Join Joe Sullivan, CEO of Joe Sullivan Security, as he discusses the headwinds that chief security officers face in an era of tricky regulations, how legal teams and security can work better together, learnings from his landmark criminal trial at Uber, providing essential services to the frontlines in Ukraine, and more.

‍

Key Insights

1. The Moment Everything Changed

In 2016, Uber was breached while already under FTC investigation. Sullivan made a decision to treat it as a bug bounty payout—a call that would later be viewed as concealment. “It wasn’t about hiding,” he explains. “It was about containing chaos and protecting users.” Years later, prosecutors saw it differently, convicting him of obstruction. The experience forced Joe to confront how risk, reputation, and responsibility collide when law, leadership, and crisis meet.

‍

2. Legal and Security Can’t Be Separate Worlds

Joe argues the Uber case showed how dangerous the “legal vs. security” divide can be. “The GC and the CISO need to be partners, not silos,” he says. He urges GCs to build joint incident response protocols and document every decision. “You can’t wait for a crisis to start having those conversations. You need trust and process before the breach.”

‍

3. Accountability Doesn’t Mean Isolation

After his conviction, Joe describes hitting his lowest point. What got him through was not corporate redemption—but human connection. He joined Ukraine Friends, helping deliver aid and laptops to children displaced by war. “When you feel bad about yourself,” he says, “help someone who’s in a worse place. It’s the fastest way to heal.” His message to leaders: service restores perspective faster than strategy.

‍

4. Resilience Is Built Before the Crisis

Joe now advises boards to test not just cybersecurity systems but communication channels. “If your GC and CISO can’t finish each other’s sentences, you’re not ready,” he says. He believes documentation, transparency, and tone set during peace times define how teams survive chaos. “The absence of problems doesn’t mean you’re safe—it might just mean you’ve been lucky.”

‍

5. Redefining Success and Redemption

Today, Joe views his experience as a lesson in leadership, not failure. “I made mistakes—but my intent was to do the right thing,” he says. His advice to legal and security teams: focus on intent, transparency, and people. “Our systems don’t need perfect leaders—they need human ones who keep learning.”

‍

6. Closing Insight

“You can survive losing your job. You can’t survive losing your integrity.”

For General Counsels, Joe Sullivan’s story is more than a cautionary tale—it’s a reminder that in the modern enterprise, trust is shared, not siloed. The GC–CISO partnership isn’t just operational; it’s existential.

‍