(updated 2020-02-15)

I am on faculty at the University of Maryland Baltimore County (UMBC) in the Department of Computer Science and Electrical Engineering. As a faculty member and part of our UMBC Cybersecurity Center’s leadership, I write and speak on a range of topics but represent no one except myself unless indicated otherwise, even if my university affiliation is mentioned for identification purposes. (Most of my media hits are conducted on behalf of UMBC, though.)

My primary salary is paid by UMBC. It does not vary or depend upon any additional outside income and I am not required to raise research funds. However, I have raised individually and/or jointly, over $10M in grant funding since 2010, some of which has directly and/or indirectly benefitted me as a faculty member. At UMBC I am on the Research Park Advisory Committee – in that role and as a faculty member, I interact with startup companies in our technology incubator. I am in full compliance with UMBC’s ethics and conflicts of interest disclosure policies, and will remain so.

I sometimes collect royalties or honoraria by releasing books, articles, or commentaries. Wherever possible I will make things I write available online for free under a Creative Commons license. These days, I prefer to write in CC-oriented venues and/or public mediums where maximum readership and knowledge transfer can take place – and for reasons of principle, practicality, and protest, I rarely publish in exploitative paywalled academic journals. If I mention a product, service, or company in an article, it’s exclusively within that content and context; I will never accept money to provide paid promotions.

I sometimes earn speaking fees and/or receive travel expenses for speaking, moderating or keynoting at an event. When paid to speak, I will contract as to subject matter (e.g., whether the speech is about cybersecurity, hacking, technology policy, etc.), but not as to substance or content. If I mention a product, service, or company in a talk, it’s exclusively within that content and context; I will never accept money to provide paid promotions. I generally ask for such talks to be made available for free online afterwards.

I periodically consult to and/or have worked for assorted government entities or their contractors. Much of that work was sensitive and/or classified. While I continue to engage with some government entities, those relationships are entirely unclassified and/or public. At this point in my career I have no desire to again work in classified environments – and often find it counterproductive anyway.

I am invested in the stock market through individual equities, mutual funds, and options. I manage these investments personally. In some cases I’ve been asked to join company advisory boards and received stock options as compensation for my involvement. Where required by law, policy, ethics, or common sense, I also disclose any such relevant corporate relationships in my articles or comments. My personal investment decisions are based entirely on public knowledge and/or analysis.

Other relevant activities of note can be found at my bio page on this site and/or at other official sites and may be considered part of this disclosure document.

Kudos:  This disclosure page is based on similar disclosure pages by Kate Darling, Jonathan Zittrain, Larry Lessig, and others.