Sid is Professor of Computer Science and Software Engineering at Rose-Hulman Institute of Technology, where he studies and teaches security, privacy, computer forensics, and computer systems. He has established most of the security and privacy offerings at Rose-Hulman and focuses on tracking, protection measures, web security policy, and data privacy. Formerly principal engineer at Mozilla, Sid designed and implemented many of the security and privacy-related features on the web including Strict Transport Security, Do Not Track (may it rest in peace) and Content Security Policy; he always enjoys hacking on open source projects. Sid has published numerous papers on privacy, security, and CS education, and holds a Ph.D. in Computer Science from Indiana University. When he's not in front of a computer, he's usually at the controls of an airplane or underneath a leaky, broken car with a wrench.
Ever since I can remember I've liked tinkering with things -- taking them apart, seeing how they work, changing them a little and seeing if I can put them back together. When I was a kid, I constructed a makeshift sail that can be attached to roller skates and used it to accelerate down a hill in a church parking lot, putting many cars at risk of kid-shaped dents. I am tropically inclined (I like sandy beaches), and am often motivated by the concept of a vacation, a deadline, or the possibility of competition.
When I was 13, I took a summer job at a large telephone company and learned a little bit about IT infrastructure. I got an "in" with my local Telco technicians and learned how to wire POTS, T1 lines, and experimented with a brand new technology called "ISDN". For some odd reason, I have a memory of hanging out with my Mom and a few telco execs who were talking about this thing called "xDSL" that would be the wave of the future. I just laughed because I was so amazed by ISDN, I couldn't imagine yet another new digital link would come out so soon. After all, weren't we supposed to get fiber lines?
At this point in my life, I was interested in social deviants (ahem, Hackers and Phreaks) and how they came up with crazy stuff like blue boxes. In a sad attempt to become an electrical genius (taking apart a handheld TV with hopes of making a Van Eck device) I burned myself with hot solder. My interests quickly shifted to social engineering.
In college, I gave up on my goals of becoming a security expert and decided to become the best damn programmer I could. This is where I met a security guru who, when asked how he became so accomplished, gave me the best advice for an aspiring anything: "Read and try everything you can. If you spend enough time on something, you'll end up an expert." I didn't believe him -- he seemed to know things that only come with talent. Little did I know, he was right.
I went off to grad school in hopes of figuring out what I wanted to do (I was more-or-less scared of the real world, after having worked internships at many companies). I dabbled in this and that, started focusing on programming languages, then the school started hiring Security faculty. I quickly reverted back to my old interests.
Research: I'm currently researching socio-technical security problems in the (dismal) world wide web, and more generally, the Internet. Created as an information sharing tool, it is now a humongous Metaverse where people get lost and swindled. My interests are both in the arena of exploiting Internet technologies and also fixing them. My Ph.D. dissertation was a whack at understanding problems with web technologies at a fundamental level, and fixing many various problems with a big stick.
I've played with mobile devices (like the iPhone) and wifi routers (the kind you use to make your home Broadband Internet connection more usable) and created a proof-of-concept hack that indirectly makes a router a man-in-the-middle to enable Pharming. Some work I've done involves Invasive Browser Sniffing whereby a website can learn about your browser history using some CSS tricks. My grad school advisor and I also developed some countermeasures to this "problem" that can be deployed by worried website owners who want to protect their customers.
I teach things like computer architecture, digital forensics, privacy, and security at Rose-Hulman. I was one of the main developers on Content Security Policy in Firefox where I was a Principal Engineer, and am always searching for ways to better secure the web and keep your data safe.