If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook?

Brain drain ahoy.

Graham Cluley
Graham Cluley
@[email protected]

If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook?

According to The Information Facebook is planning to acquire a cybersecurity firm:

“In an effort to repair its tattered reputation around data protection, Facebook is stepping up efforts to acquire a major cybersecurity firm, according to four people familiar with the matter.

“Facebook has approached several security firms about an acquisition, two of the people said, although neither would identify the companies as discussions are still underway. One of the people said a deal could happen by the end of the year.”

Sign up to our free newsletter.
Security news, advice, and tips.

The Information is right about Facebook’s scorched reputation when it comes to data privacy and security. This year has seen a number of disturbing revelations, as well as a growing understanding amongst users of just how the site exploits people’s private information.

However, the issue I find interesting is if Facebook did actually acquire a company brimming with security boffins, there’s a good chance that a fair proportion of them would be very privacy-minded. And it’s quite possible that a good number of them would rather pull their toenails out with pliers than find that their new boss is Mark Zuckerberg.

People who believe in internet security and privacy tend to have quite a dim view of those companies who have made billions duping users into over-sharing their personal data. They have strongly-held opinions, and the way in which they are viewed by their peers is important to them. Put simply – the last thing they may want is to have to admit to their mates that they work for Facebook.

And don’t think that throwing money at cybersecurity experts is necessarily enough to keep them happy. For many, security and privacy isn’t just a job. It’s a fundamental belief that counts for more than a fat wage cheque. And hey, it’s not as though security and privacy experts can’t get a well-compensated job elsewhere.

I imagine there would be a very real risk of a brain drain in the months after an acquisition by Facebook…

Facebook’s Chief Security Officer Alex Stamos – who was well-respected within the IT security industry – left the company earlier this year, and the social network has confirmed that they aren’t looking for a replacement.

Facebook says it has “embedded security” throughout the company, but it seems to me that they might want to reconsider having one guy in overall charge, rather than just waving a large wad of cash at security firms keen to be acquired.

If you’re finding it hard to quit Facebook (the site I mean, not its employment), why not listen to this “Smashing Security” podcast we recorded:

Smashing Security #75: 'Quitting Facebook'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook?”

  1. peter laycock

    Let's ask Nick Clegg, Graham? Facebook's new Head of Global Affairs and Communications. Wow! There's a job for a chap who is experienced at 'explaining' why he did a U-turn on tuition fees and propped up the Tories who took us into the Brexit debacle! Let's ask him what he's got to say about Massive Data Breaches, Facebook's camera portal 'watching you' for targeted ads, and of course how it will retain highly disgruntled key staff from its acquisitions.


  2. Chris

    There's an argument, surely, for wanting to use one's security skills to help to secure and protect an enormous user base? Who amongst us hasn't worked for or with companies with questionable ethics at one stage or another? Let's also not overlook those who are just starting out and are over the moon to have a paid job in this industry – plenty of people don't have the options that you might enjoy Graham.

    Facebook's business practices are highly questionable at times (I have not had a Facebook account for about 5 years) but I don't see them going anywhere soon. It would be great to hear that some heavy hitters in the industry were willing to put their egos and pride to one side to take on a problem of this magnitude.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.