Over the past decade, Zatko has worked at DARPA, the research arm of the Department of Defense, and also spent time at Google’s Advanced Technology and Projects group.
He was previously a member of L0pht, a prominent hacker collective that warned the government of security holes in the internet during the early days of the consumer web.
Zatko most recently ran the Cyber Independent Testing Lab, a nonprofit he started that tests consumer software for privacy and data security risks. The group is now working with Consumer Reports to come up with a standard for evaluating the security of digital products and services that could help better educate consumers.
Stripe has also hired Jon Kaltwasser, another well-respected security expert, who has helped lead cyber security efforts at the NSA, U.S. Navy and U.S. Cyber Command. Bryan Berg, who had been overseeing much of Stripe’s security operation, will stay at the company and lead certain security initiatives with a “particular focus on Stripe’s infrastructure going forward,” Zatko said via a spokesman.
“Security is such an immensely key part of what we do and what customers are buying from us that we always thought that we need to be the best in the world at it,” CEO Patrick Collison said on an upcoming episode of Kara Swisher’s Recode Decode podcast.
With Zatko and Kaltwasser, Stripe is adding two industry veterans who have “extensive experience seeing the most advanced adversaries in the world,” Collison added.
The timing is good. Stripe is now on the ground in 25 countries, and processing tens of billions of dollars of digital payments annually on behalf of customers. The company has around 750 employees.
In an interview, Zatko said part of Stripe’s draw was the strength of its existing security operation and how well it is intertwined into everything the company does. He was also attracted to the challenge of thwarting would-be attackers at a rapidly scaling company that serves a wide range of business types, from one-person startups to large organizations.
Though Zatko will now only serve as a board member of the Cyber Independent Testing Lab, he said he plans to continue bringing transparency to his security research at Stripe.
“One of the things Patrick said was, ‘I want to be really open with the stuff you’re doing here,’” Zatko said. “‘How we quantify it, how we measure the efficacy of it, and share it with the industry.’”
This article originally appeared on Recode.net.