Of course he did - C-level officer close to hugely controversial issue, leaving the company in 6 months. It'll be predicated on an NDA, some sort of success metrics for the transition process, and a monster golden parachute.
Worth noting that CSO / CISO isn’t really a C-Level position. They usually report to the CIO or CTO and are leveled at VP or whatever one one or two levels below what the “real” execs are.
You’ll notice he isn’t listed as an exec in their SEC filings, which include their CEO, COO, CFO, Chief Product Officer, VP Business and Marketing Partnerships, CTO, and VP General Counsel.
That tells you a bit about how important tech companies really think security is. In fact you will often find the head of HR among that group before you’ll see a CSO.
It doesn’t matter though, as it’s incredibly rare for a CSO to actually know anything about security. Stamos is an exception. I’d wager that you can likely count the number of CSOs who have ever written an exploit on one hand.
Often not true. I've always advocated that the CSO report to the CEO, and that is how it came to be. I was listed on the exec page, and the current CSO is now as well.
There are quite a few ways he may have to get around an NDA: a congressional subpoena requiring testimony superceding NDAs, and so would any testimony in court if this spawns any civil or criminal cases.
