Joe has a background in incident response, penetration testing, forensics, and security leadership as a CISO for a financial institution. One of the highlights of his career so far is managing a team of 12 penetration testers where they assessed many of the Fortune 500 and top financial institutions in the United States. He and his wife also operate AntiCrysys, which provides post breach crisis management. Joe also serves as a senior consultant for TrustedSec.
Joe’s passion for cybersecurity started back in the days of the .com boom. The Linux webserver they used was constantly getting compromised. Since security was not as much of a concern back then, there was no one assigned to manage the ensuing issues. Joe quickly learned incident response, which started him down the information security path, which he’s never left. Joe was drawn into, and stays with cybersecurity, because it's always interesting, constantly changing with something new to learn and share with others.
After starting his first SANS course, SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling with John Strand, it only took Joe 30 minutes to determine that’s what he wanted to do, too. John's enthusiasm, stories, and excitement really resonated with Joe and helped him realize that he too, has a lot of stories and experiences to share that could be helpful to others.
In 2019 Joe began teaching for the SANS Management Curriculum. He enjoys teaching these types of courses because he truly believes that in order to make things better, the industry must learn how to bridge the gap between the technical side and the executive side. What makes Joe unique as an instructor is that he combines a lot of past experiences and relates them to the material in ways one might not expect. This includes experience as an automotive technician, martial arts instructor, security analyst, private investigator, as well as a parent. The biggest challenges Joe sees his students face is learning to understand how to analyze the business goals and align security with those goals.
Joe is active in the Oklahoma City information security community as the chapter leader of the Oklahoma City Open Web Application Security Project (OWASP) and is a Cyber Patriot mentor, a GIAC Advisory Board member, and an InfraGard board member. Throughout his career, Joe has acquired numerous certifications including: GSTRT, GSLC, GPEN, GCIS, GCFE, CISSP, CNSSI 4012, CNSSI 4013, CNSSI 4014, NSTISSI 4011, NSTISSI 4015.
Outside of infosec, Joe enjoys running, kayaking, martial arts, weight lifting, and hiking.
ADDITIONAL CONTRIBUTIONS BY JOE SULLIVAN
Ransomware: Leadership Perspective, May 2021
Cyber42 Game Day: CISO For A Day, April 2021
Game Day! Cyber42: CISO For A Day, Jan 2021
Cyber42 Game Day: CISO For A Day, Oct 2020