Twitter’s top cybersecurity employee Lea Kissner has left the social media giant.
Kissner announced the move in a tweet on Thursday, saying they made the “difficult decision” to leave Twitter, but did not say why they resigned. Elon Musk completed a $44 billion acquisition of Twitter two weeks ago, resulting in layoffs affecting more than half the company and the departure of top executives, including CEO Parag Agrawal, General Counsel Sean Edgett and Chief of Legal Policy Vijaya Gadde.
News of Kissner’s departure was first reported by Casey Newton. Twitter’s chief privacy officer, Damien Kieran, has also resignedand chief compliance officer Marianne Fogarty is said to have done the same, according to Newton, citing messages shared on Twitter’s Slack.
The departures raise regulatory questions, particularly about who is tracking activity on the platform and making sure Twitter is reporting information and complying with existing frameworks.
“We are following the recent developments at Twitter with deep concern,” a spokesperson from the FTC said in a statement provided to TechCrunch. “No CEO or company is above the law and companies must follow our consent decrees. Our revised consent order gives us new tools to ensure compliance, and we are prepared to use them.” Read more about what could happen at the FTC next here.
It is not immediately clear who is responsible for Twitter’s day-to-day security operations following Kissner’s departure. A Twitter spokesperson did not immediately respond to a request for comment.
We’ve also reached out to Kissner, Kieran and Fogarty for comment and will update this post whenever we hear more. Anyone reading this and wanting to relay more information about this or other stories on Twitter can also contact us via the channels here.
Kissner previously served as Twitter’s head of privacy engineering and was named Twitter’s chief information security officer (CISO) in January 2022 following the departure of security chief Peiter “Mudge” Zatko and then-CISO Rinki Sethi. Mudge went on to blast federal regulators alleging security mismanagement and lax access controls put user data at risk.
Twitter is currently under a 2011 settlement with the Federal Trade Commission, which accused Twitter of cybersecurity failures that allowed cybercriminals to access internal systems and user data.
The order mandates that Twitter “establish and maintain a comprehensive information security program” that will be audited every decade. It’s not clear how Twitter maintains that compliance with the FTC without a company security direction. An employee said in a company Slack that it was for Twitter engineers to “self-certify” compliance with the FTC.
“All of this is extremely dangerous for our users,” a message quoted Newton as saying said. “Given that the FTC can (and will!) fine Twitter billions of dollars pursuant to the FTC’s Consent Order, extremely damaging to Twitter’s longevity as a platform. Our users deserve much better than this.”
An essay this week in the MIT Technology Review outlined how the current staffing at Twitter, which laid off half of its staff late last week, would make the company and its platform unsustainable, and it looks like the wheels might turn. leave even faster than critics thought.
Even before this, the company had faced a series of security and data protection issues. In two from earlier this year, Twitter was fined $150 million in May for violating a 2011 consent decree for misusing user-supplied email addresses and phone numbers to set up two-factor authentication for its ads. targeted. In August, it discovered (and fixed) a security vulnerability that allowed threat actors to harvest information on 5.4 million Twitter accounts that were listed for sale on a popular cybercrime forum.
