The Uber cybersecurity executive who was reportedly fired for his role in attempting to cover up a massive data breach last year is joining internet security start-up Cloudflare.
Joe Sullivan, who also previously worked at Facebook, wrote in a blog post on Wednesday that he's joining Cloudflare's security team. A spokesperson said in an email that he'll be filling the role of chief security officer and leading the group.
"I've had the good fortune to serve on some of the best Internet security teams in the world at eBay, Facebook, and Uber — and have still fallen short of reaching an ideal state of security," Sullivan wrote in the post.
Cloudflare's technology speeds up and protects websites from outside attacks. The venture-backed company joined the billion-dollar start-up club in 2012 and last year hired a new finance chief from Symantec to start readying an IPO. CEO Matthew Prince told Bloomberg at the time that he was aiming to take the company public by mid-2018.
Sullivan said he chose Cloudflare because the company matches his passion for "securing the whole internet," by providing free versions of its product for website operators and for other projects focused on privacy and connectivity.
Sullivan is best known for his security missteps in his role as Uber's chief security Officer, a position he held from mid-2015 until last November. He was fired after the disclosure of a breach that affected the data of more than 57 million riders and hackers. To cover up the breach, Sullivan reportedly spearheaded an operation that paid hackers $100,000 to delete the data.
In a later story, Sullivan disputed the claim that he was involved in a cover-up.
Dara Khosrowshahi, who took over as Uber CEO in August after the ouster of co-founder Travis Kalanick, said of the hack, "none of this should have happened."
In Wednesday's blog post, Sullivan likened cybersecurity to real-world security, comparing a prevention-first approach online to establishing safer streets and sidewalks.
"You have two rewarding but very different paths," he wrote, quoting a mentor. "You can prosecute one bad actor at a time, or you can try to build solutions that take away many bad actors' ability to do harm at all."
Sullivan said that "while each is rewarding in its own way, my best days are those where I get to see harm prevented — at internet scale."
The announcement comes at a pivotal time in the technology industry, as major tech companies grapple with the risks and responsibility of filtering content on their platforms and handling user data — and the fallout when data is mismanaged.
Sullivan left Facebook in early 2015, just before the Guardian first reported on Cambridge Analytica and its use of Facebook user data to assist Ted Cruz's campaign presidential effort. That story exploded into Facebook's data scandal two months ago as multiple outlets reported on Cambridge Analytica's extensive misuse of Facebook data during Donald Trump's campaign for president.
Sullivan said that his "next step professionally had to be towards a team that pushes security out, proactively, to as much of the internet as possible."
(Clarification: Updates to say that while Sullivan was reportedly involved in a cover-up of the hack, he later disputed that claim.)