Narrative Bio for Spaf



In the News & On the WWW

Short Bio

Full C.V. PDF indicator

Selected Firsts

Notable Activities

My CERIAS Blog Posts

Spaf & the US Gov

Courses & Teaching

Information for Grad Students

Students Past and Present

Research and Papers

Selected Quotes

Miscellaneous Items

• • •

You can download a brief, 2-page bio in the form (approximately) used by DoD here .

An expanded, narrative biography follows. Full academic C.V. is available at the link in the left column.

You can find archived video of a number of my talks, conference addresses, and interviews on YouTube.


Eugene H. Spafford is one of the senior, most recognized leaders in the field of computing. His research and development work, including work with his students, underlies cyber security mechanisms in use on millions of systems in use today, including work in firewalls, intrusion detection, vulnerability scanners, integrity monitoring, forensics, and security architectures.

Professor Spafford has been honored with every significant award in cyber security, including induction into the Cyber Security Hall of Fame; every major award at Purdue University for teaching; and many major awards for distinguished service to the computing community, including the CRA Distinguished Service Award. He is one of only two people to receive all three of the National Computer Security Award, be inducted into the Cyber Security Hall of Fame, and receive the Hal Tipton Award. He is also the only person ever to be named as a Fellow of the combination of the (ISC)2, ISSA (as a Distinguished Fellow), ACM, IEEE. American Association for the Advancement of Science (AAAS), and American Academy of Arts and Sciences (AAA&S).

Spaf (as he is widely known) has established an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including Microsoft, Intel, Tripwire, SignaCert, Unisys, the US Air Force, Sandia National Laboratory, Los Alamos National Laboratory, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Justice, the Department of Energy, and the staff of two Presidents of the United States. With four decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. He is responsible for a number of "firsts" in several of these areas.

Dr. Eugene H. Spafford is a professor with primary appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. He also has courtesy appointments as a professor of Philosophy, a professor of Communication, a professor of Electrical and Computer Engineering, and a professor of Political Science. He is the Executive Director Emeritus of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS). In 2012 he was named as one of Purdue's inaugural Morrill Professors -- the university's highest award for faculty.

Starting in 2010, Spaf became Editor-in-Chief of the Elsevier journal Computers & Security , the oldest journal in the field of information security, and the official outlet of IFIP TC-11. Prior to this appointment, he served as Academic Editor (Associate Editor) of the journal from 1998–2009.

Dr. Spafford is a member and past chair of the ACM's US Technology Policy Committee (formerly the US Public Policy Council) and was a member of ACM Council from 2012-2020. He is a member of Verified Voting's Board of Advisors. He is (again) a member of the Board of Directors for the Computing Research Association.

Honors & Awards


In Security

In Computing & Science

In Education

Other Awards and Recognition


Professional Activities

U.S. Government

Dr. Spafford has been consulted by parts of the U.S. government, including delivering formal Congressional testimony nine times. He has contributed to 10 major amicus curiae briefs before U.S. courts, including the Supreme Court. He has acted in an advisory capacity for several agencies and commissions as detailed above.


Spaf has a nearly 40-year history of being a resource for, and quoted in, news media. This has included video appearances on ABC News, CNN, Fox News, and the BBC. He has been interviewed and quoted numerous times in the NY Times, Wall St Journal, Newsweek, the Washington Post, USA Today, the Chronicle of Higher Education, Consumer Reports, Wired, and other international, national, and regional outlets.

Writing & Editing

Professor Spafford is currently on the advisory and editorial boards of the journals

He has written extensively in the field of computer security, including coauthoring an award-winning book on UNIX Security, Practical Unix & Internet Security ( O'Reilly and Associates, 1991; 2nd edition 1996; 3rd edition 2003) and a widely-cited book on computer viruses, Computer Viruses (ADAPSO, 1989). He has also served as contributing editor to Computer Crime: A Crime-Fighters Handbook ( O'Reilly and Associates, 1995), and Web Security, Privacy and Commerce, ( O'Reilly and Associates, 1997; 2nd edition 2002). He has published well over 100 papers and reports on his research. He has also spoken internationally at panels, conferences, symposia, and colloquia on these issues.

Spaf is currently writing a book with Leigh Metcalf and Josiah Dykstra, tentatively entitled Myths and Misperceptions in Cybersecurity. It is scheduled for publication in late 2022.

Selected Memberships and Chairmanships

Professor Spafford has also served as chairman of ACM's Self-Assessment Committee and of its ISEF Awards Committee, as well as served as a charter member of the Technical Standards Committee. He was co-chair of the ACM's Advisory Committee on Security and Privacy, now defunct. He has served as a member of ACM Council (the board of directors) 2012--2020. He was chair of ACM's Publications Plagiarism and Ethics Committee 2017-2022, and vice-chair 2022-2023.

Over the past few years, Professor Spafford has served in an advisory or consulting capacity on information security and computer crime with several U.S. government agencies and their contractors, including the NSF's CISE division, FBI, National Security Agency, U.S. Attorney's Office, the Secret Service, and the U.S. Air Force. He has also been an advisor to several Fortune 500 companies, law firms, and state and national law enforcement agencies around the world. Spaf was a member of the Defense Science Study Group V and was a member of the science study group supporting the U.S. Government's Infosec Research Council. He is a past member of the Board of Directors of the National Colloquium on Information Systems Security Education, was a member of the board of directors of the Network Time Foundation and of the Sun User Group (now defunct).

Incident Response

Spaf has been involved with security incident response both as an educator and as a practitioner. He has served as a member of the advisory boards of both CERT/CC and the FIRST (FIRST is the Forum of Incident Response and Security Teams). He was the founder and co-director of the Purdue Computer Emergency Response Team until 2001.


At Purdue


In 1987, Professor Spafford joined the academic faculty of the Department of Computer Science at Purdue University. At Purdue, he has taught courses in operating systems, compiler and language design, computer security, computer architecture, software engineering, networking and data communications, and issues of ethics and professional responsibility. Over the last few years Professor Spafford has been recognized with the top three awards for teaching at Purdue University.


Dr. Spafford's primary research is on issues relating to information security, with a secondary interest in the reliability of computer systems, and the consequences of computer failures. In addition to work in computer and network security, this involves research into issues of computer crime, and issues of liability and professional ethics. His work in security has resulted in several oft-cited papers and a number of books, as well as the development of the COPS and Tripwire security programs for Unix --- tools used world-wide for assistance in the management of system security.

Spaf's involvement in information security led, in early 1992, to his formation at Purdue of the COAST Project and Laboratory, of which he was the director. This was an effort to develop workable security technology and practical tools. In May of 1998, Purdue University formed the Center for Education and Research in Information Assurance and Security ( CERIAS ) and appointed Spaf as its first Director. This university-wide center is addressing the broader issues of information security and information assurance, and draws on expertise and research across all of the academic disciplines at Purdue. Because of its structure, and the incorporation of the COAST group in its activities, the CERIAS is the largest and most broadly-structured academic research center in the world in its field. In 2003, Spafford was promoted to Executive Director of CERIAS, which he held until summer 2016, when he was given the title Executive Director Emeritus.

In addition to his security research, Spaf has been an active researcher with the Software Engineering Research Center ( SERC ) --- an NSF University/Industry Cooperative Research Center, located jointly at several universities including Purdue. His research in the SERC included continuing work with testing technology, including the Mothra II testing environment; and with investigation of new approaches to software debugging, including development of the Spyder debugging tool.

Dr. Spafford has also conducted research on issues relating to increasing the reliability of computer systems, and the consequences of computer failures. This includes work with distributed computing systems (the Messiahs project).



Dr. Spafford received his B.A. degree with a double major in Mathematics and Computer Science from the State University of New York Brockport (1979, NY). Upon graduation, he was honored with a SUNY College President's Citation. He then attended the School of Information and Computer Science (now the College of Computing ) at Georgia Institute of Technology, holding both a Georgia Tech President's Fellowship and a National Science Foundation Graduate Fellowship.

Spaf received his M.S. in 1981, and the Ph.D. in 1986 for his design and implementation of the original Clouds reliable, distributed operating system kernel, and for his contributions as one of the original members of the Clouds design team. Next, Dr. Spafford spent a year and a half as a research scientist (postdoc) with the Software Engineering Center at Georgia Tech. His duties there included serving as a principal software engineer with the Mothra software testing project.

Other Information

Spaf is also responsible for a number of "firsts" in computer science; a selection of these is available.

Spaf's full curriculum vitae is online.

Someone created a Wikipedia page on Spaf; it looks mostly accurate.

A print-quality photo may be found here.