Patrick Sullivan
VP, CTO Security Strategy
Akamai Technologies
OCTOBER 2024
Vice President and CTO of Security Strategy Patrick Sullivan of Akamai Technologies says the best part of his job is the opportunity to work with customers on complex cybersecurity challenges. His work enables him to “hear about new attacks and evolve architectures and businesses to stay ahead of that – probably the most fun is thinking about what's next for edge security,” he says.
Patrick believes that “pushing security out to the edge” is an area in which Akamai has been an innovator. He has had a front row seat to Akamai’s evolution since he started there in 2005. “I was early in focusing on the security capabilities of the Akamai platform,” he explains. “My focus was on how we can protect applications and infrastructure and DNS. I saw some attacks early in my time here, and I thought that our massively distributed reverse proxy architecture was uniquely positioned to stay in front of the trajectory of threats and where they were headed.”
Patrick's journey to his current role began with a background in electrical engineering and experience in the Department of Defense and in designing Tier one ISP networks. His long tenure at Akamai has allowed him to witness and contribute to significant changes in the realm of security.
I find it genuinely interesting to learn about the different challenges that our customers are facing and the different techniques that attackers are pursuing.”
Patrick describes his leadership style as curious and collaborative and thinks that his curiosity has served him well in cybersecurity. His role in security strategy has enabled him to partner with Akamai customers on new initiatives and solutions. “We are fortunate to have a lot of clever architects among our customers, and we have co-invented a number of things over the years by listening to their challenges and going back and forth on ideas,” he explains.
Keeping up with the Pace of Technological and Threat Evolution
A major theme that Patrick is hearing from CISOs and customers currently is the pressure to keep up with the rapid pace of change in both technology and cyber threats. “Cloud was a shift,” he notes. “But now, we see edge security and a lot of AI applications and AI threats, so everybody is kind of wrapping their heads around that.”
Patrick also highlights that the speed of development is accelerating. He shares that developers have enhanced tools that can push code more quickly, so “everything is happening fast,” and security strategies have to keep up with fast development cycles and API-based architectures.
In addition, CISOs are constantly challenged by the increasing speed at which attackers exploit vulnerabilities. “The time between a vulnerability being made public until you are seeing somebody knock on your door to test it continues to get faster and faster,” he explains.
There is less time for a grace period to protect yourself from any known threat.”
Balancing Security with Business Agility
One area of opportunity that Patrick sees for CISOs is aligning security programs with business objectives, ensuring that security measures do not overly hinder the current rapid pace of development and innovation. “It’s a balancing act for security leaders to introduce enough security friction to stay within risk tolerance, while also not slowing down the development teams and pushing too far in the other direction,” he explains.
He stresses the importance of establishing guardrails that allow for the safe adoption of new technologies while maintaining an acceptable level of risk. A perfect example of this is AI adoption. “In general, it's probably not a great position to take as a CISO to flat out block AI,” he shares. “It's more about allowing the business to experiment and reap the dividends of AI – but at the same time, establishing guardrails.”
On the topic of AI implementation, Patrick says that “step one is to understand the risk that you're taking and quantify it... and then, calibrate that to the risk tolerance of the business.” He adds, “It seems that many organizations are willing to accept a bit more risk on AI right now than they would with a more mature technology because it's new and they don't want to get in the way, but everybody's risk appetite is going to be a little bit different.”
Security and business alignment – or maintaining “that sweet spot of keeping pace with the business,” as Patrick says – will be the focus of an upcoming Evanta Inner Circle dinner and discussion for CISOs in Boston. Patrick will be leading a discussion on “Security That IT Loves — Building Synergy Between CISOs, IT, and Business” on October 21, at the Akamai Headquarters in Cambridge, MA.
To kick off the evening for members of the Boston CISO Community, the Akamai team will lead a tour of the NOCC (Network Operations Command Center) at their global headquarters. Patrick describes the security centers as “the public face for our customers of all of the visibility into attacks, visibility into Internet health, and visibility into the health of major streaming events that we have.”
To join the conversation on establishing proactive and collaborative security strategies that align with business objectives, sign into MyEvanta and register for the dinner. Or, if you haven’t yet joined an Evanta CISO Community, you may apply here to get together with your CISO peers at local programs throughout the year.
Special thanks to Patrick Sullivan and Akamai Technologies.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.