Topics
Latest
AI
Amazon
Image Credits:Courtesy of Joe Sullivan
Apps
Biotech & Health
Climate
Image Credits:Courtesy of Joe Sullivan
Cloud Computing
mercantilism
Crypto
Enterprise
EVs
Fintech
fund-raise
Gadgets
Gaming
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
surety
societal
Space
Startups
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
picture
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Sullivan tells TechCrunch he’s no longer bitter and instead wants to help fix the broken cybersecurity industry
Before joining Uber as master protection policeman in 2015 , Joe Sullivan served for two class as a Union prosecutor with the United States Department of Justice , where he specialized in computer hacking and IP issues . He worked on a turn of high - profile subject , fromthe first case in the U.S. of prosecutionunder the Digital Millennium Copyright Act to the prosecution of ahacker who breached NASA ’s Jet Propulsion Laboratory .
More than 20 years after joining the U.S. politics to facilitate governing body fight down against the so - called sorry guys , Sullivan found himself on the other side of the justice scheme .
In October 2022,a San Francisco jury found him guiltyon charges of hinder an prescribed proceeding and misprision of a felony ( a failure - to - report - wrongdoing offense ) . In May this year , Sullivan was sentencedto three years probation .
The caustic remark is not lost on Sullivan , who talk to TechCrunch in London this week prior to his keynote speech at the cybersecurity conference Black Hat Europe .
This case in point - setting case pertain toa breach of Uber ’s system of rules in 2016 , where hackers threaten to expose the data of 50 million Uber customers and drivers . The finding of fact centered primarily around Uber ’s decision not to report the breach to the Federal Trade Commission , as the company was mandated to account all break afteran earlier 2014 jade of its systemsexposed the figure and driver ’s licence Book of Numbers of 50,000 masses .
The case did n’t go as Sullivan , who was fired from Uber in 2017 , had carry .
“ We thought we were go to win the trial . We barely put on a defense because my lawyers were like , ‘ we do n’t need to . ’ I did n’t bear witness , so the jury never saw me . They just saw the anon. Uber administrator with a masquerade party on , ” Sullivan told TechCrunch during the interview on Wednesday .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
The first - of - its - sort finding of fact hit Sullivan hard ab initio . “ When I lost the trial last October , I was in a funk , I did n’t want to talk to anybody , and I did n’t cognize what would come about to my aliveness , ” he said . “ I just want to curl up in a ball . ”
Sullivan ’s case also caused anxiety among fellow CSOs and CISOs , a bit of whom write letters to the case ’s sentencing judge , William Orrick , praising Sullivan ’s action and vocalise their care that they too could confront legal penalties for simply doing their jobs .
“ Joe ’s case has had a huge impact on the cybersecurity community , ” one varsity letter , signed by more than 50 CISOs , read . “ It has been the subject of frequent executive team conversations and panel discussion at diligence seminars , and a important number one wood of endeavor to change policies and practices to err on the side of revelation , even when the effectual requirement to do so remains uncertain . ”
These fear have lasted long beyond Sullivan ’s article of faith . The former Uber CSO , who now work as CEO at a non-profit-making dedicated to providing humanitarian and technology aid to the people of Ukraine , severalise TechCrunch that he receives call every week from security professionals asking whether they should last out in the industry and whether they should take interviews for higher - ranking roles that amount with greater obligation — and bang-up risk .
“ What I tell the security administrator correctly now is that they should n’t function away from the chore — they should run towards it , ” Sullivan said , noting that the share anxiety among cybersecurity professionals , along with the fact that he wanted to be a “ better person , ” is part of the reason he wanted to start speaking out about the Uber data point severance case .
“ I realized that sharing what I ’ve gone through is better than not , and salubrious for me . It ’s exact me a yr to say that , but that ’s the correct way to be , ” Sullivan told TechCrunch . “ I was very bitter , but I desire to be a better person . I also want to continue being part of the security public , so I have to get over it . ”
Sullivan secernate TechCrunch that another reason he ’s bang-up to speak out is because of the fact that there have been “ 100 webinars , by 100 lawyers , saying that ‘ you wo n’t end up like Joe if you have insurance , if you bring legal and public relations into the room , or if you have a breach obligation insurance policy . ’ ”
When ask whether he think Uber ’s then - CEO should have been held responsible , Sullivan read : “ I do n’t think anybody did anything wrong at the terminal of the sidereal day . ”
“ Uber would n’t exist today — in fact , we would still be ingest taxicab — if it was n’t for [ Kalanick ] and his sheer forcefulness , ” Sullivan total . “ On the upside , he drive some alteration in the world . However , on the downside , his philosophical system was that the person who threw the first punch wins the fight . ”
Fixing a broken industry
In what Sullivan draw as “ the greatest irony of his career , ” part of his purpose at the Department of Justice involved him work nearly with organizations in Silicon Valley to boost more quislingism with the government . “ That ’s been the story of my vocation ; trying to get the public and private sector to work together . ”
Sullivan believes that going forrader , this public - secret sector collaboration , along with strong regulating , is the only mode to gear up the “ humiliated ” cybersecurity manufacture .
“ When I link up , [ Uber ] had the worst security system of any $ 40 billion party , and that ca n’t vanish in the cosmos any longer . If you ’re die to sell a product , your security has to be good enough the day you deal it , ” Sullivan said . “ I could be very sulfurous about the theme of government regulation since I was regulated , but I also think we need it for the net to work well in the future . ”
Sullivan praised the U.S. Security and Exchange Commission’sincoming datum infract disclosure rule , which come into force on December 15 , noting that while not double-dyed , it ’s much good than having zero guidance . “ We can nitpick the details as much as we want , but this is the correct elbow room to do it , ” he enunciate . “ I seem to be the someone who ’s criticizing the SEC less than everyone else because I remember we should praise them for adjudicate to make rules . ”
As for CSOs and CISOs , many of whom are still disquieted that they ’ll be held in person liable for security failings at their governing body , Sullivan conceive that now is the sentence to speak out so as to shape any next regulation .
“ We have to pull ourselves up , we have to study the policy side of it , and we have to read how to make our articulation heard , ” Sullivan tell TechCrunch . “ I call back we have to grow leaders who can be real societal leader who are experts in our profession . ”
Carly Page report from Black Hat Europe in London .
