|Pedro G. Leon
EPP - CMU
PEDRO GIOVANNI LEON
Ph.D. in Engineering and Public Policy (EPP)
M.S. Information Security Technology and Management
B.S. Telecommunication Engineering (Graduated with Honors)
Designing transparency policies that encourage financial competition and effectively communicate financial information relavant for decision making to consumers.
Working on a multi-institution and multi-disciplinary project that aims to improve transparency of websites' privacy policies. The project has three related goals: 1) To provide Internet users with relevant information and tools to make privacy decisions as they navigate the web; 2) To inform policy makers about the effectiveness of notice and choice in the contexts of websites' privacy policies, providing recommendations to improve the design of policies that aim to protect users' personal data; and 3) To incentivize websites and online companies to follow more privacy-protective practices.
Performed statistical analysis on survey data to understand contextual determinants of Internet users' privacy preferences. Final report available here
Developed an Information Security Measurement Framework to evaluate the level of security of information systems considering technical, operational and organizational aspects.
IT Senior Auditor
Developed the IT Audit annual plan
Planned and developed risk based audits focused on sensitive and core business areas
Implemented IT audit methodologies based on industry's best practices, frameworks and information security standards, e.g. NIST, Cobit, ISO 17799
Researched information security and management best practices in systems development, net- work, operating systems and databases security
Evaluated Disaster Recovery and Business Continuity plans
Supervised compliance with internal regulations on IT operations
Planned, implemented and managed the first converged network at the Bank (voice and data)
Administered PBX, telephone accounting, billing and recording systems
Managed Wireless, LAN, WAN, VPN networks and IVR systems
Designed structured cabling systems
PARTICIPATION IN TECHNOLOGY POLICY EVENTS (Selected list)
The Research Conference on Communications, Information, and Internet Policy. George Mason University School of Law. September 2014.
Privacy Law Scholars Conference. George Washington University Law School. June 2014.
Privacy Law Scholars Conference. Berkeley Center for Law and Technology. June 2013.
W3C Workshop: Do Not Track and Beyond. UC Berkeley. November 2012.
Privacy Papers For Policy Makers. Future of Privacy Forum. November 2012.
The Second Wave of Global Privacy Protection. Ohio State Law Journal. November 2012.
Privacy Law Scholars Conference. George Washington University Law School. June 2012.
Computers, Freedom, and Privacy . Georgetown University Law Center. June 2011.
Carnegie Mellon University. Bertucci Graduate Fellowship 2014.
Best Paper Honorable Mention at the Association for Computing Machinery (ACM) Conference on Computer-Human Interactions. May 2012.
Leading Paper and Notable Mention awards at the Privacy Papers For Policy Makers showcase. July 2012.
Carnegie Mellon University. CIT Dean's Fellowship 2010-2011
Awarded a scholarship by the National Council of Science and Technology (Mexican government) to pursue a Ph.D degree at CMU. 2010-2014
Winner of the Computers, Freedom, and Privacy (CFP) Conference Research Poster Session. June 2011
Awarded a scholarship by the Central Bank of Mexico to pursue a Masters degree at CMU. 2008-10
Awarded a scholarship by the National Council of Science and Technology (Mexican government) to pursue a masters degree at CMU. 2008-10
Awarded a scholarship by the UNAM for having an outstanding thesis project. 2002-03
Awarded a scholarship by the SEDESOL Foundation for academic achievements. 1998-2002
Awarded a scholarship by the INTTELMEX Foundation for academic achievements. 2000-01
L. F. Cranor, C. Hoke, P. G. Leon and A. Au. Are They Worth Reading? An In-Depth Analysis of Online Trackers' Privacy Policies I/S: Journal of Law and Policy for the Information Society. Forthcoming Spring 2015.
L. F. Cranor, P. G. Leon, and B. Ur. A Large-Scale Evaluation of U.S. Financial Institutions Standardized Privacy Notices Submitted to the Journal of Legal Studies. (Under Review).
Y. Wang, P. G. Leon, A. Forget, A. Acquisti, L. F. Cranor, and N. Sadeh. A Field Trial of Privacy Nudges for Facebook. Conference on Human Factors in Computing Systems (CHI). May 2014.
P. G. Leon, B. Ur, Y. Wang, M. Sleeper, R. Balebako, R. Shay, L. Bauer, M. Christodorescu, and L. F. Cranor. What Matters to Users? Factors that Affect Users' Willingness to share Information with Online Advertisers. Symposium on Usable Privacy and Security (SOUPS). July 2013.
Y. Wang, P. G. Leon, Xiaoxuan Chen, A. Acquisti, L. F. Cranor, and N. Sadeh. Privacy Nudges for Social Media: An Exploratory Study. Worskshop on Privacy and Security on Online Social Media (PSOSM). May 2013.
L. F. Cranor, K. Idouchi, P. G. Leon, M. Sleeper, and B. Ur. Are They Actually Any Different? Comparing Thousands of Financial Institutions' Privacy Practices. Workshop on Economics of Information Security (WEIS). June 2013.
P. G. Leon, J. Cranshaw, L. F. Cranor, J. Graves, M. Hastak, B. Ur, and G. Xu.
What Do Online Behavioral Advertising Privacy Disclosures Communicate to Users?
Workshop on Privacy in the Electronic Society (WPES). October 2012.
B. Ur, P. G. Leon, L. F. Cranor, R. Shay, and Y. Wang.
Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising.
Symposium on Usable Privacy and Security(SOUPS). July 2012.
P. G. Leon, B. Ur, R. Balebako, L. F. Cranor, R. Shay, and Y. Wang.
Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising.
Best Paper Honorable Mention Award at the Conference on Human Factors in Computing Systems (CHI). May 2012.
P. G. Leon, L. F. Cranor, A.M. McDonald, and R. McGuire.
Attempt: The Misrepresentation of Website Privacy Policies through
the Misuse of P3P Compact Policy Tokens.
Workshop on Privacy in the Electronic Society (WPES). October 2010.
Y. Wang, S. Komanduri, P. G. Leon, G. Norcie, A. Acquisti, L.F. Cranor. I Regretted the Minute I Pressed Share: A Qualitative Study of Regrets on Facebook. Symposium on Usable Privacy and Security (SOUPS). June 2011.
R. H. Balebako, P. G. Leon, Hazim Almuhimedi, Patrick Kelley, Jonathan Mugan, Alessandro Acquisti, Lorrie Cranor, Norman Sadeh Nudging Users Towards Privacy on Mobile Devices Workshop on Persuasion, Influence, Nudge and Coercion (PINC) collocated with the ACM Conference on Computer-Human Interactions. May 2011.
R. Shay, S. Komanduri, P. G. Kelley, P. G. Leon, M. L. Mazurek, L. Bauer, N. Christin and L. F. Cranor. Encountering Stronger Password Requirements: User Attitudes and Behaviors. Symposium on Usable Privacy and Security (SOUPS). June 2010.
Certified Information Privacy Professional (CIPP/US). 2014 - Present.
Certified Information Systems Security Professional (CISSP). 2007 - Present.
Auditing Networks, Perimeters and Systems, SANS Institute, USA, December 2007
Web Applications Security Workshop, SANS Institute, USA, December 2007
Planning, Implementing and Maintaining an Active Directory Infrastructure, Global Knowledge, Mexico, September 2007
Implementing and Managing Microsoft Exchange, Global Knowledge, Mexico, August 2007
IT Audit, Deutsche Bundesbank, Germany, February 2007
Information Security Seminar, ITESM, Mexico, June 2006 - February 2007
Perimeter Protection in Depth, SANS Institute, USA, December 2006
Implementing COBIT 4.0, Cynthus, Mexico, August 2006
Strategic Planning, Central Bank of Mexico, July 2006
Association for Computer Machinery (ACM) member
UNAM, School of Engineering Alumni Association member
International Information Systems Security Certification Consortium (ISC)2 member
International Association of Privacy Professionals (IAPP) member
Operating systems: Windows XP, Vista, and 7. Windows Server, Ubuntu, MAC OS.
Network Infrastructure: Switches, Routers, Firewalls, IDS, IP-PBX.
Specialized software: Wireshark, TCP dump, R, STATA, Latex.
Other Languages: Spanish (Mother tongue); French (Conversational, DELF 1st grade certificate awarded).
WORK MENTIONED ON THE MEDIA
A Loophole Big Enough for a Cookie to Fit Through. The New York Times.
The Default Choice, So Hard to Resist. The New York Times
As more advertisers monitor every click of your mouse, should someone monitor the monitoring?. Pittsburgh Post-Gazette
Major sites are violating consumers privacy preferences, says a new study. Internet Retailer
Token Attempt: The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens. PogoWasRight.Org Privacy News From Around The Globe
Class Action Suit Claims Amazon Circumvented Privacy Settings. The Secure Times
Report: Opt-Out Tools Not User Friendly. International Association of Privacy Professionals (IAPP)