BlackHat Europe 2023 | Keynote Speech

Joe Sullivan reflects on the widely debated Uber security case that led to his felony convictions and sparked significant discussion within the cybersecurity community. Drawing from his experience, he shares key lessons for security professionals and leaders on navigating high-pressure security incidents and avoiding similar challenges. He also discusses the need for stronger collaboration between the private sector and government to address modern cybersecurity threats more effectively.

Transcript

In a case closely watched and debated by security professionals globally, Joe Sullivan was convicted of two felonies related to a security incident at Uber that the company later labeled a “coverup” when it fired him. The decision reverberated throughout the cybersecurity community, raising broader questions about how security incidents are handled and how responsibility is assigned in high-stakes breaches. The judge ultimately rejected claims by prosecutors and Uber that the use of an NDA during the investigation constituted a coverup, sentencing Sullivan to probation.

Today, Sullivan mentors security leaders and consults on security best practices, in addition to serving as volunteer CEO of the nonprofit humanitarian relief organization Ukraine Friends. In this candid conversation, he shares lessons from his case that he hopes every security professional can learn from, so teams and organizations can avoid similar situations. He also discusses the need for stronger collaboration between the private sector and government, along with insights into the pressures security executives face in an era of relentless breaches, ransomware, and automated attacks.