Stamos, Alex
Krebs Stamos Group Partner, Jan 2021 – present
(full-time, Washington DC). Stanford Internet Observatory
Director (non-PhD teaching/research professor), Aug 2018
– present (full-time, Stanford CA). Facebook data
breach Chief Security Officer (CSO; same as CISO), Jun 2015
– Aug 2018. Yahoo data breach Chief Information
Security Officer (CISO), Mar 2014 – Jun
2015.
Little IT education. Only a BS in electrical
engineering and computer science from the University of
California Berkeley, which puts political correctness above
competence. Even if UC Berkeley were good, a BS is too little
for the CISO of a Fortune 500 company that is a prime hacking
target.
From
Yahoo-Then-Facebook
CISO Alex Stamos Allows Yet Another Massive Data Breach:
Yesterday, Facebook admitted to yet another massive data
breach; 50 million user accounts compromised. Alex Stamos
was (Jun 2015 – Aug 2018) Facebook's Chief Information
Security Officer (CISO a.k.a. CSO) when the hole that
allowed the breach was introduced into Facebook's code (Jul
2017). Stamos was (Mar 2014 – Jun 2015) also CISO of
Yahoo during their two massive data breaches (late 2014);
500 million and 1 billion user accounts compromised. Stamos
staggeringly exemplifies another aspect of IT incompetence:
being overwhelmingly more interested in imposing his
political beliefs on customers than in being competent at
his high-paid IT job.
...
Facebook makes it sound like a sophisticated attack,
although it was probably an obvious hole to any competent
programmer, who would be extra careful with any feature that
lets a user pretend to be some other user. This is exactly
what a CISO, like Alex Stamos at Facebook at the time (Jun
2015 – Aug 2018), should have been looking out
for.
...
Alex Stamos quit Facebook in August 2018, not over
exasperation with Facebook's poor security, but in protest
over Facebook's handling of Russian meddling in the 2016
U.S. election. Politics over IT competence.
Before Facebook, Alex Stamos was CISO at Yahoo from March
2014 to June 2015. In late 2014 a data breach occurred at
Yahoo that compromised 500 million user accounts. A
separate data breach also occurred in 2014 that compromised
1 billion user accounts. Stamos was CISO at Yahoo when he
could and should have done something to prevent these
massive data breaches.
Alex Stamos is a disaster moving from one place to the next
hoping his IT incompetence doesn't catch up with
him.
These two massive Yahoo data breaches were admitted only in
September and December 2016, respectively, which explains
why Facebook still hired Alex Stamos as CISO in June 2015.
The data breaches drastically and adversely affected the
buying of Yahoo by Verizon, which was being negotiated in
late 2016, so it is unlikely that even IT incompetent
Facebook would have hired Stamos as CISO had they
known.
Alex Stamos quit Yahoo in June 2015, not over exasperation
with Yahoo's poor security, but in protest over Yahoo's
handling of NSA snooping of Yahoo email (although Facebook
allowed exactly the same thing, but maybe Stamos didn't know
that yet). Additionally and ironically, while CISO at
Yahoo, Stamos got himself invited to testify before Congress
about computer security and data privacy. Politics over IT
competence.
(Dictionary definition of "yahoo": a person who is not very
intelligent and is rude, noisy, or violent.)
Alex Stamos claims to have a BS
in Electrical Engineering and Computer Science (EECS) from
the University of California, Berkeley. A BS in Electrical
Engineering and Computer Science from a good university is
what I would require as a minimum for IT competence (and a
higher degree for higher positions, like CISO of a Fortune
500 company); see The
Most Important IT Credential: An IT Education in
Principles of IT
Incompetence. I have a BS in EECS from MIT (and a
Ph.D. in supercomputing from Columbia); see my Credentials.
So is Alex Stamos IT competent? No. The "good university"
clause is the main catch (Stamos also only has a BS as CISO
of Fortune 500 companies). UC Berkeley is the
quintessential politics over competence university, and
violently so at that. You could have easily predicted
Stamos's IT incompetent political loudmouth career based on
his being at UC Berkeley for EECS. See IT
Hiring: Trading IT Competence for Political Correctness
in Principles of
IT Incompetence.
Alex Stamos is now at Stanford University "working to make
tech safer and more trustworthy for all via teaching and
research". A couple of sayings come to mind: "those who
can, do; those who can't, teach" and "politics over
competence universities, the last refuge of the
incompetent". Stanford has drastically degenerated: they
hire incompetent non-PhD's as research professors.
From
CISA:
No Infrastructure Cybersecurity, Just a Stepping Stone for IT
Incompetents:
Chris
Krebs did not end up working directly as an employee of
Microsoft, but only because he saw and exploited an
opportunity created by The
Doomsday Microsoft Government Email Data Breach. After
he was fired for IT incompetence by President Trump after
the 2020 U.S. Presidential Election in November 2020, Chris
Krebs started an IT security consulting firm with,
incredibly,
Alex Stamos, the IT incompetent
Yahoo-then-Facebook Chief Information Security Officer
(CISO) who was responsible for both Yahoo's and then
Facebook's massive data breaches; see Yahoo-Then-Facebook
CISO Alex Stamos Allows Yet Another Massive Data Breach.
The first customer of the Krebs Stamos Group was SolarWinds,
the software company whose biggest customer was the federal
government and that most are blaming — although
Microsoft was really to blame — for The
Doomsday Microsoft Government Email Data Breach.
Microsoft will also, if they haven't already, hire the Krebs
Stamos Group, which will also probably be a violation of
Title 18 (crimes and criminal procedure) of U.S. Code,
§ 207 (restrictions on former officers, employees, and
elected officials of the executive and legislative
branches); see IT
Hiring: IT Incompetence Breeds Disloyalty and Corruption
in
Principles of IT
Incompetence.