Twitter’s security leads just quit. Now what?

Bad job opening: Twitter CISO

If speed is the enemy of security, as the maxim goes, then it should be no surprise that Elon Musk's product strategy for Twitter may be on the precipice of causing a cybersecurity crisis .

If the Federal Trade Commission doesn't step in first, that is.

• The unraveling of Twitter may have just accelerated with the departure of its chief information security officer and chief privacy officer. Reports suggested that the company's head of trust and safety, as well as its chief compliance officer and additional members of its security and privacy teams, have also exited.
• This sort of exodus would be a bad sign for any company, of course. But Musk's Twitter is also subject to an FTC consent decree, most recently updated in May, after past privacy and security practices came under fire.
• Former Twitter privacy staff members told The Washington Post that Musk's push for rapid product updates meant that feature changes were being forced through without a full privacy and security review.
• Rolling out new features in this way undoubtedly clashes with the FTC order — not to mention the many data privacy and security risks it creates for users of the platform.

These might be tough jobs to fill. For obvious reasons , there was no immediate word as to a successor for the executives who departed.

• Given the turmoil caused by less than two weeks of Musk’s ownership, it would appear to have not only become impossible for the executives to do their jobs from a practical standpoint, but also potentially legally tenuous.
• That’s particularly the case after the recent conviction of Uber's former chief security officer, Joe Sullivan, on federal charges that included obstruction of FTC proceedings.
• "You would have to be insane to take the Twitter CISO job now," tweeted Alex Stamos, Facebook's former chief security officer.
• Amid the FTC’s probe, some Twitter executives could theoretically "face personal liability for illegal acts” such as hiding information, tweeted Riana Pfefferkorn, a former outside counsel for Twitter. "After Joe Sullivan, I bet folks won’t feel like finding out."

"Right now, Twitter is extremely hackable," tweeted well-known software engineer Brianna Wu, summing up the immediate result of the departures.

• "That puts every user here at extreme risk for DM leaks, identity theft and surveillance," Wu tweeted.
• The FTC told media outlets today that it is "tracking the developments at Twitter with deep concern."
• Notably, the FTC was already on high alert for violations of the May agreement, particularly in the wake of the whistleblower complaint in August from Twitter’s former security chief, Peiter “Mudge” Zatko.
• "No CEO or company is above the law, and companies must follow our consent decrees," the FTC said. "Our revised consent order gives us new tools to ensure compliance, and we are prepared to use them."

— Kyle Alspach ( email | twitter )

A MESSAGE FROM CAPITAL ONE SOFTWARE

Overspending is an issue more businesses face when managing data in the cloud. In fact, a recent Forrester study cites that 82% of data management decision-makers report forecasting and controlling costs as a data ecosystem challenge. Businesses can benefit from best practices shared by organizations who have faced these challenges head on.

Learn more

Cheaper, faster, and less juice

AMD revealed the technical details of its next generation of server chips called Genoa at an event in a ballroom at the posh Grand Hyatt hotel in San Francisco on Thursday.

Of course, AMD’s fresh batch of Epyc server chips have all of the new things: They can crunch more data at a faster pace, are more secure, and operate more efficiently than their predecessors. The next-generation server chips also happen to arrive weeks ahead of Intel’s Sapphire Rapids server processor launch , which is set for Jan. 10.

The drumbeat-like consistency with which AMD launches new server chips perhaps overshadows what its customers actually get with these new pieces of technology. AMD data center chief Forrest Norrod promised the latest batch of Epyc processors will save them money.

“It’s important because it continues to drive substantial improvements in price performance and power performance that should have a direct impact on [tech companies’] bottom line,” Norrod said in an interview with Protocol.

By some measures, the arrival of AMD’s latest server chips could have come at a better time.

In Mercury Research’s third-quarter market summary, President Dean McCarron noted that the server CPU market is in the midst of a slump, pointing to a decline in overall CPU server sales as the main indicator. McCarron added in an email to Protocol that the dip was likely due to the six- to eight-quarter cycle that peaked at the beginning of 2022.

But the new batch of AMD chips was built on one of TSMC’s most advanced manufacturing processes, which uses a technology Intel has not yet proven it can master. And AMD’s use of the foundry has contributed to AMD’s three years of back-to-back market gains against Intel in the server CPU segment.

Here’s the current scorecard for the data-center chip market: Intel has 82.5% of the x86 server market, while AMD commands 17.5%. AMD picked up another 3.6 percentage points of share in the third quarter, according to Mercury’s data.

Stay tuned for a full Q&A with AMD’s Forrest Norrod next week.

— Max A. Cherney ( email | twitter )

Enterprise moves

Gavin Patterson, president and chief strategy officer at Salesforce, announced he’ll leave the company by the end of January 2023.

Timothy Campos joined Apple to lead its information technology group after serving as Facebook’s CIO from 2010 to 2016, according to Bloomberg .

Craig McLuckie joined Accel as entrepreneur in residence , after leading VMware’s Tanzu engineering and project management teams following the acquisition of his startup, Heptio.

Dave Gerry was named CEO of Bugcrowd . Gerry was formerly chief revenue officer and head of global operations at WhiteHat Security.

Smruti Patel joined Apollo GraphQL as VP of engineering . Patel formerly led infrastructure engineering teams at Stripe and VMware.

— Aisha Counts ( email | twitter )

Around the enterprise

Lacework rolled out a new service for protecting cloud applications by detecting attack paths and scanning workloads .

The U.S. Department of the Interior is shopping for a $1 billion single-vendor cloud infrastructure contract , as the industry awaits word on the bigger prize being dangled by the Defense Department.

A MESSAGE FROM CAPITAL ONE SOFTWARE

Through its cloud and data journey, Capital One also built its own tools to solve for gaps in the market, and key among them? Capital One Slingshot , a new product from Capital One Software that helps organizations manage Snowflake data costs with alerts, recommendations and performance dashboards.

Learn more