Narrative Bio for Spaf

Links

Home

In the News & On the WWW

Short Bio

Full C.V. PDF indicator

Selected Firsts

Notable Activities

My Tumblr Log (Blog)

My CERIAS Blog Posts

Spaf & the US Gov

Courses & Teaching

Information for Grad Students

Students Past and Present

Research and Papers

Selected Quotes

Miscellaneous Items

• • •


You can download a brief, 2-page bio in the form (approximately) used by DoD here.

Expanded, narrative biography follows. Full academic C.V. is available at the link in the left column.

Position

Eugene H. Spafford is one of the senior, most recognized leaders in the field of computing. He has been honored with nearly every possible award in cyber security, including induction into the Cyber Security Hall of Fame; every major award at Purdue University for teaching; and many major awards for distinguished service to the computing community, including the CRA Distinguished Service Award. Spaf (as he is known to friends) has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including Microsoft, Intel, Unisys, the US Air Force, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Justice, the Department of Energy, and two Presidents of the United States. With over three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. He is responsible for a number of "firsts" in several of these areas.

Dr. Eugene Spafford is a professor with an appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. He also has courtesy appointments as a professor of Philosophy , a professor of Communication , a professor of Electrical and Computer Engineering , and a professor of Political Science. He is the Executive Director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS). In 2012 he was named as one of Purdue's inaugural Morrill Professors -- the university's highest award for the combination of scholarship, teaching, and service.

Starting in 2010, Spaf became Editor-in-Chief of the Elsevier journal Computers & Security, the oldest journal in the field of information security, and the official outlet of IFIP TC-11. Prior to this appointment, he served as Academic Editor (Associate Editor) of the journal from 1998–2009.

Dr. Spafford is currently the chair of the ACM's US Public Policy Council, a position he has held since 1998, and is a member of ACM Council from 2012-2016.

Spaf serves on a number of advisory and editorial boards, and has been honored numerous times for his writing, research, and teaching on issues of security and ethics. He is is a Fellow of the ACM, the AAAS, the IEEE, the ISC2, and is a Distinguished Fellow of the ISSA. (See below for more details.)

Honors & Awards

General

In Security

In Computing & Science

In Education

Other Awards and Recognition

Top

Professional Activities

Writing & Editing

Professor Spafford is currently on the advisory and editorial boards of the journals

He has written extensively in the field of computer security, including coauthoring an award-winning book on UNIX Security, Practical Unix & Internet Security (O'Reilly and Associates, 1991; 2nd edition 1996; 3rd edition 2003) and a widely-cited book on computer viruses, Computer Viruses (ADAPSO, 1989). He has also served as contributing editor to Computer Crime: A Crime-Fighters Handbook (O'Reilly and Associates, 1995), and Web Security, Privacy and Commerce, (O'Reilly and Associates, 1997; 2nd edition 2002). He has published over 100 papers and reports on his research. He has also spoken internationally at panels, conferences, symposia, and colloquia on these issues.

Selected Memberships and Chairmanships

Professor Spafford has also served as chairman of ACM's Self-Assessment Committee and of its ISEF Awards Committee, as well as served as a charter member of the Technical Standards Committee. He was co-chair of the ACM's Advisory Committee on Security and Privacy, now defunct.

Over the past few years, Professor Spafford has served in an advisory or consulting capacity on information security and computer crime with several U.S. government agencies and their contractors, including the NSF's CISE division, FBI, National Security Agency, U.S. Attorney's Office, the Secret Service, and the U.S. Air Force. He has also been an advisor to several Fortune 500 companies, law firms, and state and national law enforcement agencies around the world. Spaf was a member of the Defense Science Study Group V and was a member of the science study group supporting the U.S. Government's Infosec Research Council. He is a past member of the Board of Directors of the National Colloquium on Information Systems Security Education and of the Sun User Group (now defunct).

Incident Response

Spaf has been involved with security incident response both as an educator and as a practitioner. He has served as a member of the advisory boards of both CERT/CC and the FIRST (FIRST is the Forum of Incident Response and Security Teams). He was the founder and co-director of the Purdue Computer Emergency Response Team until 2001.

Top

At Purdue

Teaching

In 1987, Professor Spafford joined the academic faculty of the Department of Computer Science at Purdue University. At Purdue, he has taught courses in operating systems, compiler and language design, computer security, computer architecture, software engineering, networking and data communications, and issues of ethics and professional responsibility. Over the last few years Professor Spafford has been recognized with the top three awards for teaching at Purdue University.

Research

Dr. Spafford's primary research is on issues relating to information security, with a secondary interest in the reliability of computer systems, and the consequences of computer failures. In addition to work in computer and network security, this involves research into issues of computer crime, and issues of liability and professional ethics. His work in security has resulted in several oft-cited papers and a number of books, as well as the development of the COPS and Tripwire security programs for Unix --- tools used world-wide for assistance in the management of system security.

Spaf's involvement in information security led, in early 1992, to his formation at Purdue of the COAST Project and Laboratory, of which he was the director. This was an effort to develop workable security technology and practical tools. In May of 1998, Purdue University formed the Center for Education and Research in Information Assurance and Security (CERIAS) and appointed Spaf as its first Director. This university-wide center is addressing the broader issues of information security and information assurance, and draws on expertise and research across all of the academic disciplines at Purdue. Because of its structure, and the incorporation of the COAST group in its activities, the CERIAS is the largest and most broadly-structured academic research center in the world in its field. In 2003, Spafford was promoted to Executive Director of CERIAS.

In addition to his security research, Spaf has been an active researcher with the Software Engineering Research Center (SERC) --- an NSF University/Industry Cooperative Research Center, located jointly at several universities including Purdue. His research in the SERC included continuing work with testing technology, including the Mothra II testing environment; and with investigation of new approaches to software debugging, including development of the Spyder debugging tool.

Dr. Spafford has also conducted research on issues relating to increasing the reliability of computer systems, and the consequences of computer failures. This includes work with distributed computing systems (the Messiahs project).

Top

Background

Dr. Spafford received his B.A. degree with a double major in Mathematics and Computer Science from the State University College at Brockport (1979, NY). Upon graduation, he was honored with a SUNY College President's Citation. He then attended the School of Information and Computer Science (now the College of Computing) at Georgia Institute of Technology, holding both a Georgia Tech President's Fellowship and a National Science Foundation Graduate Fellowship.

Spaf received his M.S. in 1981, and the Ph.D. in 1986 for his design and implementation of the original Clouds reliable, distributed operating system kernel, and for his contributions as one of the original members of the Clouds design team. Next, Dr. Spafford spent a year and a half as a research scientist (postdoc) with the Software Engineering Center at Georgia Tech. His duties there included serving as a principal software engineer with the Mothra software testing project.

Other Information

Spaf is also responsible for a number of "firsts" in computer science; a selection of these is available.

Spaf's full curriculum vitae is online.

Someone created a Wikipedia page on Spaf; it looks mostly accurate.

A print-quality photo may be found here.

Top

Updated: 03/31/14

© 2004-2013 E. H. Spafford

spaf@purdue.edu
Valid CSS!   Valid XHTML 1.0! Level Double-A, 
          W3C-WAI Web Accessibility Guidelines 1.0