Over the decades, I’ve come to believe that one of my few special talents in the world of computer security is detecting malicious hackers and their activities. I’m able to see a potential hacker threat and then figure out how that threat could be detected better and earlier to generate alerts. I still think I can do it better than anyone in the world, but for a while I felt like I had some original thinking on intrusion/anomaly detection. I even sort of got a big head about it. Then I found out about Dr. Dorothy E. Denning’s seminal IEEE paper on real‐time intrusion detection expert systems (https://users.ece.cmu.edu/~adrian/731‐sp04/readings/denning‐ids.pdf). It covered everything I thought I was doing original thinking on, except Dr. Denning wrote her paper in 1986, long before my own “discovery.”

It was the first of many times when I would discover that my “original” thinking was not original at all. We all stand on the shoulders of giants, and Dr. Denning certainly belongs in the category of security giants. She was an early pioneer in computer security back when few people were working in the area. She told me, “There wasn’t a computer security field to get into when I first started. There were no books, no journals you could read, and no conferences you could attend that were devoted to security. All we had to read were doctoral theses and a few papers published in more broadly focused conferences and journals like the Communications ...