Security Insights for Founders: Hiring Your First CISO with Joe Sullivan

In this episode of 'Never Too Early', host Lauren Ipsen speaks with Joe Sullivan, an esteemed internet security expert, about key considerations for founders hiring their first Chief Information Security Officer (CISO). Joe shares insights from his extensive career running security for Uber, Facebook, and Cloudflare. The discussion covers when to outsource vs. hire full-time, the importance of proactivity in security, and the qualities that separate good CISOs from great ones. Joe also addresses common misconceptions and the evolving landscape of cybersecurity, especially in light of recent regulatory changes and expectations. 

00:00 Introduction to Never Too Early

00:20 Meet Joe Sullivan: Internet Security Expert

00:56 Joe's Personal Interests: Snowboarding at 53

02:54 Question 1: When is the right time to bring in a CISO? Joe talks about how to index on the right kind of hire for your security organization.

07:18 Question 2: How do I know if I need a CISO or someone more in the weeds like a security analyst? Joe and Lauren also talk about when it makes sense to outsource your security advice versus when it is important to have someone on the job full time.

10:34 Question 3: What are some backgrounds that make for a good CISO? Lauren and Joe talk about the evolution of this role over the years and the different types of individuals that are best suited to play the part.

12:22 Question 4: What are the most challenging things about being a CISO? Lauren also asks about where trust and safety come into the equation.

14:08 Question 5: What separates a good CISO from a great CISO? Joe talks about early learnings in his career and ways to not always feel like the person bringing bad news to the team.

19:14 Conclusion and Final Thoughts

Want more of Never Too Early? Find us on Tiktok, @nevertooearly1  and subscribe to us wherever you get your podcasts.