Rapid7 hires whistleblower Peiter "Mudge" Zatko a year after Twitter sacking

A telephoto shot of Peiter Zatko, a white man with a goatee in a suit, testifying before the Senate Judiciary Committee on data security
(Image credit: Getty Images)

Peiter Zatko has taken up a position at security firm Rapid7, his first job since being fired as head of security at Twitter.

The veteran hacker and security expert is expected to work closely with consulting clients at the firm. The Washington Post reported that Zatko will act in an advisory capacity at the company, and will maintain a position similar to that of an executive.


Storage's role in addressing the challenges of ensuring cyber resilience

Understanding the role of data storage in cyber resiliency


“Peiter and I have a longstanding relationship and have spoken at length about the importance of data and research when it comes to measuring cyber security programme effectiveness,” said Corey Thomas, CEO at Rapid7, in a statement to Silicon Republic.

“In order to move our industry forward, we must educate organisations on how and what to measure to ensure we are making the right investment.

“Peiter’s extensive experience in this field and his work around measuring cyber security practices will be invaluable for both Rapid7 and our customers. I am very much looking forward to working with him in the coming months.”

Zatko left Twitter firm in January 2022, amidst a shakeup in the chain of command shortly after former CEO Parag Agrawal succeeded Jack Dorsey. Months after, Zatko submitted more than 200 pages of complaints to the Securities and Exchange Commission (SEC) detailing alleged malpractice by the company.

In August 2022, Zatko’s whistleblower complaints were published. Within, he alleged Twitter security was highly inadequate, with around half of its employees able to access sensitive user data, and that the company operated in direct violation of the law and FTC decrees. He followed his complaints by testifying before the Senate Judiciary Committee in September 2022.

Other accusations by Zatko include that Twitter knowingly gave Indian government agents access to user data after demands by the Indian government, and that executives had misled users and the Federal Trade Commission (FTC) on matters of data protection. Investigations into Zatko’s claims by the SEC, FTC and other regulators in Europe are ongoing.

Up until its acquisition by Elon Musk, Twitter continued to state that Zatko’s termination had been a result of poor leadership and workplace performance, and denied the claims.

Elon Musk unsuccessfully attempted to use Zatko’s claims as a reason to back out of his $44 billion acquisition of Twitter, and notably drew attention to the supposedly large number of bots operating on the platform.

Zatko had alleged that Agrawal and others had repeatedly published misleading information regarding the number of automated bots on Twitter.

Prior to his time at Twitter, Zatko had led cyber security research at the Defense Advanced Research Projects Agency (DARPA), where he headed up a number of projects and helped shape the US Department of Defense framework for assessing military cyber security.

He subsequently worked with Google’s Advanced Technology and Projects group (ATAP), a technology incubator intended to produce innovative tech solutions and support a wide range of research.

Zatko had also become a widely-known member of the ethical hacking group Cult of the Dead Cow in the 1980s under the name ‘Mudge’, and also used this handle as a member of the Boston hacker collective L0pht Heavy Industries.

IT Pro has reached out to Rapid7 for comment.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.