Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

CSO

Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up

Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker

Jessica Lyons Sat 8 Jun 2024  //  14:40 UTC

Interview Joe Sullivan – the now-former Uber chief security officer who was found guilty of covering-up a theft of data from Uber in 2016 – remembers sitting down and thinking through the worst-case scenarios he faced following that guilty verdict in 2022.

Federal prosecutors wanted to jail Sullivan for 15 months for his role in the cover up, so at worst he was looking at time behind bars. "In my case, it meant I had to study the different prisons that I could ask the judge to be sentenced to," he told The Register in this must-watch interview you can replay below.

Last May, Sullivan got three years of probation plus 200 hours of community service in what is believed to be the first time a high-profile CSO has been charged, convicted, and punished in America regarding decisions taken in their job.

70% of CISOs worry their org is at risk of a material cyber attack

READ MORE

"Responsibility has to stop at the top," he said, regarding who generally should be held to account when security problems flare up. Sullivan also explained what CSOs and CISOs need to effectively do their jobs, and lessons learned from his experience. 

"I think it's really important that security leaders not look at the environment right now and throw up their hands and quit," he said. "We need them to be motivated and excited and running to work, not thinking about changing professions. Because these people are the people that are gonna keep us safe."

Watch the 23-minute interview above for all this and more. ®
Send us news
32 Comments

Big Tech's eventual response to my LLM-crasher bug report was dire

Fixes have been made, it appears, but disclosure or discussion is invisible

'One Less Car' Uber bets a grand you'll ditch your wheels

Taxi app wants to prove it itself is cheaper, greener than owning a motor

Three words to send a chill down your spine: Snowflake. Intrusion. Alert

And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical

China's APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox

Meet DodgeBox, son of StealthVector

Critical Windows licensing bugs – plus two others under attack – top Patch Tuesday

Citrix, SAP also deserve your attention – because miscreants are already thinking about Exploit Wednesday

Ransomware crews investing in custom data stealing malware

BlackByte, LockBit among the criminals using bespoke tools

China's APT40 gang is ready to attack vulns within hours or days of public release

Lax patching and vulnerable small biz kit make life easy for Beijing's secret-stealers

'Gay furry hackers' say they've disbanded after raiding Project 2025's Heritage Foundation

Ultra-conservative org funnily enough not ready to turn the other cheek

Privacy expert put away for 9 years after 'grotesque' cyberstalking campaign

Scumbag targeted many victims – and those who tried to help them

You had a year to patch this Veeam flaw – and now it's going to hurt some more

LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware

Eldorado ransomware-as-a-service gang targets Linux, Windows systems

US orgs bear the brunt of attacks by probably-Russian crew

Cloudflare debuts one-click nuke of web-scraping AI

Take that for ignoring robots.txt!