June 2-3, 2005: Cambridge, MA, USA.

Andy Ozment. “Bug Auctions: Vulnerability Markets Reconsidered.” Presented at the Third Workshop on the Economics of Information Security (WEIS). May 13-14, 2004: Minneapolis, MN, USA.

Rupert Gatti, Stephen Lewis, Andy Ozment, Thierry Rayna, and Andrei Serjantov. “Sufficiently Secure Peer-to-Peer Networks.” Presented at the Third Workshop on the Economics of Information Security (WEIS). May 13-14, 2004: Minneapolis, MN, USA.

Seymour E. Goodman, Pamela Hassebroek, Davis King, and Andy Ozment. “International Coordination to Increase the Security of Critical Network Infrastructures.” Journal of Information Warfare. ISSN: 1445-3312. 2:2:72-87. 2003.

Andy Ozment, Alison Smith, and Wendy Newstetter. “Causes for Cheating: Unclear Expectations in the Classroom.” In the proceedings of the 2000 ASEE Annual Conference and Exposition. June 2000: St Louis, MO, USA.