Biographical Information on

Fred Cohen

Fred Cohen is best known as the person who defined the term "computer virus" and the inventor of most of the widely used computer virus defense techniques, the principal investigator whose team defined the information assurance problem as it relates to critical infrastructure protection, as a seminal researcher in the use of deception for information protection, as a leader in advancing the science of digital forensic evidence examination, and as a top flight information protection consultant and industry analyst. But his work on information protection extends far beyond these areas.

In the 1970s he designed network protocols for secure digital networks carrying voice, video, and data; and he helped develop and prototype the electronic cashwatch for implementing personal digital money systems. In the 1980s, he developed integrity mechanisms for secure operating systems, consulted for many major corporations, taught short courses in information protection to over 10,000 students worldwide, and in 1989, he won the prestigious international Information Technology Award for his work on integrity protection. As a businessman, he was co-founder of The Radon Project, a laboratory that measured air and water samples for contaminants, and which he grew as President from 8 to 250 employees in a period of less than 2 years. In the 1990s, he developed protection testing and audit techniques and systems, secure Internet servers and systems, defensive information warfare techniques and systems, early systems using deception for information protection, and bootable CDs designed for forensics and secure server applications. All told, the protection techniques he pioneered now help to defend more than three quarters of all the computers in the world, including the core technologies used in antivirus mechanisms and trusted platform modules.

Fred has authored more than 200 invited, refereed, and other scientific and management research articles, wrote a monthly column for Network Security magazine on managing network security for 6 years starting in 1995 and continues as an Internet-based series through today nearly 20 years later, and has written several widely read books on information protection. His series of "Infosec Baseline" studies have been widely used by the research community as stepping off points for further research, his "50 Ways" series is very popular among practitioners looking for issues to be addressed, and his "Deception for Protection" series of papers is widely cited. His "Chief Information Security Officers ToolKit" series of books and booklets have been used by leading security practitioners around the globe, while his "Frauds Spies and Lies and How to Defeat Them" book has been the subject of radio talk shows, and his "World War 3 ... Information Warfare Basics" was highly regarded among the thinkers in this arena. His most recent books have focused on "Enterprise Information Protection Architecture", "Challenges to Digital Forensic Evidence", and "Digital Forensic Evidence Examination" and are used in graduate classes and other venues around the globe.

As a corporate consultant and industry analyst Fred has helped advise hundreds of the world's largest enterprises on security and risk management strategy and their information protection programs. As a consultant to and researcher for the U.S. government he was the principal investigator on seminal studies in defensive information operations, he was the principal investigator on the national information security technical baseline series of reports, founded the College Cyber Defenders program at Sandia National Laboratories that ultimately led to the formation of the CyberCorps program, and led projects ranging from 'Resilience' to 'The Invisible Router'. He has also worked in critical infrastructure protection, with law enforcement, and with the intelligence community to help improve their ability to deal with computer related crime and emerging threats to national security. He has worked on issues of digital forensics, including work for many large corporations, testimony in federal and state criminal and civil matters, and pro bono and state-funded work for indigent defendants, and in 2002, he won the "Techno-Security Industry Professional of the Year" Award. In 2009, he was named the "most famous hacker" of all time by ABC news, although they associated his work with some of the more infamous computer attackers, and failed to notice the difference between security expertise and people who commit computer crimes.

Fred has participated in and created numerous strategic scenario games. He devised and ran the first Internet-based strategic information warfare wargame and held several initial trial Internet-based games involving national defense and corporate personnel. In 1998, he introduced the Internet Game for information security policy development, training, and awareness in corporate, educational, and government environments, and followed this up with the Sexual Harassment Game which helps train employees on sexual harassment policies and processes. His introduction of several security games and simulations to the Internet are excellent examples of the work he has done in this area. He has also developed several strategic scenarios for government and private use and operated strategic scenarios in university classes as a fun path to better understanding. Another area where Dr. Cohen is well known is in his use of magic tricks during presentations and in classes, particularly in deception and counter-deception classes, where these tricks are used to demonstrate cognitive errors at the heart of deception.

Patented and copyrighted technologies Dr. Cohen has produced include D-Wall, Responder and related deception technologies; the White Glove bootable linux distributions; Influence and Decider technologies for improving human decision making and justification; JDM, Security Metrics, and related tools supporting improved support for protection processes and practices; Standards of Practice for information protection, ForensiX and Forensic Fonts digital forensic evidence examination systems, the CID analysis and simulation platform for information attack and defense, the THTTPD mathematically proven secure Web server, and Advanced System Protection and Integrity Toolkit integrity protection systems.

Over the past 40 years, Fred has managed organizations and projects with as many as 250 employees. Several projects he led have resulted in new business in excess of $10 million, and one project led to a 5-year government contract with a ceiling of over $1.7 billion. He led a 35-person research team at Sandia National Laboratories for almost 5 years and produced several patents, copyrighted software programs, and publications in the process. He also, along with Tom Johnson, founded California Sciences Institute, a graduate non-profit educational institution with Masters programs in National Security and Advanced Investigations and Ph.D. programs in National Security and Digital Forensics, which has since become part of Webster University.

Today, Dr. Cohen is CEO of Fred Cohen & Associates, a firm that does research and advisory services exclusively for the US government, CEO of Management Analytics, a firm specializing in research and advisory services and litigation support for non-Federal customers, and a Senior Partner at Fearless Security, LLC, a firm specializing in examination and specification of information protection. He is also acting director of the Webster University CyberLab.

His combination of management, technical, and communication skills, allows him to effectively bridge the gap between decision makers and implementers. His involvement in and understanding of corporate, national, and global issues, provides a context that allows him to meet challenges of unlimited size and scope. With almost 40 years of experience and a global reputation for integrity, accuracy, and innovation, Fred Cohen is widely considered one of the world's leading authorities in information protection.

Related Information