Narrative Bio for Spaf

Home

In the News & On the WWW

Short Bio

Full C.V.

Selected Firsts

Notable Activities

My CERIAS Blog Posts

Spaf & the US Gov

Courses & Teaching

Information for Grad Students

Students Past and Present

Research and Papers

Selected Quotes

Miscellaneous Items

• • •

You can download a brief, 2-page bio in the form (approximately) used by DoD here .

An expanded, narrative biography follows. Full academic C.V. is available at the link in the left column.

You can find archived video of a number of my talks, conference addresses, and interviews on YouTube.

General

Eugene H. Spafford is one of the senior, most recognized leaders in the field of computing. His research and development work, including work with his students, underlies cyber security mechanisms in use on millions of systems in use today, including work in firewalls, intrusion detection, vulnerability scanners, integrity monitoring, forensics, and security architectures.

Professor Spafford has been honored with every significant award in cyber security, including induction into the Cyber Security Hall of Fame; every major award at Purdue University for teaching; and many major awards for distinguished service to the computing community, including the CRA Distinguished Service Award. He is one of only two people to receive all three of the National Computer Security Award, be inducted into the Cyber Security Hall of Fame, and receive the Hal Tipton Award. He is also the only person ever to be named as a Fellow of the combination of the (ISC)², ISSA (as a Distinguished Fellow), ACM, IEEE. American Association for the Advancement of Science (AAAS), and American Academy of Arts and Sciences (AAA&S).

Spaf (as he is widely known) has established an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including Microsoft, Intel, Tripwire, SignaCert, Unisys, the US Air Force, Sandia National Laboratory, Los Alamos National Laboratory, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Justice, the Department of Energy, and the staff of two Presidents of the United States. With four decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. He is responsible for a number of "firsts" in several of these areas.

Dr. Eugene H. Spafford is a professor with primary appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. He also has courtesy appointments as a professor of Philosophy, a professor of Communication, a professor of Electrical and Computer Engineering, and a professor of Political Science. He is the Executive Director Emeritus of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS). In 2012 he was named as one of Purdue's inaugural Morrill Professors -- the university's highest award for faculty.

Starting in 2010, Spaf became Editor-in-Chief of the Elsevier journal Computers & Security , the oldest journal in the field of information security, and the official outlet of IFIP TC-11. Prior to this appointment, he served as Academic Editor (Associate Editor) of the journal from 1998–2009.

Dr. Spafford is a member and past chair of the ACM's US Technology Policy Committee (formerly the US Public Policy Council) and was a member of ACM Council from 2012-2020. He is a member of Verified Voting's Board of Advisors. He is (again) a member of the Board of Directors for the Computing Research Association.

Honors & Awards

General

• Named as an Honorary Professor of Computer Science at Nottingham University in the United Kingdom.
• Elected as a Fellow of the American Academy of Arts and Sciences (AAA&S), founded in 1780.
• Named as a Sagamore of the Wabash, Indiana's highest civilian honor, in 2016.
• Presented with an inaugural Purdue University Morrill Award in 2012. This is Purdue's top award for faculty members, recognizing those have made extraordinary contributions to the land-grant mission of the university: teaching, research, and community service. Of the approximately 3000 faculty members at Purdue, only 19 (0.6%) have received this award as of January, 2019.
• Presented with a WORLDCOMP/ERSA Outstanding Achievement Award in 2011.
• Named as the 2009 recipient of the CRA Distinguished Service Award .
• Presented with the ACM President's Award in 2007. The citation was "...for his long and effective leadership on issues of computer security and policy, professional responsibility, and the Internet." ( Press release .)
• Presented with an honorary D.Sc. (Doctor of Science) degree from the trustees of the State University of New York in 2005 at spring commencement of the State University of New York Brockport .

In Security

• Recipient of the first ACSAC Cybersecurity Artifacts Competition Impactful System Award for his design of Tripwire. Award made in 2022; Tripwire designed in 1991.
• Co-recipient of an IEEE Symposium on Security & Privacy "Test of Time" award
• Named as one of the 2018 recipents of the ISE ^® Luminary Leadership Award
• Named as the 2017 awardee of the IFIP TC-11 Kristian Beckman Award .
• Named as the 2013 awardee of the (ISC) ² Harold F. Tipton Lifetime Achievement Award
• Spaf was named as one of the 2013 inductees to the National Cyber Security Hall of Fame
• Awarded a SANS Lifetime Achievement Award in 2011.
• Named as a Security Visionary by "The Everything Channel" in 2010.
• Named as a Distinguished Fellow of the ISSA in 2009.
• Awarded the 2006 Outstanding Contribution Award of the ACM Special Interest Group on Security, Audit and Control.
• Awarded the 2006 Joseph J. Wasserman award of the ISACA New York Metropolitan Chapter "... for your overall body of work and contributions to the information security profession."
• Named by Network World as one of the " 50 Most Powerful People in Networking " (in the security group) at the end of 2006.
• Awarded the 2005 IEEE Computer Society Technical Achievement Award. The citation on the award is For contributions to information security and digital forensics. (Previous award winners are noted here .)
• Named to the ISSA (Information Systems Security Association) Hall of Fame in 2001 and made a Lifetime Member. In 2009 he was named as a Distinguished Fellow of the ISSA.
• Awarded status as an Honorary CISSP by the Board of Directors of the ISC² (also a Fellow of the ISC² as of 2008).
• 2000 NIST/NCSC (of the NSA) National Computer System Security Award recipient.
• Year 2000 Applied Computer Security Associates Distinguished Practitioner.
• Profiled by the Washington Post in 2000 as one of the most influential policy experts in information security (Security Guard on p. H5, June 19, 2000).
• Named as one of the "Five Most Influential Leaders in Information Security" by the readers of the magazine Information Security in 1999.

In Computing & Science

• Fellow of the ACM.
• Fellow of the American Association for the Advancement of Science (AAAS).
• Fellow of the IEEE.
• Charter member of the IEEE Computer Society's Golden Core.
• Elected to Upsilon Pi Epsilon.
• Named to the Georgia Tech College of Computing Hall of Fame

In Education

• Awarded the Taylor L. Booth Medal in 2004 by the IEEE Computer Society for For excellence as an educator, and for outstanding contributions to the definition, materials and practice of information security and computing.
• Named to Purdue's Book of Great Teachers in 2003.
• Awarded the Murray Founder's Medal in 2001 by the NCISSE (National Colloquium for Information Systems Security Education) for Outstanding Contributions to Information Security Education.
• Year 2001 recipient of the Purdue University Outstanding Undergraduate Teaching Award in Memory of Charles B. Murphy.
• Named as a Fellow of the Purdue Teaching Academy in October 2001.
• Named as the Cecil H. and Ida Green Honors Professor at Texas Christian University in 1995.

Other Awards and Recognition

• Named as a Fellow of the Ponemon Institute in 2014.
• Presented with the ACM SIGCAS Making a Difference Award in 2004. The citation on the award is For his outstanding contribution to both the technical and public policy aspects of protecting the global cyberspace infrastructure.
• Presented with the U.S. Air Force medal for "Meritorious Civilian Service," in recognition of his work with the USAF Scientific Advisory Board. from 1999-2003.
• Presented with the Hall of Heritage Award from the SUNY State University of New York Brockport Alumni Association.
• Presented with an IEEE Computer Society Meritorious Service Certificate in 1992 …for participating in the 1991 Curriculum Task Force.
• Received an Award of Distinguished Technical Communication (highest award) and Award of Merit from the Society for Technical Communications in 1996, for Practical Unix and Internet Security (2nd edition).
• Named to the the State University of New York's Alumni Honor Roll in 1995.

Top

Professional Activities

U.S. Government

Dr. Spafford has been consulted by parts of the U.S. government, including delivering formal Congressional testimony nine times. He has contributed to 10 major amicus curiae briefs before U.S. courts, including the Supreme Court. He has acted in an advisory capacity for several agencies and commissions as detailed above.

Media

Spaf has a nearly 40-year history of being a resource for, and quoted in, news media. This has included video appearances on ABC News, CNN, Fox News, and the BBC. He has been interviewed and quoted numerous times in the NY Times, Wall St Journal, Newsweek, the Washington Post, USA Today, the Chronicle of Higher Education, Consumer Reports, Wired, and other international, national, and regional outlets.

Writing & Editing

Professor Spafford is currently on the advisory and editorial boards of the journals

• Computers & Security (formerly as the Academic/Associate Editor, now as Editor-in-Chief)
• Network Security
• International Journal on Critical Infrastructure Protection
• International Journal of Information and Computer Security
• Array

He has written extensively in the field of computer security, including coauthoring an award-winning book on UNIX Security, Practical Unix & Internet Security ( O'Reilly and Associates, 1991; 2nd edition 1996; 3rd edition 2003) and a widely-cited book on computer viruses, Computer Viruses (ADAPSO, 1989). He has also served as contributing editor to Computer Crime: A Crime-Fighters Handbook ( O'Reilly and Associates, 1995), and Web Security, Privacy and Commerce, ( O'Reilly and Associates, 1997; 2nd edition 2002). He has published well over 100 papers and reports on his research. He has also spoken internationally at panels, conferences, symposia, and colloquia on these issues.

Spaf is currently writing a book with Leigh Metcalf and Josiah Dykstra, tentatively entitled Myths and Misperceptions in Cybersecurity. It is scheduled for publication in late 2022.

Selected Memberships and Chairmanships

• Member of the US Air Force Air University Board of Visitors, 2009-2013.
• Member of the advisory board for the U.S. Naval Academy's Center for Cyber Security Studies, 2011-2021.
• Member of the National Security Advisory Board for Sandia National Laboratory, 2021-present.
• Member of the President's Information Technology Advisory Committee ( PITAC ), 2003-2005.
• Chair of the ACM's US Public Policy Committee, USACM, 1998-2014,and 2015-2015.
• One of ACM's two representatives on the Board of Directors of the Computing Research Association, 1998-2007 and 2022-2025.
• Member of the National Steering Committee of the FBI's Regional Computer Forensic Laboratory Program (RCFL) from 2003-2005.
• Member of the U.S. GAO (General Accountability Office) Executive Council on Information Management and Technology, 2003-present.
• Member (and former chair) of IFIP's TC 11 working group on network security (WG 4), and former member of WG 9 on computer forensics.
• Member of the US Air Force Scientific Advisory Board, 1999-2003; consultant in 2007 and 2008.
• Fellow of the ACM, and member of ACM Council 2012-2016.
• Fellow of the Computer Society of the IEEE.
• Fellow of the American Academy of Arts and Sciences, (AAA&S)
• Fellow of the American Association for the Advancement of Science (AAAS).
• Member of Sigma Xi.

Professor Spafford has also served as chairman of ACM's Self-Assessment Committee and of its ISEF Awards Committee, as well as served as a charter member of the Technical Standards Committee. He was co-chair of the ACM's Advisory Committee on Security and Privacy, now defunct. He has served as a member of ACM Council (the board of directors) 2012--2020. He was chair of ACM's Publications Plagiarism and Ethics Committee 2017-2022, and vice-chair 2022-2023.

Over the past few years, Professor Spafford has served in an advisory or consulting capacity on information security and computer crime with several U.S. government agencies and their contractors, including the NSF's CISE division, FBI, National Security Agency, U.S. Attorney's Office, the Secret Service, and the U.S. Air Force. He has also been an advisor to several Fortune 500 companies, law firms, and state and national law enforcement agencies around the world. Spaf was a member of the Defense Science Study Group V and was a member of the science study group supporting the U.S. Government's Infosec Research Council. He is a past member of the Board of Directors of the National Colloquium on Information Systems Security Education, was a member of the board of directors of the Network Time Foundation and of the Sun User Group (now defunct).

Incident Response

Spaf has been involved with security incident response both as an educator and as a practitioner. He has served as a member of the advisory boards of both CERT/CC and the FIRST (FIRST is the Forum of Incident Response and Security Teams). He was the founder and co-director of the Purdue Computer Emergency Response Team until 2001.

Top

At Purdue

Teaching

In 1987, Professor Spafford joined the academic faculty of the Department of Computer Science at Purdue University. At Purdue, he has taught courses in operating systems, compiler and language design, computer security, computer architecture, software engineering, networking and data communications, and issues of ethics and professional responsibility. Over the last few years Professor Spafford has been recognized with the top three awards for teaching at Purdue University.

Research

Dr. Spafford's primary research is on issues relating to information security, with a secondary interest in the reliability of computer systems, and the consequences of computer failures. In addition to work in computer and network security, this involves research into issues of computer crime, and issues of liability and professional ethics. His work in security has resulted in several oft-cited papers and a number of books, as well as the development of the COPS and Tripwire security programs for Unix --- tools used world-wide for assistance in the management of system security.

Spaf's involvement in information security led, in early 1992, to his formation at Purdue of the COAST Project and Laboratory, of which he was the director. This was an effort to develop workable security technology and practical tools. In May of 1998, Purdue University formed the Center for Education and Research in Information Assurance and Security ( CERIAS ) and appointed Spaf as its first Director. This university-wide center is addressing the broader issues of information security and information assurance, and draws on expertise and research across all of the academic disciplines at Purdue. Because of its structure, and the incorporation of the COAST group in its activities, the CERIAS is the largest and most broadly-structured academic research center in the world in its field. In 2003, Spafford was promoted to Executive Director of CERIAS, which he held until summer 2016, when he was given the title Executive Director Emeritus.

In addition to his security research, Spaf has been an active researcher with the Software Engineering Research Center ( SERC ) --- an NSF University/Industry Cooperative Research Center, located jointly at several universities including Purdue. His research in the SERC included continuing work with testing technology, including the Mothra II testing environment; and with investigation of new approaches to software debugging, including development of the Spyder debugging tool.

Dr. Spafford has also conducted research on issues relating to increasing the reliability of computer systems, and the consequences of computer failures. This includes work with distributed computing systems (the Messiahs project).

Top

Background

Dr. Spafford received his B.A. degree with a double major in Mathematics and Computer Science from the State University of New York Brockport (1979, NY). Upon graduation, he was honored with a SUNY College President's Citation. He then attended the School of Information and Computer Science (now the College of Computing ) at Georgia Institute of Technology, holding both a Georgia Tech President's Fellowship and a National Science Foundation Graduate Fellowship.

Spaf received his M.S. in 1981, and the Ph.D. in 1986 for his design and implementation of the original Clouds reliable, distributed operating system kernel, and for his contributions as one of the original members of the Clouds design team. Next, Dr. Spafford spent a year and a half as a research scientist (postdoc) with the Software Engineering Center at Georgia Tech. His duties there included serving as a principal software engineer with the Mothra software testing project.

Other Information

Spaf is also responsible for a number of "firsts" in computer science; a selection of these is available.

Spaf's full curriculum vitae is online.

Someone created a Wikipedia page on Spaf; it looks mostly accurate.

A print-quality photo may be found here.

Top