Marcus J. Ranum

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Marcus J. Ranum
Born (1962-11-05) 5 November 1962 (age 59)
Alma materJohns Hopkins University
EmployerTenable Network Security
Known forComputer and Network Security Innovator

Marcus J. Ranum (born November 5, 1962, in New York City, New York, United States) is a computer and network security researcher. He is credited with a number of innovations in firewalls, including building the first Internet email server for the domain,[1] and intrusion detection systems. He has held technical and leadership positions with a number of computer security companies, and is a faculty member of the Institute for Applied Network Security.


Marcus Ranum was born in New York City, and graduated from Gilman School in Baltimore, Maryland before attending Johns Hopkins University where he obtained a Bachelor of Arts in Psychology in 1985.[2]


Ranum helped design and implement Digital Equipment Corporation's Secure External Access Link (SEAL) (later AltaVista firewall),[3] regarded as the first commercial bastion host firewall,[4] in 1990. He left DEC to work for Trusted Information Systems (TIS) as chief scientist and development manager for Internet security products. It was at TIS that Ranum became responsible for the Internet email site. Once charged with that responsibility, Ranum advocated that the domain be registered as well.[5] Despite his advice, it was not registered by the government, but was later registered for an adult entertainment provider.[6] At TIS, he developed the TIS Internet Firewall Toolkit (fwtk) under a grant from DARPA. After TIS, he worked for V-One as chief scientist, and was extensively involved in that company's IPO. Three months after that IPO, Ranum formed his own company, Network Flight Recorder (NFR), and served as CEO for three years before stepping into a CTO role.[7] Ranum later left NFR to consult for TruSecure,[8] before joining Tenable Network Security as CSO.[9]

In addition to his various full-time positions, Ranum has also held board or advisory positions at NFR Security,[10] Protego Networks,[11] and Fortify Software.[12]

Public presentations[edit]

Ranum has spoken to USENIX audiences at LISA 1997,[13] 1999 (tutorial)[14] LISA 2000 (keynote),[15] 2002,[16] and 2003 (tutorial).[17] He spoke out against full disclosure at the Black Hat Security Briefings in 2000.[18] More recently, Ranum has spoken at Interop in 2005[19] and 2007,[20] CanSecWest in 2010, and Secure360 in 2011.[21]

He previously taught courses for the SANS Institute.[22]


Ranum's work has been cited in at least 15 published U.S. patents,[23] as well as numerous other computer and network security articles and books.

"Ranum's Law"[edit]

Ranum is cited [24][25] as the author of an eponymous law, "You can't solve social problems with software."


  • TISC "clue" award, 2000.[26]
  • Inducted into the ISSA hall of fame, 2000[27] or 2001.[28]
  • Techno-Security Professional of the Year, 2005.[29]



Marcus has co-authored a series of "Face Off" articles with Bruce Schneier, which have appeared approximately bi-monthly in Information Security Magazine since July, 2006.[30]

Ranum is one of a number of editors of the SANS Newsbites semiweekly email newsletter.[31]

  • Ranum, Marcus (1999-11-01). "Selling Security: Fear Leads to . . . the Dark Side". Login. USENIX.
  • —— (2000-02-01). "The Network Police Blotter". Login. USENIX. 20 (1).
  • —— (2000-04-01). "The Network Police Blotter". Login. USENIX. 20 (2).
  • —— (2000-06-01). "The Network Police Blotter". Login. USENIX. 20 (3).
  • —— (2000-10-01). "The Network Police Blotter" (PDF). Login. USENIX. 20 (6).
  • —— (2000-12-01). "The Network Police Blotter" (PDF). Login. USENIX. 20 (8).


Personal life[edit]

Currently, Ranum lives in Morrisdale, Pennsylvania. His hobbies include photography and firearms. He maintains an active stock photography account on DeviantArt, and he wrote an essay for Oleg Volk's pro-firearms site.[32] Marcus Ranum was also interviewed by digital artist Brandon Pence for the NWFLAA which can be read in 2 parts: Part 1 and Part 2. He is an atheist,[33] maintaining a blog on the Freethought Blogs network.[34]


  1. ^ "Who's Who in Infosec: Marcus Ranum". Information Security Magazine. 2003-06-17. Retrieved 2008-06-07.
  2. ^ ZDNet - Security Q&A: the father of firewall
  3. ^ "Comments: Interview with Marcus Ranum". 2005-06-28. Archived from the original on 2013-11-30. Retrieved 2008-06-07.
  4. ^ Avolio, Frederic (1999-06-01). "Firewalls and Internet Security, the Second Hundred (Internet) Years". The Internet Protocol Journal. Cisco Systems. Retrieved 2008-06-07.
  5. ^ Miller, Sandra Kay (2006-12-01). "A Contrarian's Viewpoint". Retrieved 2008-06-11.
  6. ^ "December letter from a White House counsel to the operator of the "" adult site". CNet. 1997-12-08. Retrieved 2008-06-11.
  7. ^ "NFR Intrusion Detection Appliance Version 4.0 Released". Business Wire. 1999-10-14. Retrieved 2008-06-08.
  8. ^ "Cisco and Sourcefire Achieve Enterprise-Level NIDS Certification from ICSA Labs". Business Wire. 2003-04-21. Retrieved 2008-06-08.
  9. ^ "Marcus J. Ranum Joins Tenable Network Security as Chief Security Officer". Business Wire. 2004-10-04. Retrieved 2008-06-08.
  10. ^ "NFR Security Adds Leading Security Industry Experts to Technology Advisory Board". Business Wire. 2004-02-02. Retrieved 2008-06-08.
  11. ^ "Protego Networks 2.5; Industry Icon Marcus Ranum Joins Protego Networks' Advisory Board". Business Wire. 2004-06-01. Retrieved 2008-06-08.
  12. ^ "Technical Advisory Board". Fortify. Retrieved 2008-06-08.
  13. ^ "USENIX Summaries: Eleventh Systems Administration Conference (LISA '97)". USENIX. Retrieved 2008-06-07.
  14. ^ "Tutorial Instructors". USENIX. Retrieved 2008-06-07.
  15. ^ "USENIX LISA-NT 2000". USENIX. Retrieved 2008-06-07.
  16. ^ "2002 USENIX Technical Conference" (PDF). USENIX. Retrieved 2008-06-07.
  17. ^ "USENIX — Security '03 Tutorials". USENIX. Retrieved 2008-06-07.
  18. ^ Lemos, Robert (2000-10-09). "CERT to disclose software flaws". Retrieved 2008-06-07.
  19. ^ Avolio, Fred (2005-05-23). "The Same Old Drum Beat". Archived from the original on 2008-11-20. Retrieved 2008-06-08.
  20. ^ "Tenable CISO Workshops during Interop 2007 New York Now Open for Registration" (PDF). Archived from the original (PDF) on 2008-06-26. Retrieved 2008-06-08.
  21. ^ "Falling on the sword of 'Need to Publish'". Secure360. Archived from the original on 2011-08-26. Retrieved 2011-05-12.
  22. ^ "SANS Institute — Certified Instructors". Retrieved 2008-06-07.
  23. ^ 5,606,668, 5,623,601, 5,826,029, 5,870,562, 6,173,407, 6,601,233, 6,704,873, 6,834,310, 6,950,868, 7,016,951, 7,100,195, 7,224,778, 7,290,288, 7,313,812, and 7,360,244
  24. ^ William R. Cheswick; Steven M. Bellovin; Aviel D. Rubin (2003). Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley Professional. pp. 202–. ISBN 978-0-201-63466-2.
  25. ^ Muffett, Alec (October 2016). "Digital Economy Bill Written Evidence Submitted by Alec Muffett (DEB 39)". UK Parliament. Retrieved March 12, 2018.
  26. ^ "TISC to honor Marcus Ranum, Internet security pioneer". Business Wire. 2000-04-17. Retrieved 2008-06-07.
  27. ^ "Award Honorees". ISSA. Retrieved 2008-06-07.
  28. ^ "NFR Security Founder Selected for International Security Association Hall of Fame". Business Wire. 2006-06-12. Retrieved 2008-06-08.
  29. ^ "Tenable Network Security Executive Named 2005 Techno-Security Professional of the Year". Business Wire. 2005-06-07. Retrieved 2008-06-07.
  30. ^ "Articles by Author: Bruce Schneier and Marcus Ranum". Information Security Magazine. Retrieved 2008-06-07.
  31. ^ "SANS NewsBites". Retrieved 2008-06-07.
  32. ^ Ranum, Marcus. "The Aesthetics of the Gun Debate". Retrieved 2008-06-07.
  33. ^ Ranum, Marcus. "Ranum's supports Dawkins's "out campaign" for atheists.". Retrieved 12 April 2012. Generally, I do not get a lot of satisfaction out of being identified with causes or logos. But - a couple of years ago, when Richard Dawkins started his "out campaign" for atheists, I thought that showing my support was not a bad idea.
  34. ^ "Stderr".

External links[edit]