Narrative Bio for Spaf

Home

In the News & On the WWW

Short Bio

Full C.V.

Selected Firsts

Notable Activities

My Tumblr Log (Blog)

My CERIAS Blog Posts

Spaf & the US Gov

Courses & Teaching

Information for Grad Students

Students Past and Present

Research and Papers

Selected Quotes

Miscellaneous Items

• • •

Position

Eugene H. Spafford is one of the senior, most recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including Microsoft, Intel, Unisys, the US Air Force, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Justice, the Department of Energy, and two Presidents of the United States. With nearly three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. He is responsible for a number of "firsts" in several of these areas.

Dr. Eugene Spafford is a professor with an appointment in Computer Science at Purdue University, where he has served on the faculty since 1987. He is also a professor of Philosophy (courtesy), a professor of Communication (courtesy)and a professor of Electrical and Computer Engineering (courtesy). He is the Executive Director of the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS).

As of 2007, Spaf is also an Adjunct Professor of Computer Science at the University of Texas at San Antonio, and is Executive Director of the Advisory Board of the new Institute for Information Assurance there.

Spaf serves on a number of advisory and editorial boards, and has been honored numerous times for his writing, research, and teaching on issues of security and ethics. This includes receiving nearly every major award in the field of cyber security, and every award Purdue gives for excellence in teaching and educational development. (See below)

Honors & Awards

General

• Named as the 2009 recipient of the CRA Distinguished Service Award.
• Presented with the ACM President's Award in 2007. The citation was "...for his long and effective leadership on issues of computer security and policy, professional responsibility, and the Internet." (Press release.)
• Presented with an honorary D.Sc. (Doctor of Science) degree from the trustees of the State University of New York in 2005 at spring commencement of the State University College at Brockport.

In Security

• Named as a Distinguished Fellow of the ISSA in 2009.
• Awarded the 2006 Outstanding Contribution Award of the ACM Special Interest Group on Security, Audit and Control.
• Awarded the 2006 Joseph J. Wasserman award of the ISACA New York Metropolitan Chapter "... for your overall body of work and contributions to the information security profession."
• Named by Network World as one of the "50 Most Powerful People in Networking" (in the security group) at the end of 2006.
• Awarded the 2005 IEEE Computer Society Technical Achievement Award. The citation on the award is For contributions to information security and digital forensics. (Previous award winners are noted here.)
• Named to the ISSA (Information Systems Security Association) Hall of Fame in 2001 and made a Lifetime Member.
• Awarded status as an Honorary CISSP by the Board of Directors of the (ISC)² (also a Fellow of the ISC² as of 2008).
• 2000 NIST/NCSC (of the NSA) National Computer System Security Award recipient.
• Year 2000 Applied Computer Security Associates Distinguished Lecturer.
• Profiled by the Washington Post in 2000 as one of the most influential policy experts in information security (Security Guard on p. H5, June 19, 2000).
• Named as one of the "Five Most Influential Leaders in Information Security" by the readers of the magazine Information Security in 1999.

In Computing & Science

• Fellow of the ACM.
• Fellow of the AAAS.
• Fellow of the IEEE.
• Charter member of the IEEE Computer Society's Golden Core.
• Elected to Upsilon Pi Epsilon .

In Education

• Awarded the Taylor L. Booth Medal in 2004 by the IEEE Computer Society for For excellence as an educator, and for outstanding contributions to the definition, materials and practice of information security and computing.
• Named to Purdue's Book of Great Teachers in 2003.
• Awarded the Murray Founder's Medal in 2001 by the NCISSE (National Colloquium for Information Systems Security Education) for Outstanding Contributions to Information Security Education.
• Year 2001 recipient of the Purdue University Outstanding Undergraduate Teaching Award in Memory of Charles B. Murphy.
• Named as a Fellow of the Purdue Teaching Academy in October 2001.
• Named as the Cecil H. and Ida Green Honors Professor at Texas Christian University in 1995.

Other Awards and Recognition

• Presented with the ACM SIGCAS Making a Difference Award in 2004. The citation on the award is For his outstanding contribution to both the technical and public policy aspects of protecting the global cyberspace infrastructure.
• Presented with the U.S. Air Force medal for "Meritorious Civilian Service," in recognition of his work with the USAF Scientific Advisory Board. from 1999-2003.
• Presented with the Hall of Heritage Award from the SUNY Brockport College Alumni Association.
• Presented with an IEEE Computer Society Meritorious Service Certificate in 1992 …for participating in the 1991 Curriculum Task Force.
• Received an Award of Distinguished Technical Communication (highest award) and Award of Merit from the Society for Technical Communications in 1996, for Practical Unix and Internet Security (2nd edition).
• Named to the the State University of New York's Alumni Honor Roll in 1995.

Top

Professional Activities

Writing & Editing

Professor Spafford is currently on the advisory and editorial boards of the journals

• Computers & Security (as the Academic/Associate Editor)
• Network Security
• International Journal on Critical Infrastructure Protection
• International Journal of Information and Computer Security
• ACM Transactions on Computing Education

He has written extensively in the field of computer security, including coauthoring an award-winning book on UNIX Security, Practical Unix & Internet Security (O'Reilly and Associates, 1991; 2nd edition 1996; 3rd edition 2003) and a widely-cited book on computer viruses, Computer Viruses (ADAPSO, 1989). He has also served as contributing editor to Computer Crime: A Crime-Fighters Handbook (O'Reilly and Associates, 1995), and Web Security, Privacy and Commerce, (O'Reilly and Associates, 1997; 2nd edition 2002). He has published over 100 papers and reports on his research. He has also spoken internationally at panels, conferences, symposia, and colloquia on these issues.

Selected Memberships and Chairmanships

• Member of the US Air Force Air University Board of Visitors, 2009-present.
• Member of the President's Information Technology Advisory Committee (PITAC), 2003-2005.
• Chair of the ACM's US Public Policy Committee, USACM, 1998-present.
• One of ACM's two representatives on the Board of Directors of the Computing Research Association, 1998-2007.
• Member of the National Steering Committee of the FBI's Regional Computer Forensic Laboratory Program (RCFL) from 2003-2005.
• Member of the U.S. GAO (General Accountability Office) Executive Council on Information Management and Technology, 2003-present.
• Member (and former chair) of IFIP's TC 11 working group on network security (WG 4), and member of WG 9 on computer forensics.
• Member of the US Air Force Scientific Advisory Board, 1999-2003; consultant in 2007 and 2008.
• Member and Fellow of the ACM.
• Member and Fellow of the Computer Society of the IEEE.
• Member of the Usenix Association, and that organizations's campus representative at Purdue.
• Member and Fellow of the AAAS.
• Member of Sigma Xi.

Professor Spafford has also served as chairman of ACM's Self-Assessment Committee and of its ISEF Awards Committee, as well as served as a charter member of the Technical Standards Committee. He was co-chair of the ACM's Advisory Committee on Security and Privacy, now defunct.

Over the past few years, Professor Spafford has served in an advisory or consulting capacity on information security and computer crime with several U.S. government agencies and their contractors, including the NSF's CISE division, FBI, National Security Agency, U.S. Attorney's Office, the Secret Service, and the U.S. Air Force. He has also been an advisor to several Fortune 500 companies, law firms, and state and national law enforcement agencies around the world. Spaf was a member of the Defense Science Study Group V and was a member of the science study group supporting the U.S. Government's Infosec Research Council. He is a past member of the Board of Directors of the National Colloquium on Information Systems Security Education and of the Sun User Group.

Incident Response

Spaf has been involved with security incident response both as an educator and as a practitioner. He has served as a member of the advisory boards of both CERT/CC and the FIRST (FIRST is the Forum of Incident Response and Security Teams). He was the founder and co-director of the Purdue Computer Emergency Response Team until 2001.

Top

At Purdue

Teaching

In 1987, Professor Spafford joined the academic faculty of the Department of Computer Science at Purdue University. At Purdue, he has taught courses in operating systems, compiler and language design, computer security, computer architecture, software engineering, networking and data communications, and issues of ethics and professional responsibility. Over the last few years Professor Spafford has been recognized with the top three awards for teaching at Purdue University.

Research

Dr. Spafford's primary research is on issues relating to information security, with a secondary interest in the reliability of computer systems, and the consequences of computer failures. In addition to work in computer and network security, this involves research into issues of computer crime, and issues of liability and professional ethics. His work in security has resulted in several oft-cited papers and a number of books, as well as the development of the COPS and Tripwire security programs for Unix --- tools used world-wide for assistance in the management of system security.

Spaf's involvement in information security led, in early 1992, to his formation at Purdue of the COAST Project and Laboratory, of which he was the director. This was an effort to develop workable security technology and practical tools. In May of 1998, Purdue University formed the Center for Education and Research in Information Assurance and Security (CERIAS) and appointed Spaf as its first Director. This university-wide center is addressing the broader issues of information security and information assurance, and draws on expertise and research across all of the academic disciplines at Purdue. Because of its structure, and the incorporation of the COAST group in its activities, the CERIAS is the largest and most broadly-structured academic research center in the world in its field. In 2003, Spafford was promoted to Executive Director of CERIAS.

In addition to his security research, Spaf has been an active researcher with the Software Engineering Research Center (SERC) --- an NSF University/Industry Cooperative Research Center, located jointly at several universities including Purdue. His research in the SERC included continuing work with testing technology, including the Mothra II testing environment; and with investigation of new approaches to software debugging, including development of the Spyder debugging tool.

Dr. Spafford has also conducted research on issues relating to increasing the reliability of computer systems, and the consequences of computer failures. This includes work with distributed computing systems (the Messiahs project).

Top

Background

Dr. Spafford received his B.A. degree with a double major in Mathematics and Computer Science from the State University College at Brockport (1979, NY). Upon graduation, he was honored with a SUNY College President's Citation. He then attended the School of Information and Computer Science (now the College of Computing) at Georgia Institute of Technology, holding both a Georgia Tech President's Fellowship and a National Science Foundation Graduate Fellowship.

Spaf received his M.S. in 1981, and the Ph.D. in 1986 for his design and implementation of the original Clouds reliable, distributed operating system kernel, and for his contributions as one of the original members of the Clouds design team. Next, Dr. Spafford spent a year and a half as a research scientist (postdoc) with the Software Engineering Center at Georgia Tech. His duties there included serving as a principal software engineer with the Mothra software testing project.

Other Information

Spaf is also responsible for a number of "firsts" in computer science; a selection of these is available.

Spaf's full curriculum vitae is online.

Someone created a Wikipedia page on Spaf; it looks mostly accurate.

A print-quality photo may be found here.

Top

Updated: 10/20/09