Cybersecurity Myths – Eugene Spafford – PSW #839
Early on in his career Spaf was working with microcode and continued to work on technical projects. As time went on he realized that focusing on the non-technical work, such as policies and shaping our thinking, would help move the needle. Borrowing concepts from his book on the subject, we will delve into some cybersecurity myths such as: Are users really the weakest link? Are cybersecurity vendors truly incentivized to provide better security? Do we agree on what cybersecurity really means? - Do not miss this segment!
Segment Resources: https://spaf.cerias.purdue.edu/pers/Myths.pdf
Guest
Eugene H. Spafford is one of the most senior academics in the field of cybersecurity. During his 44 years in computing—including 37 years as a faculty member at Purdue University — Spaf (as he is widely known) has worked on issues in privacy, public policy, law enforcement, software engineering, education, social networks, operating systems, and cyber security. He has been involved in the development of fundamental technologies in intrusion detection, incident response, firewalls, integrity management, and forensic investigation. His interests range over these and many other areas, and this has been one of the factors behind his leadership of CERIAS, the Center for Education and Research in Information Assurance and Security, where he is the Executive Director Emeritus.
Spaf has served as a senior advisor to US and International agencies, companies, and organizations. This has included advising corporate boards, consulting in judicial actions, and serving on study commissions. He has worked extensively with the US Air Force, the US Naval Academy, FBI, and DOE National Labs, the National Science Foundation, the ACM, Microsoft, Intel, Unisys, and the Computing Research Association — among others.
Dr. Spafford is a Fellow of the American Academy of Arts and Sciences (AAA&S), and the Association for the Advancement of Science (AAAS); a Life Fellow of the ACM, the IEEE, and the (ISC)2; a Life Distinguished Fellow of the ISSA; and a member of the Cyber Security Hall of Fame — the only person to ever hold all these distinctions. In 2012 he was named as one of Purdue’s inaugural Morrill Professors — the university’s highest award for the combination of scholarship, teaching, and service. In 2016, he received the State of Indiana’s highest civilian honor by being named as a Sagamore of the Wabash.