You can download a brief, 2-page bio in the form (approximately) used by DoD here.
Expanded, narrative biography follows. Full academic C.V. is available at the link in the left column.
Eugene H. Spafford is one of the senior, most recognized leaders in the field of computing. He has been honored with nearly every possible award in cyber security, including induction into the Cyber Security Hall of Fame; every major award at Purdue University for teaching; and many major awards for distinguished service to the computing community, including the CRA Distinguished Service Award. He is the only person to receive all three of the National Computer Security Award, be inducted into the Cyber Security Hall of Fame, and receive the Hal Tipton Award. He is also the only person ever to be named as a Fellow of the combination of the (ISC)2, ISSA, ACM, IEEE, and AAAS.
Spaf (as he is known to friends) has established an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including Microsoft, Intel, Tripwire, SignaCert, Unisys, the US Air Force, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Justice, the Department of Energy, and the staff of two Presidents of the United States. With over three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. He is responsible for a number of "firsts" in several of these areas.
Dr. Eugene Spafford is a professor with an appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. He also has courtesy appointments as a professor of Philosophy , a professor of Communication , a professor of Electrical and Computer Engineering , and a professor of Political Science. He is the Executive Director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS). In 2012 he was named as one of Purdue's inaugural Morrill Professors -- the university's highest award for the combination of scholarship, teaching, and service.
Starting in 2010, Spaf became Editor-in-Chief of the Elsevier journal Computers & Security, the oldest journal in the field of information security, and the official outlet of IFIP TC-11. Prior to this appointment, he served as Academic Editor (Associate Editor) of the journal from 1998–2009.
Spaf serves on a number of advisory and editorial boards, and has been honored numerous times for his writing, research, and teaching on issues of security and ethics. He is is a Fellow of the ACM, the AAAS, the IEEE, the ISC2, and is a Distinguished Fellow of the ISSA. (See below for more details.)
Honors & Awards
- Presented with an inaugural Purdue University Morrill Award in 2012. This new recognition is for faculty who have made extraordinary contributions to the land-grant mission of the university: teaching, research, and community service. Of the 1800+ faculty members at Purdue, only 8 have received this award as of 2013.
- Presented with a WORLDCOMP/ERSA Outstanding Achievement Award in 2011.
- Named as the 2009 recipient of the CRA Distinguished Service Award.
- Presented with the ACM President's Award in 2007. The citation was
"...for his long and effective leadership on issues of computer security and policy, professional responsibility, and the Internet."(Press release.)
- Presented with an honorary D.Sc. (Doctor of Science) degree from the trustees of the State University of New York in 2005 at spring commencement of the State University College at Brockport.
- Named as the 2013 awardee of the (ISC)2 Harold F. Tipton Lifetime Achievement Award
- Spaf was named as one of the 2013 inductees to the National Cyber Security Hall of Fame
- Awarded a SANS Lifetime Achievement Award in 2011.
- Named as a Security Visionary by "The Everything Channel" in 2010.
- Named as a Distinguished Fellow of the ISSA in 2009.
- Awarded the 2006 Outstanding Contribution Award of the ACM Special Interest Group on Security, Audit and Control.
Awarded the 2006 Joseph J. Wasserman award of the ISACA New York Metropolitan Chapter
"... for your overall body of work and contributions to the information security profession."
- Named by Network World as one of the "50 Most Powerful People in Networking" (in the security group) at the end of 2006.
Awarded the 2005 IEEE Computer Society Technical Achievement Award. The citation on the award is
For contributions to information security and digital forensics.(Previous award winners are noted here.)
- Named to the ISSA (Information Systems Security Association) Hall of Fame in 2001 and made a Lifetime Member. In 2009 he was named as a Distinguished Fellow of the ISSA.
- Awarded status as an Honorary CISSP by the Board of Directors of the (ISC)2 (also a Fellow of the ISC2 as of 2008).
- 2000 NIST/NCSC (of the NSA) National Computer System Security Award recipient.
- Year 2000 Applied Computer Security Associates Distinguished Practitioner.
- Profiled by the Washington Post in 2000 as one of the most influential policy experts in information security (Security Guard on p. H5, June 19, 2000).
- Named as one of the "Five Most Influential Leaders in Information Security" by the readers of the magazine Information Security in 1999.
In Computing & Science
- Fellow of the ACM.
- Fellow of the AAAS.
- Fellow of the IEEE.
- Charter member of the IEEE Computer Society's Golden Core.
- Elected to Upsilon Pi Epsilon .
Awarded the Taylor L. Booth Medal in 2004 by the IEEE Computer Society for
For excellence as an educator, and for outstanding contributions to the definition, materials and practice of information security and computing.
- Named to Purdue's Book of Great Teachers in 2003.
Awarded the Murray Founder's Medal in 2001 by the NCISSE (National Colloquium for Information Systems Security Education) for
Outstanding Contributions to Information Security Education.
- Year 2001 recipient of the Purdue University Outstanding Undergraduate Teaching Award in Memory of Charles B. Murphy.
- Named as a Fellow of the Purdue Teaching Academy in October 2001.
- Named as the Cecil H. and Ida Green Honors Professor at Texas Christian University in 1995.
Other Awards and Recognition
- Named as a Fellow of the Ponemon Institute in 2014.
Presented with the ACM SIGCAS Making a Difference Award in 2004. The citation on the award is
For his outstanding contribution to both the technical and public policy aspects of protecting the global cyberspace infrastructure.
- Presented with the U.S. Air Force medal for "Meritorious Civilian Service," in recognition of his work with the USAF Scientific Advisory Board. from 1999-2003.
- Presented with the Hall of Heritage Award from the SUNY Brockport College Alumni Association.
Presented with an IEEE Computer Society Meritorious Service Certificate in 1992
…for participating in the 1991 Curriculum Task Force.
- Received an Award of Distinguished Technical Communication (highest award) and Award of Merit from the Society for Technical Communications in 1996, for Practical Unix and Internet Security (2nd edition).
- Named to the the State University of New York's Alumni Honor Roll in 1995.
Writing & Editing
Professor Spafford is currently on the advisory and editorial boards of the journals
- Computers & Security (formerly as the Academic/Associate Editor, now as Editor-in-Chief)
- Network Security
- International Journal on Critical Infrastructure Protection
- International Journal of Information and Computer Security
He has written extensively in the field of computer security, including coauthoring an award-winning book on UNIX Security, Practical Unix & Internet Security (O'Reilly and Associates, 1991; 2nd edition 1996; 3rd edition 2003) and a widely-cited book on computer viruses, Computer Viruses (ADAPSO, 1989). He has also served as contributing editor to Computer Crime: A Crime-Fighters Handbook (O'Reilly and Associates, 1995), and Web Security, Privacy and Commerce, (O'Reilly and Associates, 1997; 2nd edition 2002). He has published over 100 papers and reports on his research. He has also spoken internationally at panels, conferences, symposia, and colloquia on these issues.
Selected Memberships and Chairmanships
- Member of the US Air Force Air University Board of Visitors, 2009-present.
- Member of the advisory board for the U.S. Naval Academy's Center for Cyber Security Studies.
- Member of the President's Information Technology Advisory Committee (PITAC), 2003-2005.
- Chair of the ACM's US Public Policy Committee, USACM, 1998-2014.
- One of ACM's two representatives on the Board of Directors of the Computing Research Association, 1998-2007.
- Member of the National Steering Committee of the FBI's Regional Computer Forensic Laboratory Program (RCFL) from 2003-2005.
- Member of the U.S. GAO (General Accountability Office) Executive Council on Information Management and Technology, 2003-present.
- Member (and former chair) of IFIP's TC 11 working group on network security (WG 4), and former member of WG 9 on computer forensics.
- Member of the US Air Force Scientific Advisory Board, 1999-2003; consultant in 2007 and 2008.
- Member and Fellow of the ACM, and member of ACM Council 2012-2016.
- Member and Fellow of the Computer Society of the IEEE.
- Member and Fellow of the AAAS.
- Member of Sigma Xi.
Professor Spafford has also served as chairman of ACM's Self-Assessment Committee and of its ISEF Awards Committee, as well as served as a charter member of the Technical Standards Committee. He was co-chair of the ACM's Advisory Committee on Security and Privacy, now defunct.
Over the past few years, Professor Spafford has served in an advisory or consulting capacity on information security and computer crime with several U.S. government agencies and their contractors, including the NSF's CISE division, FBI, National Security Agency, U.S. Attorney's Office, the Secret Service, and the U.S. Air Force. He has also been an advisor to several Fortune 500 companies, law firms, and state and national law enforcement agencies around the world. Spaf was a member of the Defense Science Study Group V and was a member of the science study group supporting the U.S. Government's Infosec Research Council. He is a past member of the Board of Directors of the National Colloquium on Information Systems Security Education and of the Sun User Group (now defunct).
Spaf has been involved with security incident response both as an educator and as a practitioner. He has served as a member of the advisory boards of both CERT/CC and the FIRST (FIRST is the Forum of Incident Response and Security Teams). He was the founder and co-director of the Purdue Computer Emergency Response Team until 2001.
In 1987, Professor Spafford joined the academic faculty of the Department of Computer Science at Purdue University. At Purdue, he has taught courses in operating systems, compiler and language design, computer security, computer architecture, software engineering, networking and data communications, and issues of ethics and professional responsibility. Over the last few years Professor Spafford has been recognized with the top three awards for teaching at Purdue University.
Dr. Spafford's primary research is on issues relating to information security, with a secondary interest in the reliability of computer systems, and the consequences of computer failures. In addition to work in computer and network security, this involves research into issues of computer crime, and issues of liability and professional ethics. His work in security has resulted in several oft-cited papers and a number of books, as well as the development of the COPS and Tripwire security programs for Unix --- tools used world-wide for assistance in the management of system security.
Spaf's involvement in information security led, in early 1992, to his formation at Purdue of the COAST Project and Laboratory, of which he was the director. This was an effort to develop workable security technology and practical tools. In May of 1998, Purdue University formed the Center for Education and Research in Information Assurance and Security (CERIAS) and appointed Spaf as its first Director. This university-wide center is addressing the broader issues of information security and information assurance, and draws on expertise and research across all of the academic disciplines at Purdue. Because of its structure, and the incorporation of the COAST group in its activities, the CERIAS is the largest and most broadly-structured academic research center in the world in its field. In 2003, Spafford was promoted to Executive Director of CERIAS.
In addition to his security research, Spaf has been an active researcher with the Software Engineering Research Center (SERC) --- an NSF University/Industry Cooperative Research Center, located jointly at several universities including Purdue. His research in the SERC included continuing work with testing technology, including the Mothra II testing environment; and with investigation of new approaches to software debugging, including development of the Spyder debugging tool.
Dr. Spafford has also conducted research on issues relating to increasing the reliability of computer systems, and the consequences of computer failures. This includes work with distributed computing systems (the Messiahs project).
Dr. Spafford received his B.A. degree with a double major in Mathematics and Computer Science from the State University College at Brockport (1979, NY). Upon graduation, he was honored with a SUNY College President's Citation. He then attended the School of Information and Computer Science (now the College of Computing) at Georgia Institute of Technology, holding both a Georgia Tech President's Fellowship and a National Science Foundation Graduate Fellowship.
Spaf received his M.S. in 1981, and the Ph.D. in 1986 for his design and implementation of the original Clouds reliable, distributed operating system kernel, and for his contributions as one of the original members of the Clouds design team. Next, Dr. Spafford spent a year and a half as a research scientist (postdoc) with the Software Engineering Center at Georgia Tech. His duties there included serving as a principal software engineer with the Mothra software testing project.
Spaf is also responsible for a number of "firsts" in computer science; a selection of these is available.
Spaf's full curriculum vitae is online.
Someone created a Wikipedia page on Spaf; it looks mostly accurate.
A print-quality photo may be found here.