When CISO’s Resign: Lea Kissner Leaves Twitter
A challenging fact of life at large US corporations is the need to follow the established order of the company.
This is something that many people with good conscience, creative minds or simply free spirits tend to struggle with. Which of these factors is why Lea Kissner, Twitter CISO, this morning announced their departure from Twitter Inc?
Ok, by this point you’re probably asking, “What’s a CISO?”. CISO stands for “Chief Information Security Officer”. A CISO is a lot like a CFO but for the technology that keeps the books, employees and customer data safe. Their job is to ensure that a company isn’t hacked and if they are to ensure the liability and impact from hacks are low.
It’s a telling sign when a CISO leaves a company unexpectedly, this departure to my eyes has the same feeling I had as a young adult learning about Enron. Key to a riveting corporate scandal is when the good people start leaving. Today I personally feel I’ve just seen Jeff Skilling stepping down. We all know what happened next…
When I first saw this tweet I couldn’t be sure it was real…
Impact & meaning of this tweet aside, a more important question arises. How do I know this is the real Lea Kissner, CISO of twitter?
This question feels like the core of why a CISO might leave. When users must under take OSINT(Open Source Intelligence) techniques to determine if a “Verified” twitter account is authentic it deeply degrades the user experience.
According to an NYT article Lea Kissner was appointed CISO of Twitter earlier this year.
I also was able to verify this information and work history from a well established LinkedIn profile.
Next I turned back to Twitter to look for historical posts from the -same- profile that today’s resignation came from. I found several tweets referencing Lea’s new role at twitter dated close to when they took over the CISO seat.
I kept digging and found this post:
On the above tweet I reviewed who “Liked” it and discovered that a Twitter HR employee liked that tweet.
But who is Chris Lee?
These sorts of OSINT process are annoying, but it helps to verify 2nd degree actors. So I dig into Chris Lee and find another well worn LinkedIn profile. This is some what circumspect but satisfies my curiosity that this either the real Lea Kissner.
After all this, I’m now happy to say I think that twitter user @LeaKissner whom posted the resignation tweet is infact the (now) former Twitter Inc CISO.
Why is it this hard to verify Twitter Executives on twitter?
It’s very clear to me after this exercise that the “blue check” now means next to nothing. When we all must become OSINT experts to verify a Twitter executive on their own platform its hard to call that an improvement worth paying for.
Mid day updates
When I first drafted this blog post, it was within minutes of Lea’s post on their personal Twitter account. Since that time professional journalist have also confirmed this story. It has now been widely circulated that Twitter’s chief compliance officer Marianne Fogarty and chief privacy officer Damien Kieran have both resigned early this morning in addition to Twitter CISO Lea Kissner.
Reporting from The Verge indicates that Engineers are now being exposed to personal liability for their work at Twitter due in part to the departure of senior security leadership.
Pending FTC Investigations
Washington Post reports that the US Federal Trade Commission will soon be opening an active investigation into the causes and out comes of today’s Twitter C-Suite drama. This is clearly an untenable situation and will spell disaster for the longevity of Twitter as a platform for free speech.
Is My Twitter Data Safe?
When CISOs resign its wise to ask: “Is my data safe”? Without these vital positions filled its impossible for even Twitter to answer. When I see a company fire countless skilled engineers, only to re-hire for those same positions its clear there may not be sufficient man power to keep up with the basic engineering work to keep Twitter online in a secure manor.
In my personal opinion this poses a grave risk to all users of the site especially activist of all stripes, politicans and businesses. I can no longer in good conscience advise anyone to use Twitter for any mission critical needs.
Now is the time to pivot to new platforms. I for one will be spending more time explore Open Source alternatives like Mastodon. I will work to build an instance to support the needs of migrating #BlackTechTwitter users. Please get into contact if you’d like to be apart of the solution!
Follow and Share
If you found this story interesting please support my work as a Black Technologist by following me on Mastodon or donate to me work on Patreon, GitHub, or Liberpay.
