Facebook’s Security Chief to Depart for Stanford University

SAN FRANCISCO — When Facebook revealed Tuesday that it had identified a political influence campaign ahead of the November midterm elections, the company’s chief security officer, Alex Stamos, was front-and-center in speaking on the issue.

Posted Updated

Sheera Frenkel
Kate Conger, New York Times

SAN FRANCISCO — When Facebook revealed Tuesday that it had identified a political influence campaign ahead of the November midterm elections, the company’s chief security officer, Alex Stamos, was front-and-center in speaking on the issue.

But Stamos will exit the social network this month, just as Facebook steps up its efforts to combat misinformation and foreign interference. In an interview, Stamos, 39, said he planned to join Stanford University in September as an adjunct professor and will also become part of a faculty working group called Information Warfare where he will examine the role of security and technology in society.

The timing is tricky as Facebook grapples with potential threats including election meddling and hackers. The New York Times reported in March that Stamos planned to leave Facebook in August and that his day-to-day responsibilities were reassigned to others in December, but the Silicon Valley company does not plan to appoint a successor for chief security officer.

In an internal Facebook post from January written by Stamos, which was obtained by The Times, he said the company’s security team was being reorganized and would no longer operate as a stand-alone entity. Instead, he wrote, Facebook’s security workers would be more closely aligned with the product and engineering teams and focus either on protecting the company’s corporate infrastructure or its users.

“The safety and security challenges we face today are dispersed across many surfaces, and addressing them requires the focus of many teams across the company,” Stamos wrote in the post.

Sheryl Sandberg, Facebook’s chief operating officer, said in a statement Wednesday that Facebook would continue to collaborate with Stamos in his new job at Stanford.

“Alex has played an important role in how we approach security challenges and helped us build relationships with partners so we can better address the threats we face,” she said.

Amy Zegart, the co-director of Stanford’s Center for International Security and Cooperation, said in a statement that Stamos had been working with the Stanford cyberpolicy program for several years and had piloted a “hack lab” class this past spring.

Stamos’ departure is part of several executive exits from the social network, which has been hit by scandals including Russian meddling on the platform in the 2016 presidential election and misuse of people’s data. The Times reported that Stamos was leaving Facebook after he had advocated the company to disclose more about Russian election interference last year but was met with resistance.

Stamos said in the interview that his last day at Facebook would be Aug. 17. At Stanford, he said, he planned to study the upcoming midterms and the role of technology, as well as election security more broadly and the topic of disinformation. He said he would also look at subjects as basic as passwords and try to re-imagine how they could be made more secure.

Stamos also said Information Warfare was a new working group at Stanford with about 14 faculty members across academic disciplines. The group, which will begin meeting this fall, plans to research information warfare tactics and to develop countermeasures. Stamos said he planned to teach a class for law and policy students on how hackers attack, with the goal of familiarizing future policymakers with common hacking techniques.

Of his time at Facebook, he said, “Obviously, it has been a difficult three years. I’d like to take the things I’ve learned and apply them more broadly.”

Stamos previously worked as chief information security officer at Yahoo before joining Facebook in 2015. He has been vocal about cybersecurity issues. For example, in an address last year at Black Hat, a cybersecurity conference in Las Vegas, he argued that security professionals were overly focused on solving problems that were complex or bizarre and had lost sight of the everyday problems that plagued the internet.

Stamos said that over the course of his career, he had worked as a consultant for all of the major tech companies in Silicon Valley. That would help in his new role at Stanford, he said.

“Part of my goal is to help people find the right folks at these companies, to come up with structures in which we can have cross-disciplinary academic study,” he said, adding that he wanted to address issues including online child safety and the naming of a country or group responsible for a cyberattack.

“There aren’t good norms around a lot these things yet,” Stamos said.

Copyright 2023 New York Times News Service. All rights reserved.