The Joe Sullivan Case: Anomaly or Precedent? Part 2 – ESW #296
In this panel discussion, we'll discuss the polarizing case of Joe Sullivan that has rattled the CISO community. Was the Sullivan case a rare anomaly? Were his actions in this scenario typical or unconscionable for the average CISO? Is it okay for Sullivan to take the fall while the rest of Uber and involved parties plead out with little to no punishment?
We'll tackle all these questions and more with our excellent panel, comprised of: Sounil Yu, CISO and Head of Research at JupiterOne Brian Markham, CISO at EAB Rich Friedburg, CISO at Live Oak Bank Robert Graham, Owner at Errata Security
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guests
Sounil Yu is the CTO and Co-Founder of Knostic. He is the creator of the Cyber Defense Matrix and the DIE Triad. Previously, he was Bank of America’s Chief Security Scientist and the CISO at JupiterOne. He is a FAIR Institute Board Member and a GMU National Security Institute fellow.
Brian Markham is an executive, hacker, advisor, and mentor who is passionate about building security programs and teams. He’s worked in IT and security for over 20 years and is currently the CISO at EAB Global.
Robert is a long time cybersecurity expert. He’s a regular speaker at cybersecurity conference, and blogs at https://blog.erratasec.com (technical) and https://cybersect.substack.com (less technical). He’s been a long time innovator in the community. Twenty years ago, he created the BlackICE personal firewall and first intrusion prevention system (IPS). He demonstrated the “sidejacking” technique that forced major websites to switch completely to SSL. He developed the ‘masscan’ tool that can port scan the entire IPv4 Internet in under 5 minutes from a single machine (given sufficient bandwidth). He develops many tools at https://github.com/robertdavidgraham.
Rich Friedberg is the Chief Information Security Officer (CISO) at Live Oak Bank, a digital, cloud-based bank serving small business owners in all 50 states. Live Oak bank is the #1 SBA 7(a) lender by dollar volume. Prior to Live Oak, Rich led cyber security at Blackbaud, a cloud software and services provider for the social good community. Prior roles included CISO for the Credit Card division of Capital One, where he led strategic efforts to enable technology transformation and secure public cloud adoption. Rich also served as Deputy Director of the CERT® Coordination Center (CERT/CC), a Department of Defense R&D center operated by Carnegie Mellon University. During his tenure, Rich played a pivotal role in advancing national-level defense programs, supported several of the nation’s largest breaches, and worked to advance the Government’s capabilities to track nation state actors. Prior to CERT, Rich led teams at Fannie Mae across security engineering, operations, threat intelligence, electronic discovery, and incident response.
Rich holds a BS from Carnegie Mellon University, an MBA from George Washington University, and is an adjunct instructor at Carnegie Mellon’s executive CISO program. He lives in Charleston, SC with his wife, 2 kids, and 2 dogs.
Hosts
