Douglas B. Moran

790 Matadero Avenue
Palo Alto, CA 94306-2734
Home: +1.650.856.3302

Table of Contents

Employment History

Present: retired

April 2004 - 2007 : Independent security consultant.

May 2003 - March 2004 : PacketMotion, Inc : a computer security startup.
Funded January 2004 by ONSET Ventures and Mohr, Davidow Ventures.

September 2001 - May 2003: Independent consultant.
Evaluation of massively distributed multiagent system; Computer security component of IT proposal for developing country; Participant in several potential startups; Other projects, reports and proposals.

May 1999 - August 2001: Recourse Technologies, Inc.
A start-up developing computer security software for Threat Management. Acquired by Symantec in August 2002. Products: ManTrap (a honeypot), ManHunt (Intrusion Detection and DDoS response), and TipOff (forensics, not released).
Title: Vice President, Research and Development

1983-1999: SRI International (formerly Stanford Research Institute)
Note: At SRI, researchers routinely work on multiple projects, with senior staff having leadership/management roles on their primary projects.
Title: Senior Computer Scientist

1980 - 1983: Oregon State University, Assistant Professor in Dept. of Computer Science.

1974 - 1979: The University of Michigan (Ann Arbor), Department of Computer and Communication Sciences

Computer Security Activities

My introduction to computer security came as a side-effect of my managing a computer facility. Through the early 1990's, SRI was a high-profile site on the Internet and hence was a frequent target for hackers. Diagnosing and tracking back attacks was labor-intensive, and hence slow. Too often the trail would go cold because of the substantial delays in tracking an attack through even a small number of sites. The DERBI research project resulted from the realization that a large portion of this process could be automated, making diagnosis and trackback more effective (faster and more accurate). I then joined Recourse Technologies to commercialize this approach.

Representative sample of activities in this area:

  1. Manual trackback of attacks (most of my activity)
  2. Interaction with CERTs and law enforcement agencies
  3. Expert consultant and witness
  4. Reports and other feedback on security problems to vendors.
  5. Public distribution of patches and scripts for various vulnerabilities and configuration problems. Except for the simplest cases, we worked through an intermediary, such as the vendor or CERT, because we lacked the resources needed for answering questions and the other inevitable follow-up. Most visible examples of these distributions:

Areas of Technical Expertise


University of Massachusetts (Amherst),
Fellow, A.P. Sloan Foundation grant for Interdisciplinary Studies in Cognitive Sciences in Dept. of Linguistics and Dept. of Computer and Information Sciences.

The University of Michigan (Ann Arbor),
M.S. and Ph.D. from the Dept. of Computer and Communication Sciences.
Concentration: Artificial Intelligence and Computational Linguistics
Dissertation: Model-Theoretic Pragmatics: Dynamic Models and an Application to Presupposition and Implicature

Massachusetts Institute of Technology,
Bachelor of Science from the Computer Science program in the Dept. of Electrical Engineering (VI-3).

Professional Societies

Former/Retired member of:

Other Activities

1994-2013: Neighborhood Association: Barron Park, Palo Alto (approx 1600 households): various roles, including President, e-mail list manager and co-webmaster

Other formats and additional information: see
A short version of this resume is available, as well as some additional detail.