ex-CSO for FB, now advisor for Zoom

Alex Stamos, ex-Chief Security Officer for Facebook, now Advisor for Zoom

Here’s what Stamos wrote. He sounds like a sharp guy and a good pick. And he sounds very positive. I’m impressed.

I shortened what he wrote for my notes. Bolding is mine.


"Last week, I got a phone call from Eric Yuan, Zoom’s CEO. We talked about the significant challenges his company was facing, both in responding to an incredible growth in users but also living up to the security expectations of the moment. He asked detailed and thoughtful questions of my experiences working at companies facing extreme crises, and I was impressed by his clear vision for Zoom as a trusted platform and his willingness to take aggressive action to get there. He asked if I would be interested in helping Zoom build up its security, privacy and safety capabilities as an outside consultant, and I readily agreed.

In the interest of transparency I think it’s important to disclose this work. I don’t do a lot of consulting these days; I am generally quite busy with my role at Stanford. This opportunity to consult with Zoom was too interesting to pass up, however, and I thought I would explain why I have embraced this challenge.

First off, Zoom has gone from being a successful mid-sized enterprise IT company to a critical part of the lives of hundreds of millions in the space of a couple of months. I am attracted to difficult problems and this creates some doozies. As someone who has walked through the galaxy of blinking lights and deafening whir of tens of thousands of servers carrying the sessions of millions of users, I appreciate the effort it takes to build a product that scales.

To successfully scale a video-heavy platform to such a size, with no appreciable downtime and in the space of weeks, is literally unprecedented in the history of the Internet.

It has been clear to many people who have worked on production-scale systems that something special has been happening at Zoom, and the related security challenges are fascinating.

It’s not just the technical challenges that I am interested in. In a time of global crisis, Zoom has become a critical link between co-workers, families, friends and, most importantly, between teachers and students. The morning Eric called me there were five simultaneous Zoom sessions emerging from my home, as my three kids recited the Pledge of Allegiance in their virtual morning assembly, my wife supported her middle-school students and I participated in a morning standup with my Stanford colleagues. Like many techies I have used Zoom professionally for a while, but I admit that there was still a bit of culture shock as my wife taped a daily calendar full of Zoom meeting codes to our eight year-old daughter’s desk.

The adaptation of a successful enterprise collaboration tool into virtual classrooms, virtual doctor’s offices and a myriad of other applications (including at least one virtual Cabinet Room) has created privacy, trust and safety challenges that no company has ever faced. As I told the computer science students in my course this last quarter (the last two weeks of which were taught over, yes, Zoom) coding flaws and cryptographic issues are important, but the vast majority of real technological harm to individuals comes from people using products in a technically correct but harmful manner. Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I’m looking forward to working with Zoom’s engineering teams on those projects.

Still, the real challenge, one faced by every company trying to provide for the diverse needs of millions seeking low-friction collaboration, is how to empower one’s customers without empowering those who wish to abuse them. I encourage the entire tech industry to use this moment to reflect on their own security practices and have honest conversations about things we could all be doing better. This is possibly the most impactful challenge faced by the tech industry in the age of COVID-19, and together we can make something positive out of these difficult times and ensure that communications are safer and more secure for all."



For anyone interested here’s a video of Alex doing an interview at UC Berkeley about his journey from college student to eventually working @ Facebook CSO. Quite a story!


Long ZM


For anyone interested here’s a video of Alex doing an interview at UC Berkeley about his journey from college student to eventually working @ Facebook CSO. Quite a story!


Thanks windjohn, that was a very interesting interview. Stamos comes across as self effacing and modest, but a genius at security, with all kinds of amazing insights that he throws out. I can see how he was made a Professor at Stanford’s Center of International Security even though he didn’t even go to graduate school, much less get a PhD. What a bright guy, and what good instincts. If anyone is interested in the video, I’d start at the 5 minute mark and skip the rambling introductions, and watch until at least the 30 minute mark.