Biden administration hires Twitter security whistleblower
- Sam Sabin, author of Axios Codebook
Peiter "Mudge" Zatko, former head of security at Twitter, testifies before the Senate Judiciary Committee in September 2022. Photo: Kevin Dietsch/Getty Images
Peiter "Mudge" Zatko, the high-profile hacker and Twitter security whistleblower, is joining the Cybersecurity and Infrastructure Security Agency.
Why it matters: Zatko's hire brings more muscle to an agency that lacks — and doesn't appear to want — regulatory authorities.
- CISA relies heavily on its private sector and government partnerships, as well as key hires, to make changes and encourage participation in its programs.
- The Washington Post first reported Zatko's new role.
Details: Zatko is joining CISA part time as a senior technical adviser and will focus heavily on the agency's voluntary "secure by design" principles, according to the Post.
- CISA has been pushing tech companies to adopt the new principles, which require them to bake security into their software from inception.
What they're saying: "I am honored to formally return to public service and work with CISA on the critical cybersecurity issues we face, including enabling secure-by-design principles to be accessible, measurable, and adopted by government and industry alike," Zatko said in a statement.
The big picture: The Biden administration has been trying to push tech companies to create more secure products in an effort to crack down on the number of security flaws that crop up.
- So far, the administration has taken a mostly voluntary approach to get tech companies on board.
- But in its national cybersecurity strategy, the administration promised to pursue mandatory requirements and liability risks.
Between the lines: Zatko will bring a unique perspective to CISA as both a former security executive and a member of several prominent hacker collectives over the years.
- Zatko, formerly the security chief at Twitter, recently made headlines after he submitted and testified over a whistleblower complaint claiming Twitter misled regulators about its security practices.
- But Zatko's cybersecurity career stretches far beyond that. He testified before Congress in May 1998 as a member of the L0pht hacking collective.
- The CISA advisory role also isn't Zatko's first government role: He worked at the Defense Advanced Research Projects Agency about a decade ago.
Sign up for Axios' cybersecurity newsletter Codebook here