Peiter Zatko has taken up a position at security firm Rapid7, his first job since being fired as head of security at Twitter.
The veteran hacker and security expert is expected to work closely with consulting clients at the firm. The Washington Post reported that Zatko will act in an advisory capacity at the company, and will maintain a position similar to that of an executive.
Storage's role in addressing the challenges of ensuring cyber resilience
Understanding the role of data storage in cyber resiliency
“Peiter and I have a longstanding relationship and have spoken at length about the importance of data and research when it comes to measuring cyber security programme effectiveness,” said Corey Thomas, CEO at Rapid7, in a statement to Silicon Republic.
“In order to move our industry forward, we must educate organisations on how and what to measure to ensure we are making the right investment.
“Peiter’s extensive experience in this field and his work around measuring cyber security practices will be invaluable for both Rapid7 and our customers. I am very much looking forward to working with him in the coming months.”
Zatko left Twitter firm in January 2022, amidst a shakeup in the chain of command shortly after former CEO Parag Agrawal succeeded Jack Dorsey. Months after, Zatko submitted more than 200 pages of complaints to the Securities and Exchange Commission (SEC) detailing alleged malpractice by the company.
In August 2022, Zatko’s whistleblower complaints were published. Within, he alleged Twitter security was highly inadequate, with around half of its employees able to access sensitive user data, and that the company operated in direct violation of the law and FTC decrees. He followed his complaints by testifying before the Senate Judiciary Committee in September 2022.
Other accusations by Zatko include that Twitter knowingly gave Indian government agents access to user data after demands by the Indian government, and that executives had misled users and the Federal Trade Commission (FTC) on matters of data protection. Investigations into Zatko’s claims by the SEC, FTC and other regulators in Europe are ongoing.
Up until its acquisition by Elon Musk, Twitter continued to state that Zatko’s termination had been a result of poor leadership and workplace performance, and denied the claims.
Elon Musk unsuccessfully attempted to use Zatko’s claims as a reason to back out of his $44 billion acquisition of Twitter, and notably drew attention to the supposedly large number of bots operating on the platform.
Zatko had alleged that Agrawal and others had repeatedly published misleading information regarding the number of automated bots on Twitter.
Prior to his time at Twitter, Zatko had led cyber security research at the Defense Advanced Research Projects Agency (DARPA), where he headed up a number of projects and helped shape the US Department of Defense framework for assessing military cyber security.
He subsequently worked with Google’s Advanced Technology and Projects group (ATAP), a technology incubator intended to produce innovative tech solutions and support a wide range of research.
Zatko had also become a widely-known member of the ethical hacking group Cult of the Dead Cow in the 1980s under the name ‘Mudge’, and also used this handle as a member of the Boston hacker collective L0pht Heavy Industries.
IT Pro has reached out to Rapid7 for comment.
