Twitter turned many heads in the security industry on Friday by confirming that famous hacker and head of security Peiter “Mudge” Zatko and the highly regarded chief information security officer Rinki Sethi had left the company.
Details of the departures were few, with Twitter confirming to SC Media that "Mudge Zatko and Rinki Sethi are no longer at Twitter." The spokesperson continued: "As with matters of employment and privacy, we have no details to share at this time."
That said, the news was originally reported by New York Times, stating that Twitter informed employees on Wednesday that Zatko was terminated and Sethi will depart in the coming weeks. New York Times also reported that new CEO Parag Agrawal, who took over for Jack Dorsey in November, has been looking to reshuffle the management deck. In December, Agrawal dismissed Dantley Davis, the chief design officer, and Michael Montano, head of engineering.
No further details on the circumstances of the departures were made available by Twitter, but security analysts considered it a somewhat surprising development because Zatko and Sethi had only been on the job since late 2020 — not long after Twitter’s widely reported hack that compromised the accounts of many celebrities, including then-presidential candidate Joe Biden. Some speculated that Agrawal was facing pressure from investors to do more about security.
“Twitter is under increasing scrutiny from investors and users to prove that it can provide a robust, secure platform that will not fall victim to the same type of attacks as were seen in the 2020 Twitter breaches,” said Kevin Dunne, president at Pathlock.
Dunne said this new move to reshape the security organization may be the result of dissatisfaction with the progress made since the 2020 attack, or misalignment between the existing security team and the new technology vision.
“New CEO Parag Agrawal is much more closely aligned to the technology than Jack Dorsey and understands the underlying security issues at play within Twitter,” Dunne said. “Regardless, who Twitter hires on next to fill these voids will be critical in building trust with investors and users, as well as providing confidence that the platform will be well positioned into the future.”
Sanjay Raja, vice president of product marketing and solutions at Gurucul, said both Zatko's and Sethi's hiring at Twitter were shrewd moves in the wake of the company's security problems two years ago. It was important at the time that a well-known industry name was taking security seriously.
“At the time on social media, I applauded the move of hiring Ms. Sethi as more organizations should further board-level visibility into security beyond just being a subset of IT,” Raja said. “This recent set of events is concerning as it not only undermines trust in Twitter addressing security properly, but is a bad example to other organizations.
"Organizations need to invest in cybersecurity personnel and advanced tools, as they take responsibility for not only protecting their own intellectual property, but also information on their employees, customers and users," he continued. "Following the herd to be just ‘good enough’ is no longer acceptable.”
Casey Ellis, founder and CTO at Bugcrowd, added that while “Mudge” is a legend in strategic security research and risk management, he also considers Rinki an organizational management and security communications powerhouse. That created a powerful duo.
“We wish them both well, and are excited to see what they do next,” Ellis said, not commenting on the Twitter decision specifically.
On Friday afternoon, Rinki posted this Tweet: “It is with a heavy heart that I announce my impending departure from Twitter. Thanks to all of you who have reached out to check in with me. I appreciate all the kind words, thoughts and love being sent my way.”