My stint at Uber was the shortest stop in my career but one of the most discussed. I am proud of the team I built and the work we did there in a little more than two years. We inherited a small handful of people and built a world-class safety, security, and risk organization that protected riders and drivers in cars, built cybersecurity controls, and dramatically reduced fraud and abuse. It is unfortunate that such a great team became known most for a new CEO and Chief Legal Officer re-branding a year-old security incident as something that should have been disclosed to regulators.
Throughout it all, my team and I operated with transparency and purpose, and we successfully protected our users’ data from loss. We coordinated everything with the CEO, legal department, and communications team. I may have lost the trial, but going through it made me a much stronger person and finally made the true facts public, and most importantly the Judge said on the record that our use of an NDA bug bounty agreement was not a cover-up.
I am forever grateful that the cybersecurity community rallied to support me during the proceeding, and I continue to appeal the case because the legal precedent it set is terrible for the future of good cybersecurity. I speak at conferences about my lessons learned in the case because I don’t want anyone else to have to go through what I experienced.
Throughout it all, my team and I operated with transparency and purpose, and we successfully protected our users’ data from loss. We coordinated everything with the CEO, legal department, and communications team. I may have lost the trial, but going through it made me a much stronger person and finally made the true facts public, and most importantly the Judge said on the record that our use of an NDA bug bounty agreement was not a cover-up.
I am forever grateful that the cybersecurity community rallied to support me during the proceeding, and I continue to appeal the case because the legal precedent it set is terrible for the future of good cybersecurity. I speak at conferences about my lessons learned in the case because I don’t want anyone else to have to go through what I experienced.
Hear from Aravind Swaminathan, Global Co-Chair of Cybersecurity & Data Privacy at Orrick and attorney for Joe Sullivan, on this case.