From Upside’s Head of Security: How to Spot Real Pinch Hitters for Your Security Team

The first tech security hire at Upside, Eileen Sullivan, is now growing her team. If only she could find more people who, like her, are deeply curious and fundamentally in love with business. Here she talks to us about the rare combination of personality traits and interests that really add up to a great security tech team member, and what kind of office philosophy fosters the best teams.  

Q.  You moved from being a program/project manager to being a technology director. What brought about this shift? What are the similarities or differences?

I’ve made the shift a few times. What’s driven me down that path is starting to get involved in other projects, other than the ones I was given—seeing needs in other areas and taking a broader role.

Q.  You’re hiring now for an application security position. What are you looking for?

At a lot of application security programs, you can have a defensive posture or a compliance posture. In fintech, banking, and healthcare, for instance, there are a lot of legal and compliance things you must be mindful of. Here in travel and hospitality, we don’t have as many compliance restrictions, other than looking out for PCI (payment card industry standard) and protecting personally identifiable information (PII). Beyond that, we need a threat model approach.

In application security, you can hire people who can scan and be defenders. But what we really want is people who can be on the offensive, like internal hackers. Because we’re a lean operation and we move on a dime in adding new product features, we want people we trust, obviously, but basically, we want them to hack against our platform.  

I’m looking for people with interest in travel and what goes into booking and transacting online. We want people who are inquisitive and have “evil powers,” but are using them for good. If you’re someone who wants to hack something and take it apart—that’s the appetite we’re looking for. Being hungry and curious.

Q.  Team building: how does it happen?

Knowing that the company supports ongoing training of the team is a priority. In cybersecurity, it’s important that my team can go to conferences. A lot of conferences in the security space offer a lot of information about the latest things happening in the environment, exposure to new things, and focused training sessions.

In fact, that was part of my interview process. I kind of asked that up front. “If I’m building a team, will you support them going to training?” Some companies can’t afford to, or don’t make it a priority to invest. Here, we support a lot of curiosity. We keep pushing people to learn, to challenge things. It’s was an important thing for me to cover in the interview, because you don’t want to run into resistance to training later on. I’ll continue championing it during my time here.

Eileen Sullivan at work at Upside.

Q.  What do you value most in a workplace and how much of it are you seeing where you are now?

One thing that I like here, which I haven’t seen elsewhere (some places are trying to make an agile work process, but it’s hard to do right) are that improvements here are being made as fast as we can make them happen. As a customer and an everyday person, I’ve always valued companies caring about the quality of what they’re offering. Hey, I used to study for fun what makes companies successful over the long haul. That’s the kind of thing I like to read about best. There was a book by the wife of the founder of Columbia Sportswear (One Tough Mother) that I read years ago and just ate up, along with learning too around that same time what made Costco the success it became in how they sourced goods to please their customer audience. It’s about what’s important to certain companies and brands that have stood the test of time. A lot of that is quality, and being responsive to the needs of the marketplace.

Part of why I joined Upside is that I had to travel a lot in my old job and it’s a burden if you’re doing it all the time. There were certain things you look for in your stay, certain conveniences, and I realized, “Oh, Upside is addressing this gap!” There’s such a ripe opportunity right now to serve the market. For me, it’s curiosity about the product that makes this a good fit for me.

We are tight knit and we move fast. Everyone can bring ideas to the forefront. Even if it’s an improvement to the way things work. How fast we’re getting hits at the top of the search, for instance. I value the collaboration and that it’s OK here to be curious and to be outside of your normal lane of operations and poke around.

Upside is exciting right now, if you want to be knee-deep. We’re posting different opportunities week to week, as we go. Of course, it’s also challenging at times and it requires a lot of energy and sustaining that can be hard, but for me, that’s what makes work fun.

Q.  When has your team contributed to some improvement made to the product recently?

We came together on some security on our guest checkout, keeping it convenient for our users. We found the problem last week and we made immediate changes that day. That’s an example of how we collaborate with a couple of different planning meetings and then come to an immediate solution, and then medium and longer-term solutions, too.

Q.  Any suggestions from you in the security team must have special weight, since security issues can be so costly.

It is true. I feel like it’s a delicate balance. Part of why I was brought here, or why we found each other, is that there are things you can be very heavy on in security, but then it impedes how easy your product is to use. So, there needs to be balance. My voice is a strong part of it, but it’s somewhat equal to product leadership and those in our Navigator operations leadership, which is our customer support, which has become a big part of our product.

Having joined in October, I’m getting an appetite for where you want to be strong. We have different sets of controls in a couple of places that won’t impact users’ experience. Our objective is that everyone comes here to plan their business travel service. You want to have that experience be easy. So, we’re very conscious of those metrics and what propels people through our site. If you have a protection that causes you to lose customers, that’s a problem.

And then… we asked Eileen about herself and her childhood and ironically then really got to know why she is such a perfect fit for startup cybersecurity…

Q.  Could you tell us a little more about yourself, your background?

I’m a middle child (my sister is a nurse, innovating in healthcare, doing research at the Cleveland Clinic, and my brother works in executive support for the Teamsters) and I was always kind of quiet and independent in general. From when I was a teenager, I wanted to get out and start working as soon as I could. I just kept going from there.

Education was really important to our parents, but other than that, we were left to our own devices. I always wanted to be employed and employable and keep learning and challenging myself. I’ve just always been interested in business in general.

In terms of security and what works, I find that there are different folks in the field—some that are very security driven and that’s what they know, but I’m passionate about both: the product and the business, too. I’m very passionate about small business. I like seeing things that you can bring and build customers to. I’m still fascinated by Burt’s Bees lip balm. That you can sell enough lip balm for people to have jobs and feed their families! The fundamentals are just interesting to me. I had a friend years ago and she called me and said, “Oh my gosh! I was talking to this guy about FedEx logistics and I was thinking, this is sooo boring, but Eileen would love it!”

Security is just a need. Academically I was a midlevel performer, but I’m a pinch hitter. For instance, I played trombone because they needed a trombone player and I knew how to read music. “Oh, I can pick that up and play. Oh, sure, I’ll also be in the jazz band.” I had a lot of fun. For me, where’s there a need, I try to fill out and support.

One of the other things important to me is that security doesn’t live on an island. I sit near our eCommerce team. It’s fun. I am within an earshot. I like to keep the security embedded with the rest of the business.


This interview was produced by the Women 2.0 Content Team on behalf of Upside. 


Content Team

Content Team

Sponsored content and exclusive industry insights from tech thought leaders.

Straight to your inbox.

The best content on the future faces of tech and startups.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.



Join the Angel Sessions

Develop strategic relationships, build skills, and increase your deal flow through our global angel group and investing course.