Joe Sullivan

Joe Sullivan has over 20 years of experience in information security. He is a senior consultant with TrustedSec and founder and principal security strategist of AntiCrysys. Over his career Joe has worked in incident response, penetration testing, systems administration, network architecture, forensics, and is a private investigator specializing in computer crime investigations. Joe teaches MGT514: Security Strategic Planning, Policy, and Leadership.

More About Joe


Joe has a background in incident response, penetration testing, forensics, and security leadership as a CISO for a financial institution. One of the highlights of his career so far is managing a team of 12 penetration testers where they assessed many of the Fortune 500 and top financial institutions in the United States. He and his wife also operate AntiCrysys, which provides post breach crisis management. Joe also serves as a senior consultant for TrustedSec.

Joe’s passion for cybersecurity started back in the days of the .com boom.  The Linux webserver they used was constantly getting compromised. Since security was not as much of a concern back then, there was no one assigned to manage the ensuing issues.  Joe quickly learned incident response, which started him down the information security path, which he’s never left.  Joe was drawn into, and stays with cybersecurity, because it's always interesting, constantly changing with something new to learn and share with others.

After starting his first SANS course, SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling with John Strand, it only took Joe 30 minutes to determine that’s what he wanted to do, too. John's enthusiasm, stories, and excitement really resonated with Joe and helped him realize that he too, has a lot of stories and experiences to share that could be helpful to others.

In 2019 Joe began teaching for the SANS Management Curriculum.  He enjoys teaching these types of courses because he truly believes that in order to make things better, the industry must learn how to bridge the gap between the technical side and the executive side. What makes Joe unique as an instructor is that he combines a lot of past experiences and relates them to the material in ways one might not expect. This includes experience as an automotive technician, martial arts instructor, security analyst, private investigator, as well as a parent.  The biggest challenges Joe sees his students face is learning to understand how to analyze the business goals and align security with those goals. 

Joe is active in the Oklahoma City information security community as the chapter leader of the Oklahoma City Open Web Application Security Project (OWASP) and is a Cyber Patriot mentor, a GIAC Advisory Board member, and an InfraGard board member.  Throughout his career, Joe has acquired numerous certifications including: GSTRT, GSLC, GPEN, GCIS, GCFE, CISSP, CNSSI 4012, CNSSI 4013, CNSSI 4014, NSTISSI 4011, NSTISSI 4015.

Outside of infosec, Joe enjoys running, kayaking, martial arts, weight lifting, and hiking.



Ransomware: Leadership Perspective, May 2021


Cyber42 Game Day: CISO For A Day, April 2021

Rekt Casino Hack Assessment Transformational Series – Pulling It All Together, Feb 2021

Rekt Casino Hack Assessment Transformational Series – Business Security Strategy, Policies, and Leadership Gone Wrong, Feb 2021

Game Day! Cyber42: CISO For A Day, Jan 2021

Cyber42 Game Day: CISO For A Day, Oct 2020


Someone to Watch Over You: A Review of CrowdStrike’s Flacon OverWatch, Nov 2019


CISO Dojo Podcast

1 to 1 Risk Controls – Private Investigator News

AntiCrysys Blog