Some new items about Spaf in the news can be found here, on the News page. That page also indicates some upcoming appearances and events.
At the 27th CERIAS Security Symposium, Purdue University's Provost presented me with a crystal testimonial recognizing 25 years of leadership as founding academic head of Purdue's Interdisciplinary Information Security program — the world's first accredited cybersecurity degree program.
I have been appointed to the CLEAR Taskforce. CLEAR is the Community-Led Ethics for Accountability in Research, focusing on issues of publishing and scientific ethics.
I have been named to the Advisory Council for the MITRE ATT&CK framework.
I have been the Editor-in-Chief of the journal Computers & Security for 15 years. December 31, 2025 was my last day in this role. You can read my final editorial in the journal. As of January 1, 2026, I am the Editor Emeritus (Consulting Editor).
It was announced at RSAC 2024 that Cybersecurity Myths and Misconceptions has been added to the Cybersecurity Canon Hall of Fame.
The announcement noted this about the Hall of Fame "This is an authoritative and exclusive list of must-read books for all cybersecurity practitioners - be they from industry, government or academia — where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional's education that will make the practitioner incomplete."
Have you gotten your copy of the book? Cybersecurity Myths and Misconceptions: Avoiding Hazards and Pitfalls That Derail Us by Spaf, Leigh Metcalf, and Josiah Dykstra. See the informational handout for details including:
See this handout (PDF)
The book is now available in a Japanese translation! You can get it on the Japan Amazon site.
And, related to that, the book is now available as an audiobook!