Yahoo’s Chief Information Security Officer Departs — With More Top Execs Under CEO Scrutiny
Yahoo’s Chief Information Security Officer Justin Somaini (pictured here) has left the company, according to sources.
It’s not clear why the top security risk exec has departed the Silicon Valley Internet giant. But, said sources, it could be partially related to the recent hacking issues around the newly refreshed Yahoo Mail, including its vulnerabilities to cross-site scripting, or XSS, attacks. This has been blamed for a surge in spam emanating from compromised email accounts, a problem that some security experts outside the company said Yahoo has been slow to fix.
Along with a number of execs, including Connections SVP Shashi Seth, addressing such issues were within Somaini’s purview. It’s not clear if Seth — who has also been the subject of persistent departures rumors internally over the last few months — will also be getting some of the blame for the embarrassing security problem in a key Yahoo product.
But sources noted that Somaini’s leaving is also part of a wider look at a range of higher-level execs at Yahoo — top staff status is based on Levels, such as L3, L4, L5 — that is now taking place across the company by CEO Marissa Mayer.
Sources noted that Mayer is moving to replace a number of them as she seeks to remake the top ranks of the company, even as some are contemplating departure in the March time frame when their various and sundry stock options and other payouts are realized.
That said, sources said Somaini has been looking to leave too, unhappy with the new regime, as are some others at his level.
His quest for a new job should not be too hard, since Somaini has a strong resume, coming to Yahoo in April of 2011 from Symantec, where he was also CISO. Before that, he worked as a director of information security at VeriSign. He has a very lively cybersecurity blog, too, which you can look at here.
I reached out to Yahoo for comment, but have not heard back as yet.