Presumably Apple are hiring him to help them make it impossible for Apple to comply with a court order such as the one the FBI asked for (and kinda, sorta, got).
Good luck with that.
To achieve that 'impossibility' is a contradiction in terms. Lets look at the requirements for such a thing:
1) Install signed updates from the manufacturer. Justification: we have to be able to fix bugs, make improvements, etc.
2) Refuse to install signed updates from the manufacturer. Justification: the manufacturer may have been obliged to add a crypto-sidestepping routine for this specific (or every) phone.
Irrespective of what side of the debate one is on, we have to accept that Apple will always ultimately be the weakest link in resisting this kind of thing. On iPhones Apple are God, and it will be nigh on impossible for them to stop being that whilst carrying on business as usual.
They could decide to stop doing business as usual, specifically requiring the user to enter their PIN (or whatever) before a phone will accept an update or a connection from iTunes (or whatever). However that would be problematic. Allowing iTunes to wade in and forcibly restore a phone is about the only way punters have of recovering from forgotten PINs, post-update brickings, etc. Removing that capability for everyone is asking for a lot of trouble.
And even that is a bit lame. How many people would actually stop and check to see if this guy is still working for Apple before accepting an OTA update?!