Challenging the Status Quo in Cyber: Greg Sullivan’s Vision for Smarter AI and Secure Software

As part of the Dialectica Executive Community’s ongoing dialogue on cybersecurity and AI, Greg Sullivan—Founding Partner of CIOSO Global and former Sr. VP and Global CIO at Carnival Corporation and longtime cybersecurity advisor—shared timely insights on enterprise software risk, the role of AI in securing IT ecosystems, and how startup dynamics are shaping the future of cyber innovation. Now active as a board member and executive coach, Sullivan is focused on guiding business leaders through complex threat environments while pushing for deeper change in the industry.

Leadership Spotlight

From 24/7 CIO to Boardroom Coach

After decades in senior roles across global tech and cybersecurity, Sullivan has transitioned from operational leadership to advisory impact. Now supporting CISOs, CIOs, and their direct reports, he brings both strategic clarity and a firm stance on resilience:

“Cyber isn’t just IT anymore. The smartest business leaders now understand it’s the one risk that can take the whole company down. And they’re acting on it.”

This shift is changing the talent landscape. According to Sullivan, top cybersecurity leaders are walking away from firms that deprioritize resilience. “They want to win—and they’ll go where they’re given the resources to do it.”

A New Kind of Threat: AI and the Vulnerability Economy

AI is changing the attacker’s toolkit—and Sullivan warns it’s already tilting the battlefield. Threat actors use AI to find, exploit, and scale attacks faster than ever. But the bigger question, in his view, is what role AI could play on the defense side:

“How can we use AI to help eliminate vulnerabilities before they ship? I don’t want fewer vulnerabilities. I want near-zero. And I want it when I first buy the software—not six patches later.”

He challenges software vendors to rethink product development and use AI not just for customer support or detection but for proactive code integrity. He’s also floating an idea: give buyers the ability to use AI to scan products for vulnerabilities themselves.

Cyber Insights

Cybersecurity Spend Trends

Sullivan sees spending steadily rising, especially in firms where leadership treats cybersecurity as a business issue. Maturity matters: companies investing in cyber aren’t just buying tools—they’re aligning incentives, culture, and operational processes.

“You see it in how fast they patch, how they manage risk, how their boards talk about cyber. The laggards are still saying ‘We’ll get to it.’ And they’re the ones losing top talent and becoming targets.”

AI’s Dual Role: Security Amplifier and Attack Multiplier

The duality of AI in cybersecurity isn’t lost on Sullivan. He sees vendors rushing to embed AI in their offerings—but warns that real innovation is coming from elsewhere:

“The major players aren’t doing the R&D. They’re acquiring it. The real innovation is happening in startups.”

Sullivan cites the continued wave of cybersecurity startups, fueled by billions in VC, as a sign of both market demand and strategic fragmentation. He points to the role of influential CISOs in seeding early-stage companies with capital, credibility, and customer access.

Key Takeaways for Emerging Cyber Startups

Sullivan’s advice to rising vendors is clear:

• Nail distribution and early influence—product alone isn’t enough
• Get the right people behind you—smart investors open smart doors
• Build community with CISOs—those conversations shape categories

He’s optimistic about innovation but pragmatic about what still needs fixing.

“Cyber is the only industry where we pay to inherit risk—then pay again to patch it. AI has the potential to flip that model. But only if we use it differently.”

‍