The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Changes for CERIAS…and Spaf


Today (June 30) is my last day as CERIAS Executive Director. This marks the end of a process that began about 15 months ago, when it was unexpectedly announced that my appointment was not being renewed. Last week, the dean responsible announced the appointment of Professor Dongyan Xu as interim executive director as of July 1. He also announced, to our surprise, that Professor Elisa Bertiino would not be reappointed as CERIAS Director of Research. I wish to express my deep gratitude to Elisa for her support and her participation in the growth of CERIAS; I very much value having Elisa as a colleague.

I will not make any other public comments at this time about this transition other than to voice my unequivocal support of Dongyan, and of the wonderful CERIAS staff. Dongyan is an outstanding scholar and colleague, and he has a long history of active involvement with CERIAS. I helped recruit him to Purdue in 2001 as a new assistant professor working in security, so I am very familiar with his background. He has worked with CERIAS as he has advanced through the academic ranks, so he has the experience — both professional and personal — to handle the job in this time of transition.

Looking back, I have had the honor of working with some incredible people over the last 25 years, first as leader of the COAST Laboratory, and then as the founder and (executive) director of CERIAS. CERIAS participants have set an example of “thinking differently” to effect a profound and lasting set of changes — many of which are not recognized nor appreciated locally; As with most things in academia, the further away one gets from one’s home institution in space and time, the more the value of contributions are understood! It is widely acknowledged outside that our faculty, staff, and students have made a huge contribution to establishing cyber security as an academic discipline.

When CERIAS was founded in 1998, there were only four small academic groups in the world that were devoted to cyber security, and they were all quite small. CERIAS was established to help build the field, establish leadership, and investigate new ideas, all while embracing the spirit of the land-grant university to perform research in the public good. In the years since then, our local community has:

  • grown our participating faculty to over 100, with visitors and senior grads of at least as many again
  • assisted over a dozen other universities, and dozens more smaller institutions, develop curricula and degrees in the area
  • initiated research into hundreds of new topic areas, bringing in over $100 million in externally funded research
  • supported several dozen companies and government agencies in our partner program, with research, policy, and hiring

What is more, we helped show that the whole field of cyber protection is really multidisciplinary — it is more than computer science or engineering, but a rich area of study that includes a range of disciplines. Over the last 18 years, we have had faculty from 20 different academic departments participate in CERIAS activities…and still do.

Also back in 1998, there were few programs producing graduates with concentrations in cyber security. I did a survey for some Congressional testimony at the time, and found that only about 3 PhDs a year were being produced in all of the US (and almost none elsewhere) in the field (excluding cryptography). Although not explicitly part of CERIAS, which is a research-only entity, CERIAS participants also:

  • helped produced 250 new PhDs in cyber security, cyber forensics, and privacy, and many more hundreds with MS degrees
  • established the first graduate program with an explicit information security degree
  • established a graduate certificate in public policy and cyber security
  • established an academic program in cyber forensics

As the (in parallel) head of the Interdisciplinary Information Security (INSC) graduate program, I have seen the synergy between CERIAS and INSC, and pleased to be a part of both.

Looking back, it has been wonderful to see these results, and to work with such a wonderful collection of faculty, staff, and students. Unlike efforts at some other institutions of higher education, our primary goal has not been to generate “buzz” for faculty to start up their own companies, or to see how much funding we could rake in for bragging rights. Instead, we have sought to do the “right thing” by our students and the public: produce innovative ideas and well-educated graduates who could go out to make the world a better place for everyone. By any measure, we have done so.

Coincidentally, not only am I ending my time as Executive Director of CERIAS today, I am also finishing 20 years of service as the chair or co-chair of ACM’s US Public Policy Council. Coupled with some recent personal changes, this has been a very event-filled few months.

Those of you who know me know that I try to look forward more than look back. So, what am I looking forward to?

To start with, I will be assuming the role (and title) of Executive Director Emeritus. In that role, I will be helping Dongyan, Joel, and Jerry with whatever next steps seem right for CERIAS. I will continue to be the head of the INSC Interdisciplinary Graduate program here at Purdue. I have a few PhD students in progress who I will continue to work with. I may restart the COAST Lab with my own set of projects, if I can find some external partners willing to help fund that effort. I will continue to work with USACM as Immediate Past Chair, and serve as an at-large member of the ACM Council.   I will continue to be Editor-in-Chief of the journal Computers & Security (the oldest journal in the field). Thus, I won’t lack for things to do!

Being forced to make changes often encourages us to consider more than we might have, had status quo remained. Times of change are often the best times to make other, possibly major, changes, so some of the above may be subject to change, too! (Ideas -- and offers -- welcomed.)

In closing, my huge thanks to those who have engaged positively with me in my CERIAS role over the last 18 years. And please join me in wishing Dongyan good fortune in his new, interim role.


Posted by Roz Spafford
on Thursday, June 30, 2016 at 08:50 PM

What extraordinary work you’ve done! I hope the road ahead will be equally engaging and productive.

Posted by Katherine Hartsell
on Thursday, June 30, 2016 at 08:51 PM

Best of luck in everything Spaf!!!  Welcome Dongyan!

Posted by Jerry Haan
on Friday, July 1, 2016 at 08:34 AM

Every definition of “emeritus” I could find includes the word “honor”.  According to Merriam-Webster the etymology of emeritus has its roots in mereo – to earn, deserve, and serve.  I find each of these words most appropriate in describing the impact that Professor Spafford has made – and will continue to make – in the cybersecurity community.

Spaf very clearly has earned a position of great respect by the community he serves.  When you consider the hundreds of security professionals that have learned from him and the advances in the state of the art in cybersecurity he has influenced there is no doubt he deserves to be among the leaders in this space.

While Spaf’s position of Executive Director Emeritus is defined by honor, it is my great honor to have recently joined the team at CERIAS.  I’m excited to be part of an organization that has a strong and solid core team of leadership, administration and faculty along with the added benefit of having access to someone the caliber of Executive Director Emeritus Spafford.

I look forward to great things from this team and CERIAS for a long time to come!

Posted by Randy Bond
on Friday, July 1, 2016 at 10:13 AM

Congratulations Spaf on a job well done.  You created something very fruitful, not just for Purdue, but for scholars and professionals far and wide.  Your vision, your intelligence, your energy, your generosity, and even your sense of humor have built all this.  I am happy to count myself as sometimes a collaborator, sometimes an admirer, and in every way a beneficiary.

Posted by Lonnie Bentley
on Friday, July 1, 2016 at 11:39 AM

Congratulations Spaf!  You have done great things and it was an honor to work with you!

Posted by Jeff Grove
on Friday, July 1, 2016 at 12:37 PM

Congratulations Spaf!  I will always be indebted to you for your patience, wisdom, insight, professionalism - and most of all - your friendship and wit as we worked to open the ACM Office of Public Policy 15 years ago and give the USACM community of computing experts a voice in Washington.  Please sign me up for the next DC Spaf-a-Thon and enjoy your next great endeavor.

Posted by John Clark
on Friday, July 1, 2016 at 12:49 PM

Spaf, you’ve been a pioneer in the field. I feel privileged to have worked with you in those early days of CERIAS.  Good luck with your next venture!

Posted by Rick Cosier
on Friday, July 1, 2016 at 01:15 PM

Thanks for all you have done, and will continue to do for Purdue and our society in general.  You are a true “pioneer” with vision and competence.  In my former role as the Founder and Director of the Burton D. Morgan Center for Entrepreneurship, I certainly recognized your propensity for innovation and entrepreneurship.  I continue to recognize and appreciate your interdisciplinary approach to a very important topic in today’s society. 
Rick Cosier
Dean Emeritus and Leeds Professor
The Krannert School of Management

Posted by Mike Muller
on Friday, July 1, 2016 at 02:22 PM

Spaf, you’ve been a pioneer in the field. I feel privileged to have worked with you in those early days of CERIAS.  Good luck with your next venture!

Posted by Simson Garfinkel
on Friday, July 1, 2016 at 08:01 PM

What an amazing run you’ve had, Spaf. It’s been an honor to work with you so far, and I hope to collaborate with you in some COAST Project in the future.

Posted by Aqib Iqbal
on Sunday, July 3, 2016 at 10:46 PM

Hey Spaf! Congrats and best of luck. I feel myself lucky for being your mate smile

Posted by Dale Gaumer
on Tuesday, July 5, 2016 at 01:14 PM

Spaf, I’ll not attempt to add to the appropriate professional tributes above. I do want to mention your openness and cordiality during every contact that I was privileged to experience.
Retirement has been a very busy and rewarding time for me, as I expect it will be for you.
All the best, my friend.

Posted by John Contreni
on Tuesday, July 12, 2016 at 03:17 PM

Dear Spaf,
Congratulations and thanks for all your contributions—pioneering as many have already observed—to the emerging field of cybersecurity and to Purdue University. You’ve had a remarkable run and made a significant impact.
Best wishes,

Leave a comment

Commenting is not available in this section entry.