The Joe Sullivan Case: Anomaly or Precedent? Part 2 – ESW #296
In this panel discussion, we'll discuss the polarizing case of Joe Sullivan that has rattled the CISO community. Was the Sullivan case a rare anomaly? Were his actions in this scenario typical or unconscionable for the average CISO? Is it okay for Sullivan to take the fall while the rest of Uber and involved parties plead out with little to no punishment?
We'll tackle all these questions and more with our excellent panel, comprised of: Sounil Yu, CISO and Head of Research at JupiterOne Brian Markham, CISO at EAB Rich Friedburg, CISO at Live Oak Bank Robert Graham, Owner at Errata Security
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guests
Sounil Yu is the CISO and Head of Research at JupiterOne. He created the Cyber Defense Matrix and the DIE Triad, which are reshaping approaches to cybersecurity. He’s a Board Member of the FAIR Institute; co-chairs Art into Science: A Conference on Defense; is a visiting fellow at GMU Scalia Law School’s National Security Institute; teaches at Yeshiva University; and advises many startups. Sounil previously served as the CISO-in-Residence at YL Ventures and Chief Security Scientist at Bank of America. Before Bank of America, he helped improve information security at several Fortune 100 companies and Federal Government agencies. Sounil has over 20 granted patents and was recognized as one of the most influential people in security in 2020 by Security Magazine, Influencer of the Year in 2021 by SC Awards, and a 2021 Top 10 CISO by Black Unicorn Awards. He has an MS in Electrical Engineering from Virginia Tech and a BS in Electrical Engineering and a BA in Economics from Duke University.
Robert is a long time cybersecurity expert. He’s a regular speaker at cybersecurity conference, and blogs at https://blog.erratasec.com (technical) and https://cybersect.substack.com (less technical). He’s been a long time innovator in the community. Twenty years ago, he created the BlackICE personal firewall and first intrusion prevention system (IPS). He demonstrated the “sidejacking” technique that forced major websites to switch completely to SSL. He developed the ‘masscan’ tool that can port scan the entire IPv4 Internet in under 5 minutes from a single machine (given sufficient bandwidth). He develops many tools at https://github.com/robertdavidgraham.
Rich Friedberg is the Chief Information Security Officer (CISO) at Live Oak Bank, a digital, cloud-based bank serving small business owners in all 50 states. Live Oak bank is the #1 SBA 7(a) lender by dollar volume. Prior to Live Oak, Rich led cyber security at Blackbaud, a cloud software and services provider for the social good community. Prior roles included CISO for the Credit Card division of Capital One, where he led strategic efforts to enable technology transformation and secure public cloud adoption. Rich also served as Deputy Director of the CERT® Coordination Center (CERT/CC), a Department of Defense R&D center operated by Carnegie Mellon University. During his tenure, Rich played a pivotal role in advancing national-level defense programs, supported several of the nation’s largest breaches, and worked to advance the Government’s capabilities to track nation state actors. Prior to CERT, Rich led teams at Fannie Mae across security engineering, operations, threat intelligence, electronic discovery, and incident response.
Rich holds a BS from Carnegie Mellon University, an MBA from George Washington University, and is an adjunct instructor at Carnegie Mellon’s executive CISO program. He lives in Charleston, SC with his wife, 2 kids, and 2 dogs.