Article Details

Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up. Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker. Interview Joe Sullivan – the now-former Uber chief security officer who was found guilty of covering-up a theft of data from Uber in 2016 – remembers sitting down and thinking through the worst-case scenarios he faced following that guilty verdict in 2022. Federal prosecutors wanted to jail Sullivan for 15 months for his role in the cover up, so at worst he was looking at time behind bars. "In my case, it meant I had to study the different prisons that I could ask the judge to be sentenced to," he told The Register in this much-watch interview you can replay below. Youtube Video Last May, Sullivan got three years of probation plus 200 hours of community service in what is believed to be the first time a high-profile CSO has been charged, convicted, and punished in America regarding decisions taken in their job. 70% of CISOs worry their org is at risk of a material cyber attack "Responsibility has to stop at the top," he said, regarding who generally should be held to account when security problems flare up. Sullivan also explained what CSOs and CISOs need to effectively do their jobs, and lessons learned from his experience.  "I think it's really important that security leaders not look at the environment right now and throw up their hands and quit," he said. "We need them to be motivated and excited and running to work, not thinking about changing professions. Because these people are the people that are gonna keep us safe."