Today (June 30) is my last day as CERIAS Executive Director. This marks the end of a process that began about 15 months ago, when it was unexpectedly announced that my appointment was not being renewed. Last week, the dean responsible announced the appointment of Professor Dongyan Xu as interim executive director as of July 1. He also announced, to our surprise, that Professor Elisa Bertiino would not be reappointed as CERIAS Director of Research. I wish to express my deep gratitude to Elisa for her support and her participation in the growth of CERIAS; I very much value having Elisa as a colleague.
I will not make any other public comments at this time about this transition other than to voice my unequivocal support of Dongyan, and of the wonderful CERIAS staff. Dongyan is an outstanding scholar and colleague, and he has a long history of active involvement with CERIAS. I helped recruit him to Purdue in 2001 as a new assistant professor working in security, so I am very familiar with his background. He has worked with CERIAS as he has advanced through the academic ranks, so he has the experience — both professional and personal — to handle the job in this time of transition.
Looking back, I have had the honor of working with some incredible people over the last 25 years, first as leader of the COAST Laboratory, and then as the founder and (executive) director of CERIAS. CERIAS participants have set an example of “thinking differently” to effect a profound and lasting set of changes — many of which are not recognized nor appreciated locally; As with most things in academia, the further away one gets from one’s home institution in space and time, the more the value of contributions are understood! It is widely acknowledged outside that our faculty, staff, and students have made a huge contribution to establishing cyber security as an academic discipline.
When CERIAS was founded in 1998, there were only four small academic groups in the world that were devoted to cyber security, and they were all quite small. CERIAS was established to help build the field, establish leadership, and investigate new ideas, all while embracing the spirit of the land-grant university to perform research in the public good. In the years since then, our local community has:
What is more, we helped show that the whole field of cyber protection is really multidisciplinary — it is more than computer science or engineering, but a rich area of study that includes a range of disciplines. Over the last 18 years, we have had faculty from 20 different academic departments participate in CERIAS activities…and still do.
Also back in 1998, there were few programs producing graduates with concentrations in cyber security. I did a survey for some Congressional testimony at the time, and found that only about 3 PhDs a year were being produced in all of the US (and almost none elsewhere) in the field (excluding cryptography). Although not explicitly part of CERIAS, which is a research-only entity, CERIAS participants also:
As the (in parallel) head of the Interdisciplinary Information Security (INSC) graduate program, I have seen the synergy between CERIAS and INSC, and pleased to be a part of both.
Looking back, it has been wonderful to see these results, and to work with such a wonderful collection of faculty, staff, and students. Unlike efforts at some other institutions of higher education, our primary goal has not been to generate “buzz” for faculty to start up their own companies, or to see how much funding we could rake in for bragging rights. Instead, we have sought to do the “right thing” by our students and the public: produce innovative ideas and well-educated graduates who could go out to make the world a better place for everyone. By any measure, we have done so.
Coincidentally, not only am I ending my time as Executive Director of CERIAS today, I am also finishing 20 years of service as the chair or co-chair of ACM’s US Public Policy Council. Coupled with some recent personal changes, this has been a very event-filled few months.
Those of you who know me know that I try to look forward more than look back. So, what am I looking forward to?
To start with, I will be assuming the role (and title) of Executive Director Emeritus. In that role, I will be helping Dongyan, Joel, and Jerry with whatever next steps seem right for CERIAS. I will continue to be the head of the INSC Interdisciplinary Graduate program here at Purdue. I have a few PhD students in progress who I will continue to work with. I may restart the COAST Lab with my own set of projects, if I can find some external partners willing to help fund that effort. I will continue to work with USACM as Immediate Past Chair, and serve as an at-large member of the ACM Council. I will continue to be Editor-in-Chief of the journal Computers & Security (the oldest journal in the field). Thus, I won’t lack for things to do!
Being forced to make changes often encourages us to consider more than we might have, had status quo remained. Times of change are often the best times to make other, possibly major, changes, so some of the above may be subject to change, too! (Ideas -- and offers -- welcomed.)
In closing, my huge thanks to those who have engaged positively with me in my CERIAS role over the last 18 years. And please join me in wishing Dongyan good fortune in his new, interim role.
The nomination cycle for the 2016 induction into the Cyber Security Hall of Fame is now open.