Yahoo has laid off around 25% of its cybersecurity team, known as “The Paranoids,” over the past year, according to information obtained by Cyber Security News.
The cuts involved losing 40 to 50 employees from the team, which initially comprised approximately 200 members, through layoffs and attrition since the start of 2024. Current and former Yahoo employees speaking anonymously confirmed the changes.
The Paranoids, Yahoo’s dedicated cybersecurity team, have been widely recognized for their efforts to secure the company’s platforms and protect its users.
However, the layoffs have significantly impacted the team, including eliminating its offensive security unit, the “red team.” This specialized group conducted simulated cyberattacks to identify vulnerabilities in Yahoo’s systems before external hackers could exploit them. Sources confirmed that this week’s round of layoffs marked at least the third time the cybersecurity team was impacted this year.
Yahoo Confirms Strategic Adjustments
In a statement that Cyber Security News team learned, Yahoo confirmed the layoffs and the decision to dissolve its red team. The company’s spokesperson, Brenden Lee, explained that the changes reflect a more significant evolution in Yahoo’s security strategy.
“Yahoo’s security program has matured significantly over the past seven years and is widely recognized as a world-class, industry-leading operation. As part of this evolution, we’ve made strategic adjustments, including transitioning offensive security operations to an outsourced model,” said Lee.
“This change reflects the sophistication of our program and enables us to concentrate resources on critical security priorities, maintaining the highest standards of protection for our users and platforms.”
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
Broader Technology Layoffs at Yahoo
The cybersecurity layoffs are part of a larger restructuring effort within Yahoo’s technology division. Valeri Liborski, Yahoo’s chief technology officer, announced broader changes across enterprise productivity and core services in an internal email sent to employees earlier this week, which Cyber Security News obtained. Liborski acknowledged the difficulty of the decision, writing, “This was a very difficult decision and one I have not taken lightly.”
These cuts follow a broader wave of layoffs at Yahoo in 2023, when the company reduced its global workforce by more than 1,600 employees, approximately 20% of staff.
At the time, Yahoo CEO Jim Lanzone defended the layoffs, stating they would be “tremendously beneficial for the profitability of Yahoo overall” and that the company would focus on reinvesting in other growth areas.
The decision to transition offensive security operations to an outsourced model signals a shift in Yahoo’s approach to protecting its platforms.
While outsourcing may offer cost advantages and external expertise, some security professionals argue that in-house teams, especially specialized groups like red teams, provide a deeper understanding of a company’s systems and unique vulnerabilities.
As the tech industry grapples with economic challenges and evolving business priorities, Yahoo’s restructuring highlights the delicate balance companies must strike between cost efficiency and maintaining robust security measures.
The future of Yahoo’s cybersecurity strategy will depend on how effectively it can leverage external partnerships while sustaining its reputation as a leading player in digital security.