10 Questions: Joe Sullivan, chief security officer, Facebook
Joe Sullivan doesn’t have a formal education in technology, but that hasn’t stopped him from rising to the challenge of being Facebook’s chief security officer. Before he joined the social network juggernaut in 2008, Sullivan’s career started in an unlikely place: law school.
After earning a bachelor’s degree in political science from Providence College, Sullivan left for the University of Miami—which had a good cyberlaw program—to earn his J.D. Sullivan eventually settled in the Bay Area during the dot-com boom in the late 1990s, working as a federal prosecutor at a time when the web was growing quickly. He began to specialize in more high-tech cases and his network of Silicon Valley connections grew, and he eventually jumped at the opportunity to work at eBay (EBAY), where he became the senior director of the trust and safety department.
At Facebook (FB), Sullivan is responsible for product security, investigating attacks on the company, and law enforcement relations. He also serves on the board of the National Action Alliance for Suicide Prevention. Sullivan, 45, spoke with Fortune.
1. Who in technology do you admire most? Why?
The truth is, the person I admire most is Mark [Zuckerberg] here at Facebook. My admiration is not from the fact that he invented Facebook; it has to do with what he has done since. I’ve been here since 2008, and I’ve seen him build an amazing company. To invent something is impressive, but to build a large company that can enable the mission, that’s the astonishing part. I just see how the people I work with are excited to come together to make great products that people will like.
2. Which companies do you admire? Why?
From where I sit here in Silicon Valley, the companies that I’ve grown to appreciate are the ones that are creating new opportunities for people. An example would be the companies that are getting attention for the sharing economy. eBay was really the first of those that helped people open up small businesses for commerce. Now, there are just so many new ones and they’re fascinating. I advise Airbnb on trust and safety issues. It’s a fun side project. There are so many issues that they’ve been facing, but they’re helping people at the same time. It will be fun to see where they go.
3. What advice would you give to someone who wants to do what you do?
I would tell them to just jump right in. That’s the amazing thing about technology and the Internet right now, especially Internet security. It’s not about where you went to school or what degree you got. It’s about your ability to solve problems and be creative.
A great example of that is at Facebook where we have something called the “bug bounty program.” We pay researchers who help us find security vulnerabilities on Facebook. All you need to be part of our program is a computer and Internet, and then you can start looking for vulnerabilities. As a result of our program, we’ve paid out over two million dollars to researchers all around the world in the last three years. We’ve hired three people from three different continents to be a part of our team here who we met through the program. It wasn’t about their academic background; it was about whether they could solve problems, identify risks, and help us. That’s one of the great things about the Internet. It makes opportunities available.
4. What is the best advice you ever received?
Make your own luck. You have to put yourself in a position where you can succeed, and you have to keep trying and putting yourself out there. If you don’t take an active stance, you’ll never be presented with the best opportunities.
5. What’s the next big project you want to tackle?
I’m really interested in initiatives that are going on right now about fixing the Internet. A good way to think about it is that there was recently a major security vulnerability called Heartbleed that drew everyone’s attention to this core piece of software for the Internet called OpenSSL. Software needs to be maintained and upgraded, and so, there are a number of pieces of the Internet that are core to the hundreds of companies and millions of people who rely on the Internet that nobody is accountable for. Something we’ve been thinking about is how to we work together to shore up that foundation of the Internet.
Recently the Linux Foundation created an effort to work on OpenSSL specifically, but a while back we worked with some other people to create an “Internet bug bounty,” which was our way of donating money to a pool that will be used to pay people to find vulnerabilities in Internet code that nobody owns, just like we do with Facebook. To me, the big question is how we mobilize more of that. How do we get more people looking closely at those parts of the Internet so that we can make sure the technology behind the Internet is strong and secure enough to keep it a trustworthy place. We don’t want a Heartbleed to happen every month. We want a stronger foundation.
6. What challenges are facing your business right now?
I think that the challenge and opportunity are the same thing, which is that the Internet has brought a pace of change that’s astonishing. The way people use technology is evolving really quickly. For example, the first iPhone only came out seven years ago. But recently when my oldest daughter started middle school, and we wanted her to have a phone, we decided to give her one of our iPhones that we thought wasn’t too old. It was a 3S, and she looked at it and said, “Dad, you can’t even take a selfie with this!” The first few generations of the iPhone didn’t even have a camera on the front. Now we just take for granted that every phone has a camera on both sides. So we have to build our products to work in this constantly evolving environment. It’s a challenge, but that’s what makes it fun and exciting.
7. If you could have done anything differently in your career, what would it have been?
I would have started playing with technology at an even younger age. I grew up in Cambridge in the shadow of MIT, and my younger brothers were able to take summer camp coding classes as elementary school students at MIT. In hindsight, I wish I’d done stuff like that. But the good news now for my kids is that when my kids were 5 years old, they started using Scratch, which is an application from MIT to teach kids how to code. With the Internet, they don’t need to be in Cambridge to get access to that tool.
8. What do you do for fun?
I play ice hockey. Honestly I’m not very good, but it’s something that I started playing a few years ago with a coworker. It worked out great in that I found a great group of people that I like to play hockey with. There are a limited number of hockey rinks, so the rink usually schedules our games at very late hours, 11:00 or midnight. That means my work team usually gets a lot of adrenaline-fueled emails at 2 a.m. when I get home. It’s hard to fall asleep after you’ve skated around the ice for a while and you’re pumped up. I’ve fought hard to keep it on my schedule despite my busy life.
9. What was the last book you read?
I’m reading something by Brandon Sanderson, a science fiction and fantasy author. There was this fantasy series by Robert Jordan, Wheel of Time. The crazy thing is that Robert Jordan wrote six books of a seven book series, and passed away before he could complete the series. His wife had to find another author to write the seventh book, and she found Brandon Sanderson. He wrote the seventh book, but it ended up taking until the ninth book. He also started his own major series of books, and his second book in the series just came out. I went back and re-read the first book, and now I’m almost done with the second book in The Stormlight Archive.
10. What is one unique or quirky habit that you have?
I used to think it was really unique that I loved to listen to music while working. When I was a kid, I was one of seven kids in not-the-biggest house. I always had headphones on when I was doing homework. Then I came to Facebook, and it’s a great work environment. The company provides us with headphones to let us listen to music while we work. What I thought was a unique habit is far from that here.
Previously in Fortune’s 10 Questions series:
Jeff Fluhr, co-founder and CEO, Spreecast
Vineet Jain, founder and CEO, Egnyte
Erin Decker, sustainability manager, Salesforce.com
Eric Shoup, EVP of Product, Ancestry.com
Tien Tzuo, founder and CEO, Zuora