On the heels of raising new funding on a $20 billion valuation, payments and financial services startup Stripe is making a key hire to reinforce its message to the world that it’s taking security of its cloud-based services seriously. Today the company is announcing that it has hired Niels Provos as its new head of security. Provos was most recently a distinguished engineer at Google, where he has led some of the search giant’s biggest efforts to make its service secure, perhaps most famously Safe Browsing, but also more recently Google Cloud Platform and Google’s production infrastructure.
He’s also a well known cryptographer and researcher that has had a big impact on other projects aimed at improving internet security, such as bcrypt, honeyd, and OpenSSH. He’s also a blacksmith who makes swords and knives (another kind of security tool, I suppose).
From what I understand, Provos had been talking to Stripe about the job for a while before leaving Google.
“Over the last twenty years, I have applied myself to improving and advancing the security of the Internet not only for billions of users but also for businesses who are in critical need of a secure foundation,” he said in a statement. “I believe that what Google was to search, Stripe will be to commerce: global infrastructure that’s remaking what’s possible online. I am really excited to join Stripe’s excellent security team and to work with them helping businesses running on Stripe improve their security as well.”
Provos is the latest hire in a series of moves to beef up security talent at Stripe, at a time when security breaches are at an all-time high, with the financial services industry the largest target of that rise. Equifax is the breach we all know (some of us in a more painful way than others, unfortunately), but there have been many more. A study from Accenture estimates that the number of breaches go up by nearly 10 percent each year, with the cost to fix them rising about 40 percent each year, and are currently at around $18 million per organization.
In that context, it’s no surprise that Stripe is bringing in top talent to lead its efforts and also to shore up industry confidence in its services (because, despite the fact that Stripe has millions of customers, there remains a lot of competition in payments, Stripe’s core business). But it’s been a long-term process there, not just involving hiring talent but launching products like Radar for fraud prevention.
Interestingly, from what I understand Provos was hired by another security star, Mudge, who joined Stripe in May 2017, also to be its head of security. How does that square up? Mudge is apparently still staying on, but not in that role.
“We’re lucky to work with some of the foremost security experts in the world, especially Mudge, whose contributions to Stripe have been enormous,” said David Singleton, Stripe’s director of engineering. “Mudge joined us with the specific goal of building out a world class security team, and that’s exactly what he’s done — hiring dozens of security leaders and spinning up teams to focus on data privacy, security engineering, threat operations, application security, and more. He also helped us hire Niels, whom he’s known for over twenty years. While the bulk of his initial work is done, we’re grateful to have Mudge’s continued support at Stripe.”