The CyLab Distinguished Speaker Seminar series brings world-class academics, entrepreneurs, government officials, and technologists across a variety of security and privacy disciplines to engage with the CMU community. 

Doors open at 11:30, and lunch will be served.


Speaker: Steve Lipner, Executive Director at

Topic: Lessons Learned – Fifty Years of Mistakes in Cybersecurity

Over fifty years, Lipner led a lot of security projects that he thought would change the world. Many of them crashed and burned at great cost in money and reputation. There were common threads including reliance on government claims about the market and on minimal secure systems built from scratch. This talk will describe some failures, some lessons learned the hard way, and how they paid off.



Steve Lipner is the executive director of SAFECode, a non-profit organization dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. As executive director, Lipner serves as an ex officio member of the SAFECode board, provides strategic and technical leadership, and represents SAFECode to IT user and development organizations, to policymakers, and to the media.

Lipner serves as chair of the United States Government’s Information Security and Privacy Advisory Board. He served as a member of the Board’s predecessor at its founding from 1989 to1993 and again from 2000 to 2006. He holds an appointment as adjunct professor of computer science in the School of Computer Science at Carnegie Mellon University.

Lipner retired in 2015 from Microsoft, where he was the creator and long-time leader of Microsoft's Security Development Lifecycle (SDL) team that defines the SDL, develops associated tools and processes, and assists product and online service engineering groups as they integrate the SDL into their development activities. The SDL is widely viewed as the industry's leading secure software development process, and Lipner established and led activities to make the SDL available to organizations beyond Microsoft.

Before joining Microsoft, Lipner worked for software vendors and government contractors as a researcher, consultant, development manager, and general manager in IT security. He has been a long-time contributor to government initiatives for security evaluation of commercial products including the Common Criteria and Orange Book. In the late 1990s, he served as the executive agent for the U.S. Government's Infosec Research Council (IRC) and was a co-author of the initial IRC Hard Problems List. 

Lipner’s contributions have been recognized with membership in the National Academy of Engineering (2017), the National Cybersecurity Hall of Fame (2015), and the ISSA Hall of Fame (2010). He has been a member of ten committees of the National Academies of Sciences, Engineering, and Medicine (the National Research Council) and is named as co-inventor on twelve United States patents.

Lipner holds S.B. and S.M. degrees from the Massachusetts Institute of Technology and attended the Program for Management Development at the Harvard Business School.

Upcoming Events