IE 11 is not supported. For an optimal experience visit our site on another browser.

4 Things to Know About Yahoo's New Information Security VP Alex Stamos

A closer look at the outspoken NSA critic that Yahoo trusts to keep cybercrime out of its business and the business of its millions of users.
/ Source: Entrepreneur.com

Watch out, Google. The rumors are true. Yahoo has officially stepped up its security A-game. It’s called Alex Stamos.  

Yahoo announced yesterday that it hired the world-renowned cybersecurity expert and vocal NSA critic to command its team of “Paranoids” in bulletproofing all of its platforms and products from threats that will surely come.

The headline-grabbing hire is widely being viewed as Yahoo’s attempt to restore its reputation for trustworthiness in the fallout of a recent rash of ad-related malware attacks that jeopardized millions of its users’ identifying data.   

Jay Rossiter, senior vice president of Yahoo’s Platforms and Personalization Products division announced Stamos’s new executive post on its Tumblr page yesterday.

Yahoo officials would not comment on his appointment, which replaces the company’s former vice president of information security, Justin Somaini, who left Yahoo in January 2013 and has since taken a position as “chief trust officer” at Box. It’s been speculated that Somaini resigned from Yahoo after reportedly coming under fire amid spam-borne cross-site scripting (XSS) hacking attacks that plagued the revamped Yahoo Mail last year.

Who is Alex Stamos?
The San Francisco-based veteran information security researcher known for his authoritative expertise in cloud computing, web, mobile and network applications security and beyond, humbly describes himself as a “security guy” in his Twitter bio. But that’s hardly an adequate encapsulation of Stamos’s widely respected cybersecurity prowess, acumen and career accomplishments.

Here are some interesting facts that you might not know about the man Yahoo is trusting to keep cybercrime, in all its nasty and ever-evolving forms, out of its business and the business of its millions of users:

1. He’s a longtime respected leader in the information security space.
Before coming aboard at Yahoo, Stamos served as chief technology officer of Artemis, a leading San Francisco-based Internet security firm that specializes in .secure Top-Level Domain security (TLD), over the last year and 10 months, according to his LinkedIn profile. Prior to his stint at Artemis, he co-founded iSEC Partners “with good friends.” Artemis’s parent company NCC Group acquired the pioneering security firm in late 2010.

Before launching iSEC Partners, Stamos held a two-year post as a managing security architect at @stake, Inc., a digital security company that helped corporations secure their critical infrastructure and applications. Symantec acquired @stake, Inc. in late 2004. Stamos also worked as a senior security engineer for nearly two years at LoudCloud, a software company now called Opsware that operates out of the same city Yahoo calls home base.

2. He’s an outspoken critic of U.S. surveillance operations.
Stamos is known for his condemnatory stance on the NSA’s PRISM surveillance program.

Just last month, on Feb. 27, the University of California, Berkeley electrical engineering and computer science program graduate delivered the opening and closing remarks at TrustyCon, a security “counter-conference” held in San Francisco specifically to protest the RSA Conference, and the security firm’s now not-so-secret $10 million contract with the NSA.

Stamos, a key TrustyCon organizer, joined a group of fellow high-level security industry leaders in boycotting the RSA’s event from directly across the street from the venue.

He spoke about “Trickle-Down Cyber Warfare” at the 2012 RSA conferences and about BYOD mobile security at the 2013 conference, before news of the company’s intel share-happy relationship with the feds broke.  

Earlier, on June 7, 2013, Stamos published an often-cited blog post on his personal blog titled “ A Taxonomy of PRISM Possibilities.” It presents an exhaustive list of theories and possibilities relating to the federal mass electronic spying program program, peppered with his own commentary in italics throughout.

Stamos said his aim in posting and updating the list is to “improve the quality of the public discussion” about the PRISM scandal. One of the tags he used to categorize the content in the post is “your rights online.”

3. He’s a top keynote speaker at some of world’s leading information security conferences.
TrustyCon is only the latest in a long list of high profile security conferences Stamos’ has headlined. He’s also spoken at several similarly top level information security conferences, including Black Hat, DEF CON Hacking Conference, FS-ISAC, Microsoft BlueHat Security Briefings and Infragard, a partnership between private sector and the FBI.

4. He tweets… a lot!
Of course, now that Stamos is the head honcho of security at Yahoo, his Twitter account activity might slow down or perhaps even stop altogether. Though if CEO Marissa Mayer’s own moderately active Twitter feed is any indication, it probably won’t.

Up to this point, Stamos has tweeted quite a bit, often commenting multiple times per week, and sometimes per day, about various online privacy- and security-related topics, as well as about industry events he supports, attends or speaks at.

He recently took to Twitter to caution users of the popular “anonymous” tell-all Secret mobile app causing a stir in Silicon Valley not to spill “inside” information on the controversial app, which might not be so secret if authorities subpoena its developers.  

Dear Silicon Valley, it's unlikely that "Secret" is secret from a subpoena. Do not throw inside information up there. Seriously.

February 19, 2014

Stamos’s latest retweet is fittingly a tweet welcoming him aboard from his new company’s official Twitter account.

Welcoming @alexstamos, our new #CISO http://t.co/D1Qb5T6c9F

March 10, 2014 On Slideshare, another social sharing site, Stamos has also posted 10 incredibly detailed, super techie and pretty mind-blowing information security presentations.