CV for Carrie Gates

DR. CARRIE E. GATES

Livermore, CA
(925) 344-1189
carrie.gates@gmail.com

Education

Ph.D. (Computer Science): Faculty of Computer Science, Dalhousie University; Thesis Title: Co-ordinated Port Scans: A Model, A Detector and An Evaluation Methodology; May 2006
M.Sc. (Computing Science): Department of Mathematics and Statistics, Dalhousie University; Thesis Title: The Application of Neural Networks to the Prediction of the Conductivity of Water; May 1995
B.Sc. (Computing Science): Department of Mathematics and Statistics, Dalhousie University; Advanced Major Co-operative Education.; May 1993

Research Experience

CO-FOUNDER and CHIEF TECHNOLOGY OFFICER (CTO): SECURELYTIX, INC.; Newton, MA, United States of America; July 2016 - present; Duties: Drive the technical vision for a new approach to application security that applies anomaly detection and machine learning techniques to process mining via analysis of database calls for SAP. Review product architecture, develop business-relevant use cases and design user interfaces. Understand the security industry landscape and identify opportunities and competitors. Communicate the company’s technical strategy to potential investors and customers.
EXECUTIVE DIRECTOR, SR. DISTINGUISHED ENGINEER and CHIEF SCIENTIST (SECURITY): DELL RESEARCH, DELL INC.; Santa Clara, CA, United States of America; November 2013 - January 2016; Duties: Develop and implement the research strategy for security within Dell by identifying research projects that will result in either new products or market differentiation across all of Dell product areas (software, end user computing, servers, and services). Lead development of a security strategy that represents all security offerings within Dell and provides a vision for future directions. Establish Dell as a thought leader in the security space through presentations, publications and patents. Represent Dell Research to customers, industry analysts, the academic community and the press. Enable technology transfer between academic research and products. Establish and lead a security research team. Act as a mentor to junior staff. My projects have resulted in 11 patent applications, 6 invited presentations, and 1 publication, in addition to external videos, industry analyst discussions and press interviews.
SVP, DISTINGUISHED ENGINEER and DIRECTOR of RESEARCH: CA LABS, CA TECHNOLOGIES; New York, NY, United States of America; April 2006 - November 2013; Duties: Guide the strategic direction for security research within CA Labs. Identify opportunities within the business units at CA that can be transformed into research relationships performed in collaboration with university faculty and students. Perform research that has the potential to impact the strategic direction of CA products and services, with a focus on enterprise-level security. Participate in defining CA's corporate strategy. Represent CA to the academic community via invited talks, conference and journal papers, and participation in conference organizing and program committees. My research projects have resulted in 31 publications, 24 invited talks, 11 panel participations, 19 patents, 1 patent application, and over $1 million in external funding awards.
MEMBER OF THE TECHNICAL STAFF: CERT, SOFTWARE ENGINEERING INSTITUTE, CARNEGIE MELLON UNIVERSITY; Pittsburgh, PA, United States of America; May 2003 - June 2004, November 2004 - April 2006; Duties: Conducted research into network traffic characterization approaches based on logistic regression modeling. Developed a novel scan detection technique based on research results. Led the deployment of production version of tool, which is in operational use at a client site. Performed analysis of large-scale network traffic for anomalous and intrusive behaviour. Investigated new methods for recognizing host-level anomalies using statistical analysis of network traffic. Developed new visualization techniques for monitoring large volumes of flow-level traffic. These projects have resulted in ten publications, four invited talks and one presentation.
VISITING RESEARCHER: IBM; Toronto, Ontario, Canada; May - August, 2001 and 2002, and July - October 2004; Duties: Assisted in the design and development of the access control portion of WebSphere Commerce Suite. Solved migration issues for access control architecture change from versions 5.1 to 5.2. Assisted in designing, developing and testing combined B2B/B2C access control policies. Wrote report on the ease of migration to Java 2 security model. This work resulted in Java code that was released with WebSphere Commerce Suite version 5.2.
SUMMER SCHOLAR: UNIVERSITY OF EDINBURGH; Edinburgh, Scotland; July - September, 1995; Duties: Optimized and parallelized existing FORTRAN code for a lighting design application using radiosity techniques to calculate the amount of radiant energy in an enclosure. This was written for the Summer Scholarship Programme using MPI on a Cray T3D. This work was published as a technical report.

Professional Experience

SYSTEMS MANAGER: DALHOUSIE UNIVERSITY; Halifax, Nova Scotia, Canada; July 1997 - March 2001; Duties: Hired, trained and supervised full-time, part-time and student technical staff. Provided technical services to internal customers (30 faculty and 1000 students) as well as external customers (such as the Lieutenant Governor of Nova Scotia and Global Information Networking Institute). Managed a heterogeneous computing environment (Solaris, AIX, Novell, NT and Mac/OS), including budget preparation, policy formulation and security incident investigation. Worked with law enforcement leading to the apprehension and conviction of a child pornographer. Founded the Learning Centre in 1998 to provide resources for students taking core-curriculum courses; this Centre is still in operation today.
SOFTWARE ENGINEER: CHEBUCTO COMMUNITY NET; Halifax, Nova Scotia, Canada; January - June 1997; Duties: Assisted in developing CSuite version 1.0. Set up the Apache web server including a virtual server and rewrite rules to serve up French documents depending upon language preference. Modified C code for Pine 3.95 and Lynx 2.7 to allow bilingual services and improve functionality.
MANAGER, TECHNICAL SERVICES: ALLIANCE FOR MARINE REMOTE SENSING; Bedford, Nova Scotia, Canada; October 1995 - January 1997; Duties: Performed system administration for a network of Sparc workstations and PCs connected to a Novell server. Created and maintained web pages. Provided technical consulting to AMRS clients. Performed oceanographic research using remote sensing technology via programming in C, FORTRAN and IDL.

Computer Science 695.442 - Intrusion Detection (on-line): JOHNS HOPKINS UNIVERSITY; January - August 2018 (4 terms); Instructor for online graduate level course introducing the topic of intrusion detection (~15 students per term). The course covered both host-based and network-based technologies with a focus on how to evaluate and compare different systems.
Computer Science 4101 - System Administration: COLUMBIA UNIVERSITY; January - May 2008; Sole instructor for a fourth year undergraduate half-course (6 students) covering the basics of systems administration. The focus of the class was on both the technical aspects of systems (using linux) and the managerial aspects of administration. The technical topics covered included scripting, system boot process, user management, file systems, networking, logs, and security. The managerial issues focused on administering large numbers of systems and users, policies, customer care, change management, and ethics.
Computer Science 4170 - Data Communications: DALHOUSIE UNIVERSITY; January - April 2000; Sole instructor for a fourth year undergraduate course (45 students) on data communications, covering transmission basics at the physical layer up to the data link layer and starting on circuit switching and packet switching networks.
Computer Science 1100 - Computer Science I: DALHOUSIE UNIVERSITY; September - December 1997; Taught introductory programming skills to first year university students using Java in a Unix environment in conjunction with another professor (122 students in my section). Responsible for all lectures. Jointly responsible for assignments and exams.
Computer Science 2450 - Computer Organization and Architecture: DALHOUSIE UNIVERSITY; May - June 1997; Primary instructor for a second year university course (15 students) on computer organization and architecture, starting with binary logic, through simple gates, flip-flops and multiplexors to memory and CPU architecture.

M. Bishop, C. Gates and K. Levitt (2018). Arguing for Argumentation in Break the Glass Scenarios. In Proceedings of the 2018 New Security Paradigms Workshop. Windsor, UK. 28-31 August 2018. (To Appear); E. Stobert, R. Biddle and C. Gates (2016). Mobile Device Security: Hopes and Fears. In Passwords 2016. Bochum, Germany. 5-7 December 2016; C. Gates and P. Matthews (2014). Data is the New Currency. In Proceedings of the 2014 New Security Paradigms Workshop. Victoria, Canada. 15-18 September 2014.; C. Gates and P. Matthews (2013). The Internet of Things, CA Technology Exchange 4:3, November 2013.; M. Bishop, K. Butler, C. Gates, S. Greenspan and E. Rine Butler (2013) Forgive and Forget: Return to Obscurity. In Proceedings of the 2013 New Security Paradigms Workshop. Banff, Canada. 9-12 September 2013.; J. Ard, M. Bishop, C. Gates and M.X. Sun (2013) Information Behaving Badly. In Proceedings of the 2013 New Security Paradigms Workshop. Banff, Canada. 9-12 September 2013.; M. MacDonald, C. Gates, T. Taylor, D. Paterson and S. Brooks (2013). Stability Visualizations as a Low-complexity Descriptor of Network Host Behaviour. Procedia Computer Science. 19: 984-991.; C. Gates and S. Engle (2013) Reflecting on Visualization for Cyber Security. In Proceedings of the 2013 IEEE International Conference on Intelligence and Security Informatics (ISI). Seattle, WA. 4-7 June 2013.; Y. Li, A. Somayaji and C. Gates (2013) Fine Grained Access Control Using Email Social Networks. CA Technology Exchange. 4(1): 29-41. January 2013.; M. Bishop, M. Doroud, C. Gates and J. Hunker (2012) Attribution in the Future Internet: The Second Summer of the Sisterhood. In Proceedings of the 11th European Conference on Information Warfare and Security. Laval, France. 5-6 July, 2012.; M. Bishop, C. Gates, P. Yellowlees and G. Silberman (2011) Facebook Goes to the Doctor. In Proceedings of the 2011 Workshop on Governance of Technology, Information, and Policies. Orlando, FL., December 6, 2011.; J. Hunker, C. Gates and M. Bishop (2011) Attribution Requirements for Next Generation Internets. In Proceedings of the 2011 IEEE International Conference on Technologies for Homeland Security. Waltham, MA. November 15-17, 2011.; C. Gates and M. Bishop (2011) One of These Records Is Not Like the Other. In Proceedings of the 3rd Usenix Workshop on the Theory and Practice of Provenance. Crete, Greece. June 20-21, 2011.; S. Laqua, M.A. Sasse, C. Gates, and S. Greenspan (2011) Do you KnowDis? A User Study of Knowledge Discovery Tool for Organizations. In Proceedings of the 2011 ACM CHI Conference on Human Factors in Computing Systems. Vancouver, Canada. May 7-12, 2011.; J. Glanfield, D. Paterson, C. Smith, T. Taylor, S. Brooks, C. Gates, and J. McHugh (2010) FloVis: Leveraging Visualization to Protect Sensitive Network Infrastructure. In Proceedings of the NATO Information Systems Technology Panel Symposium on Information Assurance and Cyber Defense. Tallinn, Estonia. November 22-23, 2010.; S.Brunza, O. McCusker, J. Glanfield, D. Paterson, C. Gates, and J. McHugh (2010) Combining Trust and Behavioral Analysis to Detect Security Threats. In Proceedings of the NATO Information Systems Technology Panel Symposium on Information Assurance and Cyber Defense. Tallinn, Estonia. November 22-23, 2010.; M. Bishop, S. Engle, D. Frincke, C. Gates, F. Greitzer, S. Peisert, and S. Whalen (2010) A Risk Management Approach to the "Insider Threat". In Insider Threats in Cybersecurity — And Beyond. Springer Verlag, Berlin, DE.; C. Gates and M. Bishop (2010) The Security and Privacy Implications of Using Social Networks to Deliver Healthcare. In Proceedings of the 3rd ACM International Conferenc on Pervasive Technologies Related to Assistive Environments (PETRA). Samos, Greece. June 23-25, 2010.; T. Whalen and C. Gates (2010) Watching the watchers: "voluntary monitoring" of Infosec employees. Information Management and Computer Security. Vol. 18. No. 1.; E. Hadar and C. Gates (2009) Cloud Computing Web-Services Offering and IT Management Aspects. In Proceedings of the Cloud Computing Workshop at the International Conference on Object Oriented Programming, Systems, Languages and Applications OOPSLA 2009. Orlando, FL. October 25, 2009.; J. Glanfield, S. Brooks, T. Taylor, D. Paterson, C Smith, C. Gates, J. McHugh (2009) OverFlow: An Overview Visualization for Network Analysis. In Proceedings of the 6th International Workshop on Visualization for Cyber Security. Atlantic City, NJ. October 11, 2009.; M. Bishop, C. Gates and J. Hunker (2009) Sisterhood of the Travelling Packets. In Proceedings of the 2009 New Security Paradigms Workshop. Oxford, UK. September 8-11, 2009.; T. Whalen and C. Gates (2009) Watchdog or Guardian? Unpacking the Issues Surrounding the Monitoring of InfoSec Employees. In Proceedings of the 2009 International Symposium on Human Aspects of Information Security & Assurance. Athens, Greece. June 25-26, 2009.; M. Bishop, D. Frincke, C. Gates and F. Greitzer (2009) AZALIA: and A to Z Assesment of the Likelihood of Insider Attack. In Proceedings of the 2009 IEEE International Conference on Technologies for Homeland Security. Waltham, MA. May 11-12, 2009. (pdf)
(Note: © 2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.); S. Laqua, A. Sasse, C. Gates and S. Greenspan (2009) Making Sense of the Unknown: Knowledge Dissemination in Organizations. In the 2nd Sensemaking Workshop. Boston, MA. April 4-5, 2009. (pdf); T. Taylor, D. Paterson, J. Glanfield, C. Gates, S. Brooks, J. McHugh (2009) FloVis: Flow Visualization System. In Proceedings of the Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH). Washington, DC. March 3-4, 2009. (pdf)
(Note: © 2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.); C. Gates (2009) Coordinated Scan Detection. In Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS). San Diego, CA. February 8-11, 2009. Acceptance Rate: 12% (20/171). (pdf); M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates (2009) Case Studies of an Insider Framework. In Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS). Waikoloa, Hawaii. January 5-8, 2009. (pdf); A. Jerbi, E. Hadar, C. Gates, and D. Grebenev (2008) An Access Control Reference Architecture. In Proceedings of the 2nd Computer Security Architecture Workshop. Fairfax, VA. October 31, 2008. (pdf); M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates (2008) We Have Met the Enemy and He Is Us. In Proceedings of the 2008 New Security Paradigms Workshop (NSPW). Lake Tahoe, CA. September 22-25, 2008. (pdf)
(Note: © ACM 2008. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version will be published in Proceedings of the 2008 Workshop on New Security Paradigms.); C. Gates and J. McHugh (2008) The Contact Surface: A Technique for Exploring Internet Scale Emergent Behaviors. In Proceedings of the Fifth Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). Pages 228-246. Paris, France. July 10-11, 2008. (pdf); M. Bishop and C. Gates (2008) Defining the Insider Threat. In the Fourth Annual Cyber Security and Information Intelligence (CSIIRW). Oak Ridge, TN. May 12-14, 2008. (pdf); C. Gates (2008) A Case Study in Testing a Network Security Algorithm. In Proceedings of the 4th International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities. Innsbruck, Austria. March 18-20, 2008. (pdf); M. Dunlop, C. Gates, C. Wong, and C. Wang (2007) SWorD: A Simple Worm Detection Scheme. In Proceedings of the International Symposium on Information Security. Pages 1752-1769. Algarve, Portugal. November 26-30, 2007. Acceptance Rate: 24% (20/82). (pdf); C. Gates, C. Taylor, and M. Bishop (2007) Dependable Security: Testing Network Intrusion Detection Systems. In Proceedings of the Third Workshop on Hot Topics in System Dependability (HotDep'07). Edinburgh, Scotland. June 26, 2007. (pdf); C. Gates (2007) Access Control Requirements for Web 2.0 Security and Privacy. Position Paper accepted to the Workshop on Web 2.0 Security and Privacy. Oakland, CA. May 24, 2007. (pdf); T. Whalen and C. Gates (2007) A Psychological Profile of Defender Personality Traits. Journal of Computers. 2.2: 84-93. April 2007. (pdf); B. Trammell and C. Gates (2006) NAF: The NetSA Aggregated Flow Tool Suite. In Proceedings of the 20th Large Installation Systems Administration Conference (LISA 2006). Pages 221-231. Washington, DC. December 3 - 8, 2006. (pdf); C. Gates and C. Taylor (2006) Challenging the Anomaly Detection Paradigm: A Provocative Discussion. In Proceedings of the 2006 New Security Paradigms Workshop (NSPW). Pages 21-29. Schloss-Dagstuhl, Germany. September 18-21, 2006. Acceptance Rate: 32% (12/38). (pdf) (ps)
(Note: © ACM 2006. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version will be published in Proceedings of the 2006 Workshop on New Security Paradigms.); C. Gates, J. McNutt, J. Kadane, and M. Kellner (2006) Scan Detection on Very Large Networks Using Logistic Regression Modeling. In Proceedings of the IEEE Symposium on Computers and Communications. Pages 402-407. Pula-Cagliari, Sardinia, Italy. June 26-29, 2006. (pdf)
(Note: © 2005 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.); M. Collins, C. Gates, and G. Kataria (2006) A Model for Opportunistic Network Exploits: The Case of P2P Worms. Workshop on the Economics of Information Security (WEIS). Cambridge, UK. June 26-28, 2006. (pdf); C. Gates, J. McNutt, J. Kadane, and M. Kellner (2006) Detecting Scans at the ISP Level. Technical Report CMU/SEI-2006-TR-005, Carnegie Mellon University Software Engineering Institute. April 2006. (pdf); C. Gates and T. Whalen (2006) Personal Information on the Web: Methodological Challenges and Approaches. In the CHI 2006 Workshop on Privacy and HCI: Methodologies for Studying Privacy Issues. Montreal, Canada. April 23, 2006.; T. Whalen and C. Gates (2006) Defender Personality Traits. In Proceedings of the Workshop on Intelligence and Security Informatics. Pages 85-91. Singapore. April 9, 2006. Acceptance Rate: 16% (15/92).; C. Gates (2006) Co-ordinated Port Scans: A Model, A Detector and An Evaluation Methodology. PhD Thesis. Dalhousie University. February, 2006. (pdf)(ps); T. Whalen and C. Gates (2006) Defender Personality Traits. Technical Report CS-2006-01, Dalhousie University. (pdf) (ps); C. Gates and T. Whalen (2005) Private Lives: User Attitudes Towards Personal Information on the Web. Technical Report CS-2005-06, Dalhousie University. (pdf) (ps); C. Gates and D. Becknel. (2005) Host Anomalies from Network Data. In Proceedings from the Sixth IEEE Systems, Man and Cybernetics Information Assurance Workshop. Pages 325-332. West Point, New York. June 15 - 17, 2005. (pdf)
(Note: © 2005 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.); T. Whalen and C. Gates (2005) Public Perception of Private Information on Search Engines. Technical Report CS-2005-01, Dalhousie University. (pdf) (ps); J.R. Binkley, J. Mchugh, and C. Gates (2005) Locality, Network Control, and Anomaly Detection. Technical Report 04-04, Portland State University. (ps); C. Gates, M. Collins, M. Duggan, A. Kompanek, and M. Thomas. (2004) More NetFlow Tools: For Performance and Security. In Proceedings of the 18th Large Installation Systems Administration Conference (LISA 2004). Pages 121 - 132. Atlanta, Georgia. November 14 - 19, 2004. Acceptance Rate: 31% (22/70). (pdf) (ps); C. Gates and T. Whalen. (2004) Profiling the Defenders. In Proceedings of the 2004 New Security Paradigms Workshop (NSPW 2004). Pages 107 - 114. Nova Scotia, Canada. September 20 - 23, 2004. Acceptance Rate: 24% (12/51) (pdf) (ps)
(Note: © ACM 2004. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceedings of the 2004 Workshop on New Security Paradigms http://doi.acm.org/10.1145/1065907.1066044); J. McHugh, C. Gates, and D. Becknel. (2004) Situational Awareness and Network Traffic Analysis. In Proceedings of the Gdansk NATO Workshop on Cyberspace Security and Defence: Research Issues. Pages 209 - 228, Gdansk, Poland. September 6 - 9, 2004.; C. Gates and J. Rouse. (2003) The Yearly Review, or How to Evaluate Your Sys Admin. In Proceedings of the 17th Systems Administration Conference (LISA 2003). Pages 95 - 104. San Diego, California. October 26 - 31, 2003. Acceptance Rate: 25% (24/96). (pdf) (ps); C. Gates and J. Slonim. (2003) Owner-Controlled Information. In Proceedings of the 2003 New Security Paradigms Workshop (NSPW 2003). Pages 103 - 111. Ascona, Switzerland. August 18 - 21, 2003. Acceptance Rate: 30% (13/43). (pdf) (ps)
(Note: © ACM 2003. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceedings of the 2003 Workshop on New Security Paradigms http://doi.acm.org/10.1145/986655.986670); J. McHugh and C. Gates. (2003) Locality: A New Paradigm for Thinking About Normal Behavior and Outsider Threat. In Proceedings of the 2003 New Security Paradigms Workshop (NSPW 2003). Pages 3 - 10. Ascona, Switzerland. August 18 - 21, 2003. Acceptance Rate: 30% (13/43). (pdf)
(http://portal.acm.org/citation.cfm?doid=986655.986657); C. Gates. (2003) The Modeling and Detection of Distributed Port Scans: A Thesis Proposal. Technical Report CS-2003-01, Dalhousie University. (pdf) (ps); J. Slonim, M. McAllister, K. Rockwood, T. Chiasson, C. Gates, and K. Hawkey. (2001) A Human-Centric Architecture for Personalization and Privacy. SSGRR 2001 Italy, August 2001.
: J. Slonim, T. Chiasson, C. Gates and M. McAllister. (2001) An extensible, human-centric framework that promotes universal access to electronic commerce. In Proceedings of the 2nd International Symposium on Electronic Commerce Technologies . Pages 116 - 126. Hong Kong, China. April 26 - 28, 2001.
: T. Chiasson and C. Gates. (2000) Electronic commerce universal access device - the knowledge-acquiring layered infrastructure (KALI) project. ACM Crossroads. 7.1: 28 - 32.
: J. Slonim, T. Chiasson and C. Gates. (2000) Creating an electronic commerce device which promotes universal access: the KALI project. Lecture Notes in Computer Science. 1830: 2 - 12.
: I. Caines, C. Gates, R. Guy and R. Nowakowski. (1999) Periods in taking and splitting games. American Mathematical Monthly, 106: 359 - 361.
: C. Gates. (1995) Optimisation of lighting design application by implementation on high performance parallel computing hardware. Edinburgh Parallel Computing Centre. Technical Report SS-95-15. (gzip'd ps)
: C. Gates. (1995) The Application of Neural Networks to the Prediction of the Conductivity of Water. Masters Thesis. Dalhousie University.
: C. Gates. (1994) Why don't nets work for Peter? APICS Annual Computer Science Conference Proceedings. Acadia University. Wolfville, Nova Scotia.

Patents

Awarded:

U.S. Patent Number 8,069,242
System, Method, and Software for Integrating Cloud Computing Systems
E. Hadar, C. Gates, K. Esfahany, M. Chiaramonte, E. Moscovich and G. Bodine
Granted: 29 November, 2011
U.S. Patent Number 8,776,228
Transaction-Based Intrustion Detection
R. Natarajan, C. Gates, T. Brown
Granted: July 8, 2014
U.S. Patent Number 8,850,597
Automated Message Transmission Prevention Based on Environment
C. Gates, S. Greenspan, S. Mankovskii, G. Silberman, M. Velez-Rojas
Granted: September 30, 2014
U.S. Patent Number 8,887,300
Automated Message Transmission Prevention Based on a Physical Reaction
C. Gates, S. Greenspan, S. Mankovskii, G. Silberman, M. Velez-Rojas
Granted; November 13, 2014
U.S. Patent Number 9,041,766
Automated Attention Detection
C. Gates, S. Greenspan, S. Mankovskii, G. Silberman, M. Velez-Rojas
Granted: May 26, 2015
U.S. Patent Number 9,047,253
Detecting False Statement Using Multiple Modalities
C. Gates, S. Greenspan, S. Mankovskii, G. Silberman, M. Velez-Rojas
Granted: June 2, 2015.
U.S. Patent Number 9,055,071
Automated False Statement Alerts
C. Gates, S. Greenspan, S. Mankovskii, G. Silberman, M. Velez-Rojas
Granted: June 9, 2015
U.S. Patent Number 9,100,540
Multi-Person Video Conference With Focus Detection
C. Gates, S. Greenspan, S. Mankovskii, G. Silberman, M. Velez-Rojas
Granted: August 4, 2015
U.S. Patent Number 9,208,326
Managing and Predicting Privacy Preferences Based on Automated Detection of Physical Reaction
C. Gates, S. Greenspan, S. Mankovskii, G. Silberman, M. Velez-Rojas
Granted: December 8, 2015
U.S. Patent Number 9,256,748
Visual Based Malicious Activity Detection
C. Gates, S. Greenspan, S. Mankovskii, G. Silberman, M. Velez-Rojas
Granted: February 9, 2016
U.S. Patent Number 9,276,803
Role Based Translation of Data
C. Gates, S. Greenspan, M. Velez-Rojas, S. Mankovskii
Granted: March 1, 2016
U.S. Patent Number 9,304,584
System, Apparatus, and Method for Identifying Related Content Based on Eye Movements
S. Greenspan and C. Gates
Granted: April 5, 2016
U.S. Patent Number 9,305,097
System and Method for Dissemination of Relevant Knowledge
C. Gates and S. Greenspan.
Granted: April 5, 2016
U.S. Patent Number 9,330,376
System and Method for Assigning a Business Value Rating to Documents in an Enterprise
C. Gates
Granted: May 3, 2016
U.S. Patent Number 9,356,939
Dynamic Access Control Based on Individual and Community Usage Patterns
C. Gates, T. Brown, Y. Li, A. Somayaji
Granted: May 31, 2016
U.S. Patent Number 9,497,071
Multi-Hop Root Cause Analysis
C. Gates, S. Greenspan, M. Velez-Rojas, S. Mankovskii
Granted: November 15, 2016
U.S. Patent Number 9,497,072
Identifying Alarms for a Root Cause of a Problem in a Data Processing System
C. Gates, S. Greenspan, M. Velez-Rojas, S. Mankovskii
Granted: November 15,2016
U.S. Patent Number 9,548,886
Help Desk Ticket Tracking Integration with Root Cause Analysis
C. Gates, S. Greenspan, M. Velez-Rojas, S. Mankovskii
Granted: January 17, 2017
U.S. Patent Number 9,716,599
Automated Assessment of Organization Mood
C. Gates, S. Greenspan, S. Mankovskii, G. Silberman, M. Velez-Rojas
Granted: July 25, 2017

Filed:

U.S. Application Serial No. 14/994,723 (Filed)
System and Method for Providing Persistent Authentication in an Information Handling System
C. Gates, D. Hamlin, C.D. Robison Jr.
Patent application filed in the United States, January 13, 2016.
U.S. Application Serial No. 14/994,726 (Filed)
System and Method for Providing an Authentication Engine in a Persistent Authentication Framework
C. Gates, D. Hamlin, C.D. Robison Jr.
Patent application filed in the United States, January 13, 2016.
U.S. Application Serial No. 14/994,735 (Filed)
System and Method for Providing an Authentication Agent in a Persistent Authentication Framework
C. Gates, D. Hamlin, C.D. Robison Jr.
Patent application filed in the United States, January 13, 2016.
U.S. Application Serial No. 14/994,765 (Filed)
System and Method for Providing Confidence Scores in a Persistent Framework
C. Gates, D. Hamlin, C.D. Robison Jr.
Patent application filed in the United States, January 13, 2016.
U.S. Application Serial No. 14/975,567 (Filed)
Platform for Adopting Settings to Secure a Protected File
C. Burchett, J.M. Burke, C. Gates, D. Konetski, E. Lewis, W.W. Robbins, R. Schuckle, C. Skipper
Patent application filed in the United States, December 18, 2015.
U.S. Application Serial No. 14/975,474 (Filed)
Enforcement Mitigations for a Protected File
C. Burchett, J.M. Burke, C. Gates, D. Konetski, E. Lewis, W.W. Robbins, R. Schuckle, C. Skipper
Patent application filed in the United States, December 18, 2015.
U.S. Application Serial No. 14/960,809 (Filed)
Information Handling System Encrypted Image Display Through Secondary Device
C. Burchett, C. Gates, D. Konetski
Patent application filed in the United States, December 7, 2015.
U.S. Application Serial No. 14/857,600 (Filed)
Systems and methods for using non-medical devices to predict a health risk profile
S. Feder, C. Gates, G. Silberman
Patent application filed in the United States, September 17, 2015.
U.S. Application Serial No. 14/819,322 (Filed)
Systems and methods for providing secure data
C. Burchett, J.M. Burke, C. Gates, D. Konetski, E. Lewis, W.W. Robbins, R. Schuckle, C. Skipper
Patent application filed in the United States, August 5, 2015.
U.S. Application Serial No. 14/725,620 (Filed)
System and Method for Automatic Document Classification and Grouping Based on Document Topic
C. Gates
Patent application filed in the United States, May 29, 2015.
U.S. Application Serial No. 14/705,097 (Filed)
Security Breach Prediction Based on Emotional Analysis
C. Gates
Patent application filed in the United States, May 6, 2015.
U.S. Application Serial No. 14/242,863 (Filed)
Graph Database with Links to Underlying Data
C. Gates, S. Greenspan, M. Velez-Rojas, S. Mankovskii
Patent application filed in the United States, April 1, 2014.

Invited Talks

19 October 2017	Invited Talk Comcast/UConn CyberSEED Conference, Hartford, CT, USA
20-22 October 2015	Multiple Invited Talks and Panels Dell World, Austin, TX, USA
27 May 2015	Mainstage Panel: Security Within Dell Dell Annual Analyst Conference (DAAC), Austin, TX, USA
13 May 2015	Invited Talk: Data Is the New Currency CenterPoint Energy Innovation Day, Houston, TX, USA
27 March 2015	Invited Talk: The Detection and Prevention of Insider Threat Women in Cyber Security (WiCyS) Conference, Atlanta, GA, USA
29 October 2014	Keynote Panel: Digital Privacy and Cybersecurity: A 21st Century Journey or Illusion? Internet2’s 2014 Technology Exchange, Indianapolis, IN, USA
17 October 2014	Invited Talk: grep visualizations /var/logs/unused B-Sides Raleigh, Raleigh, NC, USA
13 May 2014	Invited Talk: Visualizations and Sys Admins Don’t Mix! Big Data Visualization Meetup, Santa Clara, CA, USA
19 February 2014	Invited Talk: Data is the New Currency Data Privacy Day, Halifax, NS, Canada
6 June 2013	Keynote: Tech Transfer in the Trenches 22nd Australian Software Engineering Conference, Melbourne, Australia
11 April 2012	Invited Talk: Security: Computing in an Adversarial Environment ACM Webinar, Virtual
1 March 2012	Keynote: Protecting Business in the New World Order RSA Conference, San Francisco, CA, USA
11 November 2011	Plenary Panel: Partnering with Executive Leaders for Shared Vision and Career Growth Grace Hopper Celebration of Women in Computing, Portland, OR, USA
23 October 2010	Invited Talk: Technology Trends for the Future, and Their Implications Ontario Celebration of Women in Computing 2010, Kingston, ON, Canada
25 August 2010	Workshop on Insider Threats: Strategies for Prevention, Mitigation, and Response, Schloss Dagstuhl, Germany
29 July2010	Invited Talk: Applying Visualization to Security Information Burton Group's Catalyst Conference North America 2010, San Deigo, USA
17 May 2010	CA World, Las Vegas, USA
19 September 2009	Keynote: Usability Challenges in the Security Domain: Is Security a Special Case? 3rd India International HCI Conference, Bangalore, India
15 September 2009	Invited Talk: Technology Trends for the Future, and Their Implications for Governance and Privacy Second International Symposium on Global Information Governance , Prague, Czech Republic
16 June 2009	ISSNet NSERC Strategic Network Grant on CyberSecurity, Carleton University, Canada
11 June 2009	CA Council for Technical Excellence, Los Angeles, USA
22 April 2009	CA Architect's Conference, Islandia, NY, USA
18 February 2009	Digital Security Lab, Carleton University, Canada
12 February 2009	Software Security Lab, University of California Irvine, USA
20 January 2009	Security Research Group, University of California Davis, USA
20 July 2008	Workshop on Countering Insider Threats, Schloss Dagstuhl, Germany
12 March 2008	Information Security Group, Istituto di Informatica e Telematica (IIT), National Research Council (C.N.R.), Pisa, Italy
5 March 2008	Pacific Northwest National Laboratory, Richland, USA
22 February 2008	Department of Electrical Engineering and Computer Science, United States Military Academy, West Point, USA
13 February 2008	Security Research Group, Columbia University, USA
25 April 2007	Information Systems and Internet Security Laboratory, Polytechnic University, USA.
27 November 2006	CMU Usable Privacy and Security Laboratory, Carnegie Mellon University, USA.
9 May 2006	MITACS Digital Security Seminar Series, Carleton University, Canada.
23 March 2006	IBM Centers for Advanced Studies, Toronto, Canada.
28 October 2005	Information Networking Institute, Carnegie Mellon University, USA.
27 January 2005	DETER Project Meeting, UC Berkeley, USA.
19 August 2004	Department of Computer Science, University of South Carolina, USA.
23-24 March 2004	CERIAS Security Symposium, Purdue University, USA.
12 November 2003	Security Seminar, The Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University, USA.
21 July 2003	Data Privacy Lab, Carnegie Mellon University, USA.
10 July 2001	IBM Canada Centre for Advanced Studies, Canada.

"Career Panel: Outlooks and Opportunities with Academia, Industry and Research Labs" with panelists Tony Baylis (LBNL), Luiz DeRose (Cray), Padma Raghavan (Penn State) and Damian Rouson (Sourcery). SuperComputing, Austin, TX, 15-20 November 2015.
: "Cybersecurity: Are We There Now and Where Do We Need to Be in 5 Years?" with panelists Minerva Rodriguez (Raytheon), Meg Layton (Symantec) and Michelle Guel (Cisco). Grace Hopper Celebration of Women in Computing, Baltimore, MD, 3-6 October 2012.
: "Information Security, Privacy & Risk Management: From Research to Practice" with panelists Dr. Lorrie Cranor (Carnegie Mellon University) and Laura Koetzle (Forrester Research). Executive Women's Forum, Scottsdale, AZ, 20-22 October 2010.
: "Cloud Computing & Access and Identity Management" with panelists Linda Cooper Angles (Guardian Life Insurance), Brianna Gamp (eBay), and Jackie Gilbert (SailPoint). Executive Women's Forum, Scottsdale, AZ, 20-22 October 2010.
: "Current R&D in Cyber Security" with panelists Kenneth Brancik (Northrop Grumman), David Dewey (IBM) and Paul Stirpe (IBM). New York Institute of Technology Annual Cyber Security Conference, New York, NY. 15 September 2010.
: "Visualization of Cyber Operations Information" with panelists COL Steve McPherson (USAF) and Thomas Lam (OASD(NII)/DoD) and Daniel Blum (Burton Group). AFEI Security in the Clouds, Alexandria, VA. 14 April 2010.
: "The Role of Research in Industry and Government" with panelists Timothy Brown (CA) and William Cheswick (AT&T Labs) and Deborah Frincke (Pacific Northwest National Laboratory) and Chenxi Wang (Forrester). RSA, San Francisco, CA. 3 March 2010.
: "CyberSecurity for a Changing World" with panelists Jamie Van Randwyk (Sandia National Laboratories) and Piotr (Peter) Zbiegiel (Argonne National Labs) and chair Jim Costa (Sandia National Laboratories). SuperComputing Broader Engagement Program, Portland, OR. 16 November 2009.
: "Data Visualization Technologies" with panelists John Goodall (Secure Decisions), LTC Gregory Conti (US Military Academy), and Bill Pike (Pacific Northwest National Laboratory). USSS Global Cyber Security Conference, Washington, DC. 5 August 2009.
: "Testbeds and Their Relevance for the Development of New Products" with panelists Michael Rumsewicz (University of Adelaide), Ina Schieferdecker (Fraunhofer FOKUS), Ronan Skehill (University of Limerick), and Marcin Solarski (Deutsche Telekom A.G. Laboratories). 4th International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, Innsbruck, Austria. 19 March 2008.
: "Real Data is Not Enough!" Panel participant on "Real Datasets and Experiment Fidelity" with panelists Doug Maughan (DHS), Sam Gorton (Skiaon) and Steve Schwab (Sparta). DETER Workshop, Boston, MA. 7 August 2007.
: "Challenging the Anomaly Detection Paradigm: A Provocative Discussion" NSPW Session, Annual Computer Security Applications Conference, Miami Beach, FL, USA. 14 December 2006.
: "Security Visualization: A Case Study." Annual Computer Security Applications Conference, Case Studies Track, Tucson, Arizona. 7 December 2005.

Funding and Grants

Principal Investigator. FloVis: Flow Visualization System. Department of Homeland Security (DHS BAA 07-09), Contract Number N66001-08-C-2032. April 2008 - September 2010. $815,295.
Co-Principal Investigator. Attribution for GENI. Global Environment for Network Innovation (GENI), Contract Number 1776 (Administered by BBN). October 2009 - September 2010. $30,000.
Co-Principal Investigator. The Hive Mind: Applying a Distributed Security Sensor Network to GENI. Global Environment for Network Innovation (GENI), Contract Number 1776 (Administered by BBN). October 2009 - August 2012. $520,000.
Co-Investigator. Fast and Effective Insider Threat Detection and Prediction System. Australia Research Council Project ID LP110200321. 2011 – 2014. $255,000 AUD.

Committee Member (MCS): Teryl Taylor, Dalhousie University; FloVis: A Network Security Visualization Framework; Thesis Advisor: John McHugh, Dalhousie University; 17 April 2009.
Candidacy Examiner (PhD): Maritza Johnson, Columbia University; Subject Area: Usable Security Policy Management; Thesis Advisor: Steve Bellovin, Columbia University; 12 March 2009.
External Examiner (PhD): Vanessa Frias-Martinez, Columbia University; Behavior-based Admission and Access Control for Network Security; Thesis Advisor: Sal Stolfo, Columbia University; 29 September 2008.

Service

Government Community:

NSF Panelist
Reviewed NSF proposals for the Secure and Trusted Cyberspace (SaTC) program in 2012, 2013, 2014, 2015, and 2016

Legal Input

Helped write an amendment to the America COMPETES Act (H.R. 5116) for Senator Warren, which was signed into law in December 2010
Signatory as Technical Expert: Brief for the Petitioner as Amicus Curiae, Carpenter v. United States, (August 2017). https://assets.documentcloud.org/documents/3932663/Carpenter-Amicus-Brief-Technology-Experts.pdf
Signatory on Election Integrety Expert Letter to Congress (June 2017). https://www.electiondefense.org/election-integrity-expert-letter/

Research Community:

Editor

Computers and Security - Elsevier Journal (COSE)

August 2016 - present

General Chair

New Security Paradigms Workshop (NSPW)

Denver, CO, USA, September 2016
Netherlands, September 2015 (vice general chair)

Learning from Authoritative Security Experiment Results (LASER)

Arlington, VA, USA, July 2012

Annual Computer Security Applications Conference (ACSAC)

Austin, TX, USA, December 2010
Honolulu, HI, USA, December 2009

International Symposium on Global Information Governance (ISGIG)

Pisa, Italy, March 2008

Program Chair

Socio-Technical Aspects of Security and Trust (STAST) Workshop - co-chair

Los Angeles, CA, USA, December 2016

Grace Hopper Celebration of Women in Computing - co-chair of security track

Phoenix, AZ, USA, October 2014

New Security Paradigms Workshop (NSPW) - co-chair

Marin County, CA, USA, September 2011
Concord, MA, USA, September 2010

Workshop on Visualization for Computer Security (VizSec) - co-chair

Atlantic City, NJ, USA, October 2009

Program Committee Member

Symposium On Usable Privacy and Security (SOUPS)

Santa Clara, CA, USA, August 2019
Ottawa, Canada, July 2015
Pittsburgh, PA, USA, July 2005

Network and Distributed System Security (NDSS)

San Diego, CA, USA, February 2019
San Diego, CA, USA, February 2018

Enigma

Burlingame, CA, USA, January 2019
San Clara, CA, USA, January 2018
Oakland, CA, USA, January 2017

Annual Computer Security Applications Conference (ACSAC)

San Juan, Puerto Rico, USA, December 2018
Honolulu, HI, USA, December 2009
Anaheim, CA, USA, December 2008
Miami, FL, USA, December 2007
Miami, FL, USA, December 2006

Workshop on Visualization for Computer Security (VizSec)

Berlin, Germany, October 2018
Phoenix, AZ, USA, October 2017
Baltimore, MD, USA, October 2016
Chicago, IL, USA, October 2015
Paris, France, October 2014
Atlanta, GA, USA, October 2013
Atlantic City, NJ, USA, October 2009
Boston, MA, USA, September 2008
FairFax County, VA, USA, November 2006

Research in Attacks, Intrusion and Defenses (RAID)

Heraklion, Crete, Greece, September 2018

New Security Paradigms Workshop (NSPW)

Windsor, UK, August 2018
Oxford, UK, September 2009
Olympic Valley, CA, USA, September 2008
New Hampshire, USA, September 2007
Schloss-Dagstuhl, Germany, September 2006
Lake Arrowhead, CA, USA, September 2005
Nova Scotia, Canada, September 2004

Usenix Security

Baltimore, MD, USA, August 2018
Redmond, WA, USA, August 2012
San Francisco, CA, USA, August 2011

Workshop on Research in Insider Threat (WRIT)

San Jose, CA, USA, May 2018
San Jose, CA, USA, May 2016
San Jose, CA, USA, May 2014

Grace Hopper Celebration of Women in Computing - security track

Orlanda, FL, USA, October 2017

Workshop on Security Information Workers (WSIW)

Denver, CO, USA, July 2016

Usable Security (USEC)

San Diego, CA, USA, February 2016

Workshop on Web 2.0 Privacy and Security (W2SP)

San Jose, CA, USA, May 2015
San Jose, CA, USA, May 2014
Oakland, CA, USA, May 2008

Learning from Authoritative Security Experiment Results (LASER)

Arlington, VA, USA, October 2013

Workshop on Governance of Technology, Information, and Policies (GTIP)

Austin, TX, USA, December 2010

European Conference on Computer Network Defense

Berlin, Germany, October 2010

SCinet (SuperComputing) Security Team

International Conference for High Performance Computing, Networking, Storage and Analysis

Austin, TX, USA, November 2015 (Co-Lead)
New Orleans, LA, USA, November 2014 (Co-Lead)
Denver, CO, USA, November 2013 (Co-Lead)
Salt Lake City, UT, USA, November 2012 (Co-Lead)
New Orleans, LA, USA, November 2010 (Co-Lead)
Portland, OR, USA, November 2009 (Co-Lead)
Austin, TX, USA, November 2008
Reno, NV, USA, November 2007
Tampa, FL, USA, November 2006
Seattle, WA, USA, November 2005

Press Articles / Interviews / Videos / Blogs

Press Articles:

February 1, 2016 – Breaking the Cybersecurity Glass Ceilng by Diane Ritchey for Security Magazine.
July 25, 2015 – End Users Not the Enemy When It Comes To Security by Jeffrey Burt for eWeek.
November 18, 2014 – Big Switch Networks and Dell Enable Supercomputing 2014's SCinet Monitoring of High-Performance Networks for Market Wired.
July 14, 2014 – Internet of Things – A Thought Piece by Carrie Gates and Peter Matthews for Internet of Things Today.
June 13, 2012 – How to Make Sure Your Company Secrets Stay When Your Employees Move On by Riva Richmond for Entrepreneur Magazine.
August 24, 2008 – Homeland Security Asks Dalhousie to Visualize Data by Shane Schick for ITWorld Canada.

Videos:

October 23, 2015 – What You May Have Missed at Dell World 2015 .
October 14, 2015 – Where is CyberSecurity Headed?
October 19, 2014 – grep visualization /var/logs/unused .
July 16, 2013 – Security: Computing in an Adversarial Environment .
January 11, 2012 – Video for Information Technology Industry Council .
July, 2011 – Insider Threat Detection from CA Labs .

Blogs:

November 23, 2015 – On Evolving Network Security for a Research and Enterprise Network .
November 17, 2015 – Security Evolves at SC15 .
October 5, 2012 – GHC12: Cybersecurity: Are We There Now and Where Do We Need To Be In Five Years? by Valerie Fenwick.
February 18, 2011 – Explore the Role and Impact of the Open Trusted Technology Forum to Help Ensure Secure IT Products in Global Supply Chains by Dana Gardner.
October 27, 2010 – Top Ten Technology Trends for the Future by Gail Carmichael (about one of my talks).

Honours and Awards

Recognized by Computer Business Review as one of "Five Women Leading the Way in Cyber Security", September 25, 2015
Recognized in Diversity Journal's 11th Annual Women Worth Watching issue, September 2012
CA's Inventive Minds Award, 2011
CSO Magazine's Women of Influence Award (Academic), 21 October 2010
Member, Council for Technical Excellence, CA - July 2010 - June 2013
Adjunct, Council for Technical Excellence, CA - July 2007 - June 2008
IBM Scholars PhD Fellowship, IBM - September 2003 - August 2005
Grace Hopper Award, Vancouver, Canada - November 2002
Citizenship Award, Faculty of Computer Science, Dalhousie University - 2002
Student Appreciation Award, Faculty of Computer Science, Dalhousie University - 2002
IBM CAS Fellowship, Center for Advanced Studies, IBM, Toronto, Canada - January 2001 - December 2003
12^th International School for Computer Science Researchers, Lipari International School, Italy: accepted into course on E-Commerce and On-Line Algorithms, 8 - 22 July 2000.
Dalhousie University Fellowship - 1993-94
Atlantic Tractors Scholarship - 1993-94
Atlantic Tractors Scholarship - 1988-89

Professional Affiliations

Applied Computer Security Associates (ACSA) Fellow (by invitation only)
Institute of Electrical and Electronics Engineers (IEEE)
Association for Computing Machinery (ACM)
Usenix

Hobbies and Interests

horseback riding (hunter/jumper)
traveling
photography
running