Carnegie Mellon University

women in cybersecurity

April 01, 2019

Cybersecurity stars

By Jason Maderer

At a university internationally recognized as one of the best for security and privacy research, three groups have made the field their primary focus.

CyLab is Carnegie Mellon University's security and privacy research institute.

The CERT Division within CMU's Software Engineering Institute develops cybersecurity technology on behalf of the Department of Defense.

And the university's Information Networking Institute (INI) has taken the lead in educating and developing cybersecurity professionals via master's degree programs since launching one of the nation's first security degrees in 2003.

According to most estimates, women constitute less than 20 percent of America's cybersecurity workforce. But at CMU, all three divisions — CyLab, CERT and INI — are run by women. In fact, so is the university's information security team.

"Having worked with each of these women, I know they are the best in the field," said Bobbie Stempfley, director of the CERT Division. "Not the best women in our field. They're the best in the field."

Together, this quartet says Carnegie Mellon's culture is the reason they find themselves atop positions within a male-dominated digital world.

"Our university has historically done so much to attract and develop women in computing and engineering," said Dena Haritos Tsamitis, who directs INI and is a founding director of CyLab. "I continue to see it when I read admissions essays for our program. Women applicants recognize the work we have done to create a culture of inclusion and consistently tell us, ‘we want to be part of that at CMU.'"

CyLab's Lorrie Cranor and Chief Information Security Officer Mary Ann Blair complete Carnegie Mellon's Mt. Rushmore of privacy and security.

But they aren't the only women reshaping the field and industry. Below are some of CMU's security stars. View the complete list of experts here.


To use Giulia Fanti's words, blockchains are a technique for storing data among multiple parties that don't trust each other. For example, they can be used by companies to process financial transactions, keeping accounts safe and protected as they pass through multiple systems. Fanti is interested in designing scalable blockchains that account for resource constraints in the network and in individual devices. Her work ranges from protecting users' privacy to building faster consensus algorithms.

"Blockchain is an exciting field because everything is so new. The opportunity to find security gaps in existing systems is relatively common because the technology is still emerging. Being in this field also gives us a chance to create new systems that could potentially be adopted by the corporate global community. It's an exciting time to be a blockchain researcher."


(not pictured in group photo)

The "Internet of Things" (IoT) is poised to change the world we know, even if we’re not sure of all IoT’s future applications. It already has changed Limin Jia’s research focus. She constantly is trying to determine if the software we use, including mobile apps and web applications, are secure. One of Jia’s projects focuses on how people will use IoT and face the quirks it will bring.

"People like to think using services like IFTTT (if this, then that) to connect IoT with web services will be nice and convenient. For instance, if you’re on vacation and tell Flickr to immediately post when you snap a photo, it makes sharing with friends a one-step process. But what about when you come home, apply for a visa and take a picture of your passport? If you’ve forgotten to turn off the app, you have a privacy invasion.

I’m looking at these new computing infrastructures, trying to find security flaws before they become unexpected consequences. We need to think about these issues before they arrive."