Pedro G. Leon
EPP - CMU

Bio
English Español


Home

Bio/CV

Research

Business

Photos

Blog



PEDRO GIOVANNI LEON

EDUCATION

Ph.D. in Engineering and Public Policy (EPP)
Carnegie Mellon University, Pittsburgh, PA
Period: August 2010 - September 2014.
Field of study: Internet Privacy and Security.
Relevant coursework on technology policy: Theory and Practice of Policy Analysis, Quantitative Methods for Policy Analysis, Applied Data Analysis, Experimental Design for Behavioral and Social Sciences, and Privacy, Policy, Law and Technology.

M.S. Information Security Technology and Management
Carnegie Mellon University, Pittsburgh, PA
Period: August 2008 - May 2010.
GPA: 3.81
Relevant coursework on Internet security and technology policy: Computer security, Information Security Risk Policy and Management, Information Security Risk Analysis, Network Security, Cyber-security and the Future of the Internet, Economic Analysis, and Decision Making Under Uncertainty,.

B.S. Telecommunication Engineering (Graduated with Honors)
Universidad Nacional Autónoma de México, School of Engineering, Mexico.
Period: August 1998 - July 2003.
GPA: 9.65/10

PROFESSIONAL EXPERIENCE

Financial Researcher
Central Bank of Mexico (Banco de México). October 2015 - Present.

Designing transparency policies that encourage financial competition and effectively communicate financial information relavant for decision making to consumers.

Privacy Fellow
Stanford's Center for Internet and Society. Stanford, CA. September 2014 - September 2015.

Working on a multi-institution and multi-disciplinary project that aims to improve transparency of websites' privacy policies. The project has three related goals: 1) To provide Internet users with relevant information and tools to make privacy decisions as they navigate the web; 2) To inform policy makers about the effectiveness of notice and choice in the contexts of websites' privacy policies, providing recommendations to improve the design of policies that aim to protect users' personal data; and 3) To incentivize websites and online companies to follow more privacy-protective practices.

Research Intern
Microsoft Research. Redmond, WA. June - September 2013.

Performed statistical analysis on survey data to understand contextual determinants of Internet users' privacy preferences. Final report available here

Graduate Intern
SETLabs, Infosys Technologies LTD. India. May - August 2009.

Developed an Information Security Measurement Framework to evaluate the level of security of information systems considering technical, operational and organizational aspects.

IT Senior Auditor
IT Audit Department, Central Bank of Mexico (Banco de México). February 2006 - July 2008.

Developed the IT Audit annual plan

Planned and developed risk based audits focused on sensitive and core business areas

Implemented IT audit methodologies based on industry's best practices, frameworks and information security standards, e.g. NIST, Cobit, ISO 17799

Researched information security and management best practices in systems development, net- work, operating systems and databases security

Evaluated Disaster Recovery and Business Continuity plans

Supervised compliance with internal regulations on IT operations

Telecommunications Engineer
IT Department, Central Bank of Mexico (Banco de México). September 2003 - February 2006.

Planned, implemented and managed the first converged network at the Bank (voice and data)

Administered PBX, telephone accounting, billing and recording systems

Managed Wireless, LAN, WAN, VPN networks and IVR systems

Designed structured cabling systems

ACADEMIC EXPERIENCE

Teaching Assistant
Carnegie Mellon University, Department of Engineering and Public Policy,
January - MAY 2012.
Course: Emergency Messaging with Social Media

Teaching Assistant
Carnegie Mellon University, Department of Engineering and Public Policy,
August - December 2009.
Course: Telecomunications

Research Assistant
Universidad Nacional Autónoma de México, School of Engineering.
September 2002 - July 2003.
Area: Adaptive filtering for digital communications

PARTICIPATION IN TECHNOLOGY POLICY EVENTS (Selected list)

The Research Conference on Communications, Information, and Internet Policy. George Mason University School of Law. September 2014.

Privacy Law Scholars Conference. George Washington University Law School. June 2014.

Privacy Law Scholars Conference. Berkeley Center for Law and Technology. June 2013.

W3C Workshop: Do Not Track and Beyond. UC Berkeley. November 2012.

Privacy Papers For Policy Makers. Future of Privacy Forum. November 2012.

The Second Wave of Global Privacy Protection. Ohio State Law Journal. November 2012.

Privacy Law Scholars Conference. George Washington University Law School. June 2012.

Computers, Freedom, and Privacy . Georgetown University Law Center. June 2011.

AWARDS

Carnegie Mellon University. Bertucci Graduate Fellowship 2014.

Best Paper Honorable Mention at the Association for Computing Machinery (ACM) Conference on Computer-Human Interactions. May 2012.

Leading Paper and Notable Mention awards at the Privacy Papers For Policy Makers showcase. July 2012.

Carnegie Mellon University. CIT Dean's Fellowship 2010-2011

Awarded a scholarship by the National Council of Science and Technology (Mexican government) to pursue a Ph.D degree at CMU. 2010-2014

Winner of the Computers, Freedom, and Privacy (CFP) Conference Research Poster Session. June 2011

Awarded a scholarship by the Central Bank of Mexico to pursue a Masters degree at CMU. 2008-10

Awarded a scholarship by the National Council of Science and Technology (Mexican government) to pursue a masters degree at CMU. 2008-10

Awarded a scholarship by the UNAM for having an outstanding thesis project. 2002-03

Awarded a scholarship by the SEDESOL Foundation for academic achievements. 1998-2002

Awarded a scholarship by the INTTELMEX Foundation for academic achievements. 2000-01

PUBLICATIONS

Publications:

L. F. Cranor, C. Hoke, P. G. Leon and A. Au. Are They Worth Reading? An In-Depth Analysis of Online Trackers' Privacy Policies I/S: Journal of Law and Policy for the Information Society. Forthcoming Spring 2015.

L. F. Cranor, P. G. Leon, and B. Ur. A Large-Scale Evaluation of U.S. Financial Institutions Standardized Privacy Notices Submitted to the Journal of Legal Studies. (Under Review).

Y. Wang, P. G. Leon, A. Forget, A. Acquisti, L. F. Cranor, and N. Sadeh. A Field Trial of Privacy Nudges for Facebook. Conference on Human Factors in Computing Systems (CHI). May 2014.

P. G. Leon, B. Ur, Y. Wang, M. Sleeper, R. Balebako, R. Shay, L. Bauer, M. Christodorescu, and L. F. Cranor. What Matters to Users? Factors that Affect Users' Willingness to share Information with Online Advertisers. Symposium on Usable Privacy and Security (SOUPS). July 2013.

Y. Wang, P. G. Leon, Xiaoxuan Chen, A. Acquisti, L. F. Cranor, and N. Sadeh. Privacy Nudges for Social Media: An Exploratory Study. Worskshop on Privacy and Security on Online Social Media (PSOSM). May 2013.

L. F. Cranor, K. Idouchi, P. G. Leon, M. Sleeper, and B. Ur. Are They Actually Any Different? Comparing Thousands of Financial Institutions' Privacy Practices. Workshop on Economics of Information Security (WEIS). June 2013.

P. G. Leon, J. Cranshaw, L. F. Cranor, J. Graves, M. Hastak, B. Ur, and G. Xu. What Do Online Behavioral Advertising Privacy Disclosures Communicate to Users? Workshop on Privacy in the Electronic Society (WPES). October 2012.
Extended version available as CyLab tech report

B. Ur, P. G. Leon, L. F. Cranor, R. Shay, and Y. Wang. Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising. Symposium on Usable Privacy and Security(SOUPS). July 2012.
Extended version available as CyLab tech report

P. G. Leon, B. Ur, R. Balebako, L. F. Cranor, R. Shay, and Y. Wang. Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising. Best Paper Honorable Mention Award at the Conference on Human Factors in Computing Systems (CHI). May 2012.
Extended version available as CyLab tech report

P. G. Leon, L. F. Cranor, A.M. McDonald, and R. McGuire. Token Attempt: The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens. Workshop on Privacy in the Electronic Society (WPES). October 2010.
Extended version available as CyLab tech report

Y. Wang, S. Komanduri, P. G. Leon, G. Norcie, A. Acquisti, L.F. Cranor. I Regretted the Minute I Pressed Share: A Qualitative Study of Regrets on Facebook. Symposium on Usable Privacy and Security (SOUPS). June 2011.

R. H. Balebako, P. G. Leon, Hazim Almuhimedi, Patrick Kelley, Jonathan Mugan, Alessandro Acquisti, Lorrie Cranor, Norman Sadeh Nudging Users Towards Privacy on Mobile Devices Workshop on Persuasion, Influence, Nudge and Coercion (PINC) collocated with the ACM Conference on Computer-Human Interactions. May 2011.

R. Shay, S. Komanduri, P. G. Kelley, P. G. Leon, M. L. Mazurek, L. Bauer, N. Christin and L. F. Cranor. Encountering Stronger Password Requirements: User Attitudes and Behaviors. Symposium on Usable Privacy and Security (SOUPS). June 2010.

PROFESSIONAL TRAINING

Certified Information Privacy Professional (CIPP/US). 2014 - Present.

Certified Information Systems Security Professional (CISSP). 2007 - Present.

Auditing Networks, Perimeters and Systems, SANS Institute, USA, December 2007

Web Applications Security Workshop, SANS Institute, USA, December 2007

Planning, Implementing and Maintaining an Active Directory Infrastructure, Global Knowledge, Mexico, September 2007

Implementing and Managing Microsoft Exchange, Global Knowledge, Mexico, August 2007

IT Audit, Deutsche Bundesbank, Germany, February 2007

Information Security Seminar, ITESM, Mexico, June 2006 - February 2007

Perimeter Protection in Depth, SANS Institute, USA, December 2006

Implementing COBIT 4.0, Cynthus, Mexico, August 2006

Strategic Planning, Central Bank of Mexico, July 2006

AFFILIATIONS

Association for Computer Machinery (ACM) member

UNAM, School of Engineering Alumni Association member

International Information Systems Security Certification Consortium (ISC)2 member

International Association of Privacy Professionals (IAPP) member

SKILLS

Programming Languages: C, Matlab, PERL, Basic Java and Javascript.

Operating systems: Windows XP, Vista, and 7. Windows Server, Ubuntu, MAC OS.

Network Infrastructure: Switches, Routers, Firewalls, IDS, IP-PBX.

Specialized software: Wireshark, TCP dump, R, STATA, Latex.

Other Languages: Spanish (Mother tongue); French (Conversational, DELF 1st grade certificate awarded).

WORK MENTIONED ON THE MEDIA

What Chase And Other Banks Won't Tell You About Selling Your Data. Forbes

A Loophole Big Enough for a Cookie to Fit Through. The New York Times.

The Default Choice, So Hard to Resist. The New York Times

As more advertisers monitor every click of your mouse, should someone monitor the monitoring?. Pittsburgh Post-Gazette

Major sites are violating consumers privacy preferences, says a new study. Internet Retailer

Token Attempt: The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens. PogoWasRight.Org Privacy News From Around The Globe

Report Accuses Several Big E-commerce Names of Violating Consumer Privacy E-commerce News

Class Action Suit Claims Amazon Circumvented Privacy Settings. The Secure Times

Not so fast Microsoft! Google fires back at MS privacy claims. ZDNet

Report: Opt-Out Tools Not User Friendly. International Association of Privacy Professionals (IAPP)


 top