Marcus J. Ranum

Early Life and Education

Marcus J. Ranum was born on November 5, 1962, in New York City. He attended Gilman School in Baltimore, Maryland, before enrolling at Johns Hopkins University, where he earned a Bachelor of Arts in Psychology in 1985.

Career

Ranum's professional focus shifted to computer and network security, where he quickly established himself as a significant technical contributor. In 1990, he helped design and implement Digital Equipment Corporation's Secure External Access Link (SEAL) — later marketed as the AltaVista firewall — which is regarded as the first commercial bastion host firewall.

He subsequently joined Trusted Information Systems (TIS) as chief scientist and development manager for Internet security products. At TIS, Ranum took responsibility for the whitehouse.gov Internet email site, making him a key figure in establishing one of the earliest high-profile government Internet presences. He also advocated for the registration of the whitehouse.com domain by the government; his advice went unheeded, and the domain was later registered by an adult entertainment provider. While at TIS, Ranum developed the TIS Internet Firewall Toolkit (fwtk) under a grant from DARPA, a widely influential contribution to open network security tooling.

Following his time at TIS, Ranum served as chief scientist at V-One and was extensively involved in that company's initial public offering. Three months after the IPO, he founded his own company, Network Flight Recorder (NFR), serving as CEO for three years before transitioning to a CTO role. He later left NFR to consult for TruSecure. In 2004, he became chief security officer of Tenable, Inc. He has also held board or advisory positions at NFR Security, Protego Networks, and Fortify Software.

Ranum is a faculty member of the Institute for Applied Network Security and previously taught courses for the SANS Institute. He is also one of the editors of the SANS Newsbites semiweekly email newsletter.

Public Presentations and Influence

Ranum has been a frequent presence at major security conferences. He addressed USENIX audiences at LISA in 1997, 1999, 2000 (keynote), 2002, and 2003, and spoke against full disclosure at the Black Hat Security Briefings in 2000. He has also presented at Interop (2005, 2007), CanSecWest (2010), and Secure360 (2011).

His technical work has been cited in at least 15 published U.S. patents, as well as numerous security articles and books. He is credited with coining what is referred to as Ranum's Law: "You can't solve social problems with software."

Since July 2006, Ranum has co-authored a recurring series of "Face Off" articles with security researcher Bruce Schneier, published approximately bimonthly in Information Security Magazine.

Notable Works

Ranum has authored and co-authored several books in the field, including The Myth of Homeland Security, Web Security Sourcebook (with Aviel D. Rubin and Dan Geer), and Host Intrusion Monitoring Using Osiris and Samhain (with Brian Wotring and Bruce Potter). He has also contributed articles to the USENIX ;login: publication.

Recognition

Ranum received the TISC "clue" award in 2000 and was inducted into the ISSA Hall of Fame in 2000 or 2001. He was named Techno-Security Professional of the Year in 2005.

Personal Life

Ranum resides in Morrisdale, Pennsylvania. His personal interests include photography and firearms. He maintains a stock photography presence on DeviantArt and is an atheist who has written for the Freethought Blogs network.