Lord of the Paranoids: New Yahoo security exec on protecting a billion-plus accounts

Bob Lord, Yahoo's new security chief, will lead a team called the Paranoids. Like all security executives, he has a tough job.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read

Robert Lord joined Yahoo as chief information security officer this month. Pictured is Yahoo's Sunnyvale headquarters.

Scott Carson/ZUMA Press/Corbis

Robert Lord doesn't wear a cape, and he doesn't work in a secret lair. However, he does lead a team of cybersecurity workers called the "Paranoids" at Yahoo's headquarters. His mission is to protect everyday people from some of the worst stuff on the Internet.

The former Twitter security executive, who became Yahoo's new security chief this month, said Internet users are getting savvier about Web security, but it's still a tough job to protect more than a billion accounts from constant attack. It's him and the Paranoids against nation-states and crime rings.

Getting users to click on fewer phishing emails and protect themselves from known computer viruses is only a small part of his work. "If it were sufficient we wouldn't [be here]," he said.

As part of their work, the Paranoids try to break their own systems looking for vulnerabilities. The company's high regard for the Paranoids' feedback is what drew Lord to the job, he said. "That is not always universally welcomed."

Any major tech company worth its salt has an executive or two in charge of security these days, and many of them follow the same protocol as the Paranoids. Lord himself helped create the security department at Twitter from 2012 to 2014 before heading to cybersecurity company Rapid7. Now he has to lead a department that has seen its two previous leaders depart over the past six months. Both previous chief information security officers left for similar jobs at Facebook and Apple, respectively.

Lord also has to work with the US government as it tracks down both cybercriminals and terrorists, and like all tech companies it receives requests for user information. His first priority in these interactions is Yahoo's users, he said.

"Yahoo carefully reviews these requests and narrowly discloses the data necessary to comply," he said, adding that the company is committed to telling users as much as possible about the law enforcement and intelligence agency requests for data it receives.

He will also become a key executive in the debate over whether the Sunnyvale, California, company should create a way for the US government to crack encrypted, or protected, data as part of its investigations. Lord, like most of Silicon Valley, feels strongly about this debate.

"Governments around the world have the responsibility to protect their citizens," he said. But, "We strongly oppose efforts by intelligence agencies to build in back doors."