Episode 116: Joe Sullivan on Managing Complex Security Challenges

Oct 11, 2023

Joe Sullivan, experienced security risk manager, discusses his career journey from federal prosecutor to CSO at Facebook, Uber, and Cloudflare. He shares insights on building and managing security teams, managing risk at companies like Facebook and Uber, and his experiences being prosecuted for a breach at Uber. Sullivan also talks about the future of executive liability in cybersecurity and his current work supplying technology for remote learning to children in Ukraine.

Ask episode

Chapters

Transcript

Episode notes

Introduction

00:00 • 4min

From DOJ to Facebook: A Journey in Security

03:38 • 12min

The State of International Computer Crime Cooperation and Challenges Faced

15:54 • 3min

Managing Complex Security Risks and Enhancing Safety Measures

19:11 • 12min

Discussion on the Breach and Handling by the Team

31:08 • 1min

Handling a Vulnerability and Attribution

32:23 • 26min

From Volunteer to CEO: A Journey with Ukraine Friends

57:56 • 9min

Joe Sullivan has been at the forefront of managing security risk in rapidly growing high tech companies over the past 20 years serving as the Chief Security Officer at Facebook from early start-up through the IPO, CSO of Uber and CloudFlare, and as a security leader at eBay/PayPal. Joe was also involved in a landmark legal case for a breach at Uber which resulted in a criminal conviction that serves as a precedent for executive liability in cybersecurity going forward.

In this OODAcast we discuss:

Joe's early career and how he got interested and involved in technology and started his career as a federal prosecutor focused on cyber crime.
The transition into serving as a technology company CSO and his experiences at eBay/PayPal, Facebook, Uber and Cloudflare.
Lessons learned from building and managing highly functional security teams in dynamic environments.
Frameworks for managing risk at companies like Facebook and Uber.
His experiences being prosecuted and convicted surrounding circumstances associated with a 2016 incident at Uber.
How the courts will handle future cases like this and the associated liability for C-suite executives.
His current work focused on supplying technology for remote learning to displaced children in Ukraine.

Official Bio:Joe Sullivan is CEO of Ukraine Friends and President of Joe Sullivan Security LLC. Previously, Joe had served as the Chief Security Officer of Cloudflare since July (2018 - 2022). Prior to that, Joe was employed as Chief Security Officer at both Uber (2015 - 2017) and Facebook (2008 - 2015). His first private sector experience was in senior security and legal roles at eBay and PayPal (2002 - 2008). He also held the position of Commissioner for the United States Presidential Commission on Enhancing National Cybersecurity in 2016 and spent the first eight years of his career with the US Department of Justice, including as a federal prosecutor focused on cyber crime. Joe also advises a number of companies on security practices and mentors a number of developing security leaders.

Recommended Books:

Russia: Revolution and Civil War, 1917-1921

Beneath A Scarlet Sky