Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

CSO

Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up

Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker

Jessica Lyons Sat 8 Jun 2024  //  14:40 UTC

Interview Joe Sullivan – the now-former Uber chief security officer who was found guilty of covering-up a theft of data from Uber in 2016 – remembers sitting down and thinking through the worst-case scenarios he faced following that guilty verdict in 2022.

Federal prosecutors wanted to jail Sullivan for 15 months for his role in the cover up, so at worst he was looking at time behind bars. "In my case, it meant I had to study the different prisons that I could ask the judge to be sentenced to," he told The Register in this must-watch interview you can replay below.

Last May, Sullivan got three years of probation plus 200 hours of community service in what is believed to be the first time a high-profile CSO has been charged, convicted, and punished in America regarding decisions taken in their job.

70% of CISOs worry their org is at risk of a material cyber attack

READ MORE

"Responsibility has to stop at the top," he said, regarding who generally should be held to account when security problems flare up. Sullivan also explained what CSOs and CISOs need to effectively do their jobs, and lessons learned from his experience. 

"I think it's really important that security leaders not look at the environment right now and throw up their hands and quit," he said. "We need them to be motivated and excited and running to work, not thinking about changing professions. Because these people are the people that are gonna keep us safe."

Watch the 23-minute interview above for all this and more. ®
Send us news
33 Comments

Netherlands fines Uber €290M for improper EU-US driver data transfers

The ride-sharing provider insists it broke no rules during the three-year legal gap

Microsoft hosts a security summit but no press, public allowed

CrowdStrike, other vendors, friendly govt reps…but not anyone who would tell you what happened

Alleged Karakut ransomware scumbag charged in US

Plus: Microsoft issues workaround for dual-boot crashes; ARRL cops to ransom payment, and more

White House thinks it's time to fix the insecure glue of the internet: Yup, BGP

Better late than never

CrowdStrike's meltdown didn't dent its market dominance … yet

Total revenue for Q2 grew 32 percent

Volt Typhoon suspected of exploiting Versa SD-WAN bug since June

The same Beijing-backed cyber spy crew the feds say burrowed into US critical infrastructure

Microsoft security tools questioned for treating employees as threats

Cracked Labs examines how workplace surveillance turns workers into suspects

Watchdog warns FBI is sloppy on secure data storage and destruction

National security data up for grabs, Office of the Inspector General finds

Iran's Pioneer Kitten hits US networks via buggy Check Point, Palo Alto gear

The government-backed crew also enjoys ransomware as a side hustle

Transport for London confirms cyberattack, assures us all is well

Government body claims there is no evidence of customer data being compromised

House to grill CrowdStrike exec on epic IT meltdown... no, not the CEO

VP Adam Meyers to testify about that faulty software update which ruined July and some of August

GPT apps fail to disclose data collection, study finds

Researchers say that implementing Actions omit privacy details and expose info