David Brumley is a professor in the Electrical and Computer Engineering Department at Carnegie Mellon University with an additional courtesy in the Computer Science Department. He was previously the director of CyLab, the CMU Security and Privacy Institute. His research focuses on software security.

Brumley received his Ph.D. in Computer Science from Carnegie Mellon University, an M.S. in Computer Science from Stanford University, and a B.A. in Mathematics from the University of Northern Colorado. He served as a computer security officer for Stanford University from 1998-2002 and handled thousands of computer security incidents in that capacity. He is the faculty mentor for the Carnegie Mellon Hacking Team Plaid Parliament of Pwning (PPP), which is ranked internationally as one of the top teams in the world according to The team was ranked #1 in 2011, #2 in 2012, and #1 in 2013, and won DefCon 2013. Brumley received the USENIX Security Best Paper Award in 2003 and 2007, and an ICSE Distinguished Paper Award in 2014.<

Brumley’s honors include being selected for the 2010 DARPA CSSP program and 2013 DARPA Information Science and Technology Advisory Board, a 2010 NSF CAREER award, a 2010 United States Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama (the highest award in the US for early career scientists), and a 2013 Sloan Foundation Award.

2202 Collaborative Innovation Center
Google Scholar
David Brumley
David Brumley's website

Network Security: Protecting Today's Computers


2008 Ph.D., Computer Science, Carnegie Mellon University

2003 MS, Computer Science, Stanford University

1998 BA, Mathematics, University of North Colorado


Media mentions


Brumley talks about Biden’s plan for ethical hacking

ECE’s David Brumley spoke with Axios about Biden’s plan for ethical hacking for AI safety. Brumley said that “companies and policymakers need to shift their attention to the algorithms and data sources at the heart of the models, rather than the outputs.”


Brumley gives input on recent executive order addressing AI security risks

ECE’s David Brumley gives his input on the recent executive order from the White House that addresses AI security risks in CyberScoop. “They’re relying on very traditional government agencies like NIST that have no expertise in this,” he says.

The Washington Post

Brumley speaks about hardware “ingredients list”

CyLab/ECE’s David Brumley speaks to The Washington Post about the Cybersecurity and Infrastructure Security Agency’s hardware bill of materials framework that would allow organizations to evaluate supply chain risks. “I don’t see this having much impact, and I don’t know why people would comply with it,” he says.

Dark Reading

Brumley quoted by Dark Reading

ECE Professor David Brumley explains why he feels new cybersecurity mandates for medical devices fall short and shares suggestions for the path forward.


Brumley shares thoughts on CISA’s outline to tackle open source software security

ECE/CyLab’s David Brumley shares his thoughts on CISA's outline to tackle open source software security.

AP News

Brumley discusses CMU’s victory in DEF CON competition

CyLab/ECE’s David Brumley discusses the CMU hacking team’s victory in the DEF CON Capture-the-Flag competition with AP News. “It’s hard to understate the impact our students have in cybersecurity.” he says.

The Washington Post

Brumley discusses cyber policy

CyLab/ECE’s David Brumley talks cyber policy with The Washington Post. “I can’t think of a cyber policy that encourages proactively improving security. Everything is focused around disclosure and knowing the ingredients, not if the ingredients are spoiled,” he says.

CMU Engineering

Carnegie Mellon’s hacking team wins 7th DEF CON Capture-the-Flag title

The winningest team in DEF CON’s Capture-the-Flag (CTF) competition history, CMU’s Plaid Parliament of Pwning defended its title, earning its seventh victory in the past 11 years.

American Security Today

Brumley quoted on new CMU - Draper partnership

“We’re thrilled that Draper is building on top of the CMU Binary Analysis Platform, a framework we developed and open-sourced to enable analysis of programs in the machine code representation.”

CyLab Security and Privacy Institute

picoCTF celebrates competition winners at annual award ceremony

Over 18,000 people hacked their way through Carnegie Mellon’s annual cybersecurity competition in 2022, including more than 6,000 middle and high school students. The event saw players from all 50 U.S. States and 169 countries, who worked through 65 increasingly difficult challenges as they looked to take home this year’s crown.

CMU Engineering

Carnegie Mellon’s hacking team wins DEF CON

CMU’s hacking team, the Plaid Parliament of Pwning, joined forces with the University of British Columbia’s team and researchers from to win this year’s DEF CON Capture the Flag competition.

CyLab Security and Privacy Institute

Carnegie Mellon's hacking team wins DEF CON CTF

Carnegie Mellon showed off its computer security talent by winning DEF CON’s Capture the Flag competition, the “Superbowl of hacking,” for the sixth time.