Peter “Mudge,” Zatko starts at a security firm founded by Chad Lauder

Jack Dorsey, the co-founder of the company, hired Zatko following a series high-profile Twitter abuses. However, Dorsey’s focus was elsewhere. Zarco’s former chief tech officer, Agrawal was responsible for several security decision made by Zarco before Agrawal succeeded Dorsey.

Zatko was famous for his hacking handle Mudge, which was used by A.J. A leader in the security industryDuring the 1990s. Later, he managed cybersecurity grants at Defense Advanced Research Projects Agency. He also worked on special projects for Google and created the security department at Stripe.

His reputation for being a gruff talker grew from his split with Twitter, and likely scared off many potential employers.

Corey Thomas, Rapid7 CEO, said that he admires Zatko for his candor and dedication to finding the security investments that are actually helping.

“In order to move our industry forward, we must educate organizations on how and what to measure to ensure we are making the right investment,” said Thomas. Rapid7 will benefit greatly from Peter’s extensive experience and his work in measuring cybersecurity practices.

Rapid7 provides penetration testing and security tools, and serves 44 percent the 500 largest US companies. She is not afraid of controversy and is well-known as the maintainer Metasploit, an open-source hacking tool that adds new technologies in hours after being exposed.

Chad Lauder, one of the founders of the company, is now an activist documenting racist attacks and far-right attackers. He also participated in the January 6, 2021 Capitol Riots. According to a former employee, Lauder was banned by Twitter at the request of Elon Musk. He also saw a screenshot of the notes that accompanied the decision.

After being fired by Twitter in January 2022 Zatko filed a whistleblower claim with the Securities and Exchange Commission. He claimed that Twitter’s security was so poor that it had violated an FTC settlement agreement and that it failed to warn shareholders. . He said that half of the company’s servers had outdated software and that thousands were able to access Twitter’s codebase. There was little monitoring of their activities.

Musk, who is also CEO of Tesla, exploited these revelations in a failed effort to reverse the $44 billion purchase Twitter.

The SEC shared Zatko’s complaints with Congress. Congress held a hearing in September. They pledged to improve oversight for privacy and national security. The Securities and Exchange Commission and the Federal Trade Commission are still investigating Zatko’s claims.

Zatko declined talk about Twitter’s changes since Musk acquired it. These include an outage and layoffs for several safety experts, as well as about three quarters of its employees.

As Rapid7’s “executive-in-residence,” reporting to Thomas, Zatko said he plans to work with CIOs and boards “hungry for how they value their investments in the Internet — are they paying off, can they predict the potential for problems.”

Data can be plotted to make security seem great or bad. Vendors try to make ordinary capabilities seem extraordinary.

Zatko claimed that he was trying to “bring data with context to security” all the way up to DARPA.

“We are at an inflection point in the field where we can measure the Internet, whether investments are having a positive or negative impact. And there are some forces that might be against that.”