Sources: Yahoo CISO Bob Lord out after AOL-Yahoo merger

According to our sources, Yahoo’s chief information security officer, Bob Lord, is losing out to AOL’s Chris Nims for the security chief’s chair of new umbrella entity, Oath.

This is as a result of the AOL-Yahoo merger, with Verizon’s acquisition of Yahoo expected to close next week.

The jockeying for SVP positions within the combined entity has seen several Yahoo senior managers taking the leadership reins at Oath at the expense of their AOL counterparts.

But when it comes to security, the optics were always going to look unkind for Lord — given Yahoo’s still recent reveal that it suffered the worst (known) data breaches in history.

We’ve reached out to Lord and Nims for comment but at the time of writing neither had responded. Yahoo also declined to comment. AOL, which is the parent company of TechCrunch, did not respond to our requests for comment.

But multiple sources have told us that Lord will not be Oath’s CISO.

Lord only took up the CISO post at Yahoo in November 2015, taking over after Yahoo’s systems had already been compromised — though as yet unbeknownst to its security staff.

The two massive hacks, with at least 500 million Yahoo accounts compromised at least as early as 2014 in one breach, and a further one billion accounts hacked in August 2013, were not discovered and disclosed by Yahoo until last year. Earlier this year the DoJ accused Russian spies — working alongside Russian criminals — of perpetrating one of the hacks.

Speaking about the moment he realized the scale of the hacks, at TC Disrupt New York last month, Lord described the feeling of dawning horror as akin to vertigo.

The reputational damage to Yahoo from the revelations of the data breaches ended up knocking $350 million off its sale price to Verizon.

As we reported earlier this week, around 15 percent of global headcount across AOL and Yahoo is being culled as a result of the integration by parent company Verizon.

NB: AOL is also TechCrunch’s parent company.