David Brumley

Picture of David Brumley
David started as a Professor of Electrical and Computer Engineering at Carnegie Mellon University and later became the Director of CyLab, the CMU cyber security department. He is a well-known researcher in software security, network security, and applied cryptography. Brumley was the faculty advisor to the Plaid Parliament of Pwning, a Capture the Flag team that is internationally ranked as a top competitive hacking team. In 2016, he led his team of researchers to create Mayhem, an autonomous cyber reasoning system, for the DARPA Cyber Grand Challenge. He and his team took first place, proving the concept of autonomous cyber. Brumley founded ForAllSecure with the mission to secure the world's software and serves as the company's CEO.

Recent Posts

Game Theory: Why System Security Is Like Poker, Not Chess

The 1980’s film “Wargames” asked a computer to learn whether global thermonuclear war made sense. In the film, thermonuclear war didn’t make sense but what if, in real life, preemptive cyberattacks were our best hope for winning? Or better yet, what are the cyberwar scenarios and incentives when peace is the best strategy, just like “Wargames”?..

Read More

Mayhem Moves to Production with the Department of Defense

In 2016, Mayhem -- then still a research prototype -- showed that fully autonomous cybersecurity was possible. This was just the first step.

Read More

ForAllSecure's Response to COVID-19

COVID-19 is a global pandemic that affects everyone. We all need to work together, and I wanted to share with you some of the things ForAllSecure is doing.

Read More

Will Autonomous Security Kill CVEs?

How many potholes did you encounter on your way into work today? How many of them did you report to the city?

Read More

Why I'm not Sold on Machine Learning in Autonomous Security: Some Hard Realities on the Limitations of Machine Learning in Autonomous netsec

Tell me if you’ve heard this: there is a new advanced network intrusion device that uses modern, super-smart Machine Learning (ML) to root out known and unknown intrusions. The IDS device is so smart, it learns what’s normal on your network and does not immediately inform you when it sees an anomaly. Or maybe it’s an intrusion prevention system..

Read More

New to Autonomous Security? The Components, The Reality, and What You Can Do Today.

Autonomy is just another word for automating decisions. And we can make cyber more autonomous. This has been proven in in-depth scientific work in top-tier research venues, a 2016 public demonstration by DARPA(the Defense Advanced Research Projects Agency), and new industry tools.

Read More

Onward to the Next Chapter in ForAllSecure’s Journey

Welcome back to the second installment of the ForAllSecure Journey series. In my previous post, we took a look back at ForAllSecure’s history. In today’s piece, I’d like to share not only my vision for the future, but also an exciting announcement.

Read More

A Reflection on ForAllSecure's Journey in Bootstrapping Behavior Testing Technology

Software security is a global challenge that is slated to grow worse. The application attack surface is growing by 111 billion new lines of software code every year, with newly reported zero-day exploits rising from one-per-week in 2015 to one-per-day by 2021, according to the Application Security Report from Cybersecurity Ventures. Mobile..

Read More

Mayhem Wins DARPA CGC

Mayhem is a fully autonomous system for finding and fixing computer security vulnerabilities.On Thursday, August 4, 2016, Mayhem competed in the historical DARPA Cyber Grand Challenge against other computers in a fully automatic hacking contest...and won.  The team walked away with $2 million dollars, which ForAllSecure will use to continue its..

Read More

Why CGC Matters to Me

By David Brumley

In 2008 I started as a new assistant professor at CMU. I sat down, thought hard about what I had learned from graduate school, and tried to figure out what to do next. My advisor in graduate school was Dawn Song, one of the top scholars in computer security. She would go on to win a MacArthur "Genius" Award in 2010. She's a..

Read More

Stay Connected

Information Management Today

Subscribe to updates