Events , Leadership & Executive Communication , RSA Conference

CyberEdBoard Talks: Balancing Security and Compliance

Expert Panel Unpacks Evolving CISO Responsibilities in Today's Regulatory Setting
Joe Sullivan, CEO of Ukraine Friends and former CSO at Uber, and Aravind Swaminathan, global co-chair cybersecurity and data privacy, Orrick, Herrington & Sutcliffe - CyberEdBoard members

CISOs face increasing legal and compliance responsibilities amid growing cybersecurity challenges. In this supercharged regulatory environment, security leaders need to ensure fundamental security processes and constant communication with stakeholders, said Joe Sullivan, former CSO with Uber and CEO of Ukraine Friends, and Aravind Swaminathan, partner and global co-chair cybersecurity and data privacy partner with Orrick, Herrington & Sutcliffe.

See Also: Live Webinar | Old-School Awareness Training Does Not Hack It Anymore

"There are lots of conversations about what's happening over at SolarWinds and the SEC and what happened in my case, and what do those situations mean for everybody else. It's like a tale of two completely different situations - exciting and scary at the same time," said Sullivan, referring to his own 2023 sentencing for covering up a data breach at Uber (see: Jury Finds Former Uber CSO Joe Sullivan Guilty of Cover-Up).

"Security, simply put, is hard. Cybersecurity is constantly evolving. The threats are constantly evolving. The technology we're trying to secure is constantly evolving," he said.

Swaminathan emphasized the need to put fundamental processes in place and engaged in constant communication with stakeholders. "You have to understand what your process is, what you're going to do in the event of a crisis, and how you're going to pull the team together and work with them. If you start from those foundational principles, more often than not, you're going to be fine," he said.

In this video interview with Information Security Media Group as part of the CyberEdBoard's ongoing CyberEdBoard Talks series, recorded at RSA Conference 2024, Sullivan and Swaminathan also discussed:

  • The impact of the evolving regulatory landscape;
  • Balancing security responsibility with legal compliance;
  • Community collaboration among CISOs;

Sullivan is a lawyer and former federal prosecutor with the U.S. Department of Justice. He has 20 years of experience in executive roles and served as a CSO at Facebook, Uber and Cloudflare and as an associate general counsel at PayPal. Sullivan co-founded the Computer Hacking and Intellectual Property Unit at the Department of Justice. He is a CyberEdBoard member.

As a strategic cybersecurity adviser, Swaminathan advises clients on cybersecurity strategy to plan for crises, improve resiliency, protect their business, and defend against litigation and enforcement. He has directed more than 150 cybersecurity and data breach investigations, including those with national security implications. He is a CyberEdBoard member.


CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community - CyberEdBoard.io.

Apply for membership


About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.