Joe Sullivan

Joe Sullivan has over 20 years of experience in information security. Joe is Principal Consultant at Rural Sourcing in Oklahoma City where he manages and develops the security consulting services and the teams that provide them. Over his career Joe has worked in incident response, penetration testing, systems administration, network architecture, forensics, and is a private investigator specializing in computer crime investigations. Joe teaches MGT514: Security Strategic Planning, Policy, and Leadership.

More About Joe


Joe has a background in the banking industry as a CISO and currently manages a team of 12 security analysts.  One of the highlights of his career so far was managing an information security program for nearly 10 years with less than 4 incidents over that time frame. He and his wife also operate Crossroads Information Security, which provides Service Now consulting, Virtual CISO, and defensive network security consulting.   

Joe’s passion for cybersecurity started back in the days of the .com boom.  The Linux webserver they used was constantly getting compromised. Since security was not as much of a concern back then, there was no one assigned to manage the ensuing issues.  Joe quickly learned incident response, which started him down the information security path, which he’s never left.  Joe was drawn into, and stays with cybersecurity, because it's always interesting, constantly changing with something new to learn and share with others.

After starting his first SANS course, SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling with John Strand, it only took Joe 30 minutes to determine that’s what he wanted to do, too. John's enthusiasm, stories, and excitement really resonated with Joe and helped him realize that he too, has a lot of stories and experiences to share that could be helpful to others.

In 2019 Joe began teaching for the SANS Management Curriculum.  He enjoys teaching these types of courses because he truly believes that in order to make things better, the industry must learn how to bridge the gap between the technical side and the executive side. What makes Joe unique as an instructor is that he combines a lot of past experiences and relates them to the material in ways one might not expect. This includes experience as an automotive technician, martial arts instructor, security analyst, private investigator, as well as a parent.  The biggest challenges Joe sees his students face is learning to understand how to analyze the business goals and align security with those goals. 

Joe is active in the Oklahoma City information security community as the chapter leader of the Oklahoma City Open Web Application Security Project (OWASP) and is a Cyber Patriot mentor, a GIAC Advisory Board member, and an InfraGard board member.  Throughout his career, Joe has acquired numerous certifications including: GSTRT, GSLC, GPEN, GCIS, GCFE, CISSP, CNSSI 4012, CNSSI 4013, CNSSI 4014, NSTISSI 4011, NSTISSI 4015.

Outside of infosec, Joe enjoys running, kayaking, martial arts, weight lifting, and hiking.



Ransomware: Leadership Perspective, May 2021


Cyber42 Game Day: CISO For A Day, April 2021

Rekt Casino Hack Assessment Transformational Series – Pulling It All Together, Feb 2021

Rekt Casino Hack Assessment Transformational Series – Business Security Strategy, Policies, and Leadership Gone Wrong, Feb 2021

Game Day! Cyber42: CISO For A Day, Jan 2021

Cyber42 Game Day: CISO For A Day, Oct 2020


Someone to Watch Over You: A Review of CrowdStrike’s Flacon OverWatch, Nov 2019


CISO Dojo Podcast

1 to 1 Risk Controls – Private Investigator News

Crossroads InfoSec Blog