David Brumley was appointed to lead Carnegie Mellon CyLab Security and Privacy Institute. Brumley is the third director of the campus-wide cybersecurity research and education center, and succeeds Electrical and Computer Engineering Professor Virgil Gligor, who is stepping down after seven years to focus on his research.
Brumley, whose research focuses on software security and program analysis, began as an assistant professor in the Department of Electrical and Computer Engineering after receiving his Ph.D. from Carnegie Mellon’s School of Computer Science in 2009. He was later promoted to Associate Professor and most recently served as CyLab’s Technical Director.
Brumley, an advocate for cybersecurity outreach, is the faculty sponsor of picoCTF, a high school computer security competition that has drawn over 10,000 student participants in each of the past two years it has been held. Brumley also leads a student
Bosch Recognizes Brumley
Coinciding with his appointment as the director of CyLab, Brumley was named the Bosch Distinguished Professor in Security and Privacy Technologies. The professorship was made possible with a $2.5 million dollar donation from Bosch, and it will always be awarded to the director of CyLab.
The goal of the new professorship is to support two critical research areas, including the creation of breakthrough technologies that enable internet-scale systems that connect the physical and cyber domains securely; and the development of next-generation technologies that enable and ultimately guarantee the use of personal data in accordance with individual privacy preferences in a ubiquitous computing world.
“As a global company focused on innovation and improving the quality of life, we work to provide innovative technological solutions to challenges facing our society now and in the future. The Internet of Things brings considerable promise, but also concern surrounding the security of our connected environment and the privacy of personal data,” said Jiri Marek, senior vice president, Bosch
Q&A with David Brumley
How have connected devices changed the cybersecurity landscape?
When we look at connected devices like home thermostats and other Internet of Things (IoT) devices, we know
There are nearly 1 million unfilled positions in cybersecurity in the US. Why is it difficult to fill cybersecurity positions in the United States?
Even though security and privacy professionals can easily command 6-figure salaries, there’s a problem with the current perception of cybersecurity as a profession, and I believe there are things we can do to change this.
First, we need to stop stigmatizing hackers. Many of us hear in the news about hackers going rogue, but that isn’t representative of the profession as a whole. The hackers I know are curious, imaginative professionals who can find the unexpected chinks in the armor. They can take a computer and bend it to their will.
People need to start recognizing cybersecurity as a uniquely skilled profession; IT professionals can’t be rebranded as security. Cybersecurity is a unique way of thinking. In this profession, we are competing with intelligent adversaries who are always looking for the open window when the door is locked.
Finally, everyone—from the 7-year-old playing games on an iPad to the
To initiate cyber education, at CMU, we run picoCTF, the hacking competition for high school students in which over 10,000 students have participated. Many discover they have a knack for computer security and