Joe Sullivan on What CISOs Need to Know About the Uber TrialThe Former Uber CSO Discusses Data Breaches and Offers Guidance for Future CISOs
In my opinion, in the Joe Sullivan-Uber case, the Federal Trade Commission and the U.S. Department of Justice struck a critical, severe blow to the progress of cybersecurity defense by abusing the idea of fiduciary care and personal liability for the CISO vs. a true officer of the company. It's not the CISO who prevents us from doing what needs to be done. It's the management and leadership in our companies.
Joe Sullivan said that in the Uber breach case, his team did "a really good job" and "data was protected, recovered and not disseminated on the dark web." What he failed to do, he said, was "communicate whet we did operationally and effectively."
In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Sullivan discussed:
- Whether the Uber case was a data breach or not - and why that making that distinction can be complicated;
- Why attribution matters when investigating a data breach;
- Why being a cybersecurity leader is "a noble profession" and also a "hard, thankless" one.
Sullivan is a lawyer, a CISO and a former federal prosecutor with the U.S. Department of Justice. He served as a CSO at Facebook, Uber and Cloudflare and as an associate general counsel at PayPal. Sullivan co-founded the Computer Hacking and Intellectual Property Unit at the Department of Justice and worked there for eight years. He served as a commissioner at the National Cyber Security Alliance for five years. In 2016, he was appointed by then-President Barack Obama as commissioner of the Commission on Enhancing National Cybersecurity.