Twitter has hired former IBM executive Rinki Sethi as its new Vice President and Chief Information and Security Officer.
“At Twitter, she will lead our growing InfoSec team, protecting our customers and our company to earn trust,” said Nick Tornow, Platform lead, Twitter, in a tweet.
Twitter did not have anyone in the CISO role from January till Sethi assumed charge on September 28.
A security specialist
Sethi is a BS in Computer Science engineering from the University of California, Davis, and an MS in information security from Capella University in Minnesota. She has over 15 years of experience in the field, having started her security specialist career at PG&E in 2004.
During her tenure in Walmart, Sethi built a $100 million security infrastructure. At eBay, she established security strategies for over 30 adjacent businesses conducting global business in countries such as China and India.
She later donned the role of VP, Information Security, at IBM and Palo Alto Networks.
In addition Sethi is also an investor in Silicon Valley CISO Investments.
Pankit Desai, founder, Sequretek, a cybersecurity platform, said: “It is surprising that the company did not have a CISO for so long, especially at a time when instances of cyber attacks have increased, during the pandemic.”
Her appointment comes weeks after prominent Twitter handles were hacked, and weeks before the 2020 US Presidential elections. The platform has also been targeted more than once, a cause for concern over its security, during the period when it had no CISO in charge.
On July 15, high-profile handles such as Uber, Apple, Amazon’s Jeff Bezos, and Elon Musk were attacked. Hackers were able to amass $121,000 in bitcoins, according to a CNBC.com report. A 17-year-old was arrested as the mastermind behind the attack.
Their modus operandi was phishing, wherein the attackers gained access to the controls of employee tools by coercing the Twitter employees to let them hack these accounts. According to a Wired.com report, it took a month for Twitter to return to normalcy.
It was not the first attack that the platform had faced nor will it be the last. Founder Jack Dorsey lost control of his own account a little over a year ago through third-party platforms. On September 2, Indian Prime Minister Narendra Modi’s account was hacked by someone claiming to be “John Wick”.
In an emailed statement to certain media houses, a Twitter spokesperson said: “We're aware of this activity and have taken steps to secure the compromised account. We are actively investigating the situation. At this time, we are not aware of additional accounts being impacted.” According to reports, an internal investigation revealed that this hack was not related to the July incident.
In June, Amul's Twitter account was blocked briefly after it was caught in the site's security processes. It was released a day later.
Why the long wait?
The reasons for the delayed appointment of a security chief are not clear yet. Desai pointed out that Twitter might have had someone acting as CISO in the interim.
But that is hardly enough when the organisation deals with significant user data, especially of high-profile users, said Pareekh Jain, founder, Pareekh Consulting, a tech consultancy firm. “They were probably looking for a replacement since the beginning of the year. But it would be fair to assume that they became aggressive only after the July bitcoin incident,” he explained.
Sethi is also expected to be more aggressive and proactive in putting in security policies, he added.
Recently, Twitter rolled out internal tools to address the risk of third parties accessing employees’ tools.