Massive Stakes & Undersized Budgets: Roundtable on Life After the Joe Sullivan Conviction

Security Voices - A podcast by Security Voices

Categories:

The winds of change are always blowing in cybersecurity, but there’s moments when they reach a gale force, When the landscape is reshaped dramatically by an event that hits us like a hurricane, changing how we feel about our jobs, our industry, and perhaps even shaking our resolve to continue on in the same career path. When Joe Sullivan, former head of security for Uber, was found guilty of concealing a breach in early October the effect was immediate. No matter how you felt about Joe or the court case itself, the implications for security leaders— and especially those at public companies— were clear: you could now face criminal charges for mishandling a breach. Fines, jail and likely never be employed again in cybersecurity.This episode of Security Voices is a roundtable format with Jack, Dave and 3 security leaders: Justin Dolly, Myke Lyons and Bob Fish. All have a broad range of experiences and represent together a combined 70+ years in cybersecurity. Our focus throughout the ~80 minute conversation is not dissecting the Joe Sullivan case, but discussing the implications for security leaders. Will CISOs insist on having their own outside counsel in the future? How much insurance is now the right amount and type for a security leader? Does this alter our approach to social media, knowing that everything we say could have very serious implications?A clear picture of the unsettling impact of recent events emerges from the dialogue: the conviction of Joe Sullivan makes us feel less safe as security professionals. For an industry that is often accused of tribalism and secrecy, this event raises the stakes of how we communicate profoundly, threatening to drive important conversations even further into ephemeral messaging and private Slack rooms. In these quiet locations we can ask honest questions such as whether the modern CISO is simply being set up to fail given perennially undersized budgets, too small teams and the now outsized consequences of data breaches.