The Joe Sullivan Case: Anomaly or Precedent? Part 1 – ESW #296
In this panel discussion, we'll discuss the polarizing case of Joe Sullivan that has rattled the CISO community. Was the Sullivan case a rare anomaly? Were his actions in this scenario typical or unconscionable for the average CISO? Is it okay for Sullivan to take the fall while the rest of Uber and involved parties plead out with little to no punishment?
We'll tackle all these questions and more with our excellent panel, comprised of: Sounil Yu, CISO and Head of Research at JupiterOne Brian Markham, CISO at EAB Rich Friedburg, CISO at Live Oak Bank Robert Graham, Owner at Errata Security
Announcements
Security Weekly listeners, we need to hear your voices! Leave us your feedback on Apple podcasts & submit a screenshot to our giveaway form for a chance to win a $100 gift card from Hacker Warehouse! This giveaway will be open until the end of the year. We appreciate your honest feedback so we can continue to make great content for our audience! Visit securityweekly.com/giveaway to enter!
Guests
Sounil Yu is the CTO and Co-Founder of Knostic. He is the creator of the Cyber Defense Matrix and the DIE Triad. Previously, he was Bank of America’s Chief Security Scientist and the CISO at JupiterOne. He is a FAIR Institute Board Member and a GMU National Security Institute fellow.
Brian Markham is an executive, hacker, advisor, and mentor who is passionate about building security programs and teams. He’s worked in IT and security for over 20 years and is currently the CISO at EAB Global.
Robert is a long time cybersecurity expert. He’s a regular speaker at cybersecurity conference, and blogs at https://blog.erratasec.com (technical) and https://cybersect.substack.com (less technical). He’s been a long time innovator in the community. Twenty years ago, he created the BlackICE personal firewall and first intrusion prevention system (IPS). He demonstrated the “sidejacking” technique that forced major websites to switch completely to SSL. He developed the ‘masscan’ tool that can port scan the entire IPv4 Internet in under 5 minutes from a single machine (given sufficient bandwidth). He develops many tools at https://github.com/robertdavidgraham.
Rich Friedberg is the Chief Information Security Officer (CISO) at Live Oak Bank, a digital, cloud-based bank serving small business owners in all 50 states. Live Oak bank is the #1 SBA 7(a) lender by dollar volume. Prior to Live Oak, Rich led cyber security at Blackbaud, a cloud software and services provider for the social good community. Prior roles included CISO for the Credit Card division of Capital One, where he led strategic efforts to enable technology transformation and secure public cloud adoption. Rich also served as Deputy Director of the CERT® Coordination Center (CERT/CC), a Department of Defense R&D center operated by Carnegie Mellon University. During his tenure, Rich played a pivotal role in advancing national-level defense programs, supported several of the nation’s largest breaches, and worked to advance the Government’s capabilities to track nation state actors. Prior to CERT, Rich led teams at Fannie Mae across security engineering, operations, threat intelligence, electronic discovery, and incident response.
Rich holds a BS from Carnegie Mellon University, an MBA from George Washington University, and is an adjunct instructor at Carnegie Mellon’s executive CISO program. He lives in Charleston, SC with his wife, 2 kids, and 2 dogs.
Hosts
