The former head of security at Twitter Inc.,
is joining cybersecurity company
following a whistleblower complaint to federal authorities last year in which he alleged security risks and mismanagement at the social media giant.
Mr. Zatko’s part-time role at Rapid7 will entail advising the company’s executives and customers, including board members, on using data to make cyber decisions, a spokeswoman for the Boston-based company said.
In a July whistleblower complaint, Mr. Zatko alleged Twitter lied about its computer security problems and failed to protect users’ privacy. The filing was shared with the Securities and Exchange Commission, the Federal Trade Commission and the Justice Department, triggering investigations into Twitter’s actions. At a Congressional hearing in September, Mr. Zatko said Twitter executives prioritized profits over security. The company pushed back against Mr. Zatko’s allegations, calling them inaccurate.
Twitter’s shareholders approved Elon Musk’s takeover of the company on the same day as Mr. Zatko’s hearing before Congress, following a high-profile legal battle.
A former hacker, Mr. Zatko, who is known as “Mudge,” worked at Twitter from late 2020 till January 2022, when he was fired. The company reportedly paid him a confidential $7 million settlement for lost compensation.
Rapid7 said Mr. Zatko will draw on his experience measuring the effectiveness of cybersecurity practices. “In order to move our industry forward, we must educate organizations on how and what to measure to ensure we are making the right investment,” Chief Executive
said through a spokeswoman.
Corporate directors might soon be under pressure to improve their cyber expertise. Last year, the SEC proposed new rules that will require companies to disclose information on their cybersecurity oversight, including which board members are conversant in the area. The proposal is expected to be finalized in the coming months.
Mr. Zatko’s shift to Rapid7 is the latest such move by a former high-profile security chief. Marene Allison, who retired in December as chief information security officer of
Johnson & Johnson,
joined cybersecurity consulting company Covenant Technologies as an advisory board member, the company said on Wednesday. In June,
a former director of the U.S. Cybersecurity and Infrastructure Security Agency, joined cybersecurity company Rubrik Inc. in a role overseeing an advisory board of corporate security officers.
Among the allegations in Mr. Zatko’s whistleblower complaint was that more than 50% of Twitter employees had access to user information. The complaint also said much of the company’s software was outdated and executives hid problems from the company’s board.
Mr. Zatko’s new position at Rapid7 was first reported by the Washington Post.
Write to Catherine Stupp at firstname.lastname@example.org
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8