TrustyCon founder Stamos begins work as Yahoo! CISO

Geek insider, geekinsider, geekinsider. Com,, trustycon founder stamos begins work as yahoo! Ciso, news

Effective on Monday, Yahoo officially has a new chief information security officer. Alex Stamos, founder of TrustyCon, has been selected to head the internet giant’s security operations. The move will not be without controversy, especially after unnamed sources have characterized TrustyCon as a “protest” against the RSA USA conference.

Geek insider, geekinsider, geekinsider. Com,, trustycon founder stamos begins work as yahoo! Ciso, news
Stamos speaking at TrustyCon, via Cnet
In the wake of former defense contractor Edward Snowden’s NSA leaks, cybersecurity corporation and conference sponsor RSA has come under fire for allegedly accepting $10 million from the NSA in exchange for building a backdoor for the agency into a random number generator built into its encryption program BSafe. Touted as a lifestyle app with security features such as guardianships, timer modes, sirens, fake calls, and GPS tracking, BSafe used a number generator, Dual_EC_DBRG, which was known as a poor quality algorithm to the cryptographic community for years. According to Johns Hopkins cryptographer Matthew Green, “by 2007, when Shumow and Ferguson raised the possibility of a backdoor in the specification, no sensible cryptographer would go near the thing.” Eventually, RSA was even forced to recommend that developers refrain from using DBRG in order to “ensure a high level of assurance in their application.”

Given TrustyCon’s reputation as a counter to the RSA conference, the decision to name Stamos CISO might signal Yahoo’s distaste for, and eagerness to distance itself from the recent controversy regarding users’ privacy. After all, TrustyCon featured mostly speakers who had made the decision to boycott invitations to RSA on principle. But Stamos has quite an impressive resume even without considering organizing the “protest”. Before accepting the position at Yahoo, Stamos was the chief technology officer of cybersecurity firm Artemis, Inc., where he worked on the “.secure Top-Level domain,” a new domain name option for security-minded firms. According to re/code’s Arik Hesseldahl, Stamos is also “a respected researcher in the field of securing web applications and web services who has spoken at several of the industry’s most important conferences, including Black Hat, CanSecWest, DefCon and Microsoft BlueHat.“

Stamos, who will be Yahoo’s first CISO appointee since former CISO Justin Somaini resigned, will lead a team of “Paranoids, charged with making [Yahoo] products as secure as possible.”
He will face a dynamic set of challenges, especially in light of the recent news that British intelligence agency GCHQ, working alongside its American counterpart, intercepted millions of still images from Yahoo! Webcam messages. In an interview with the Guardian, Yahoo called the program “a whole new level of violation of our users’ privacy.”

How Stamos will address these challenges remains to be seen. But no matter how he fares, his appointment is surely a sign that corporations as well as users are becoming less and less enthusiastic about metadata surveillance programs, even as they grow more and more aware of their privacy concerns. Stamos will report directly to CEO Marissa Mayer.

Read Yahoo’s official announcement of Stamos’s appointment on the Yahoo! Tumblr page.