Patrick Sullivan
VP, CTO Security Strategy
Akamai Technologies
OCTOBER 2024
This is a September 2025 update to a previously published article.
Vice President and CTO of Security Strategy Patrick Sullivan of Akamai Technologies says the best part of his job is the opportunity to work with customers on complex cybersecurity challenges. His work enables him to “hear about new attacks and evolve architectures and businesses to stay ahead of that – probably the most fun is thinking about what's next for edge security,” he says.
These days “what’s next” for information security probably revolves around AI. “The AI trend is dominating literally everything we do,” Patrick notes. “So is the ‘API-ification’ of apps and decomposing apps and of microservices.”
He believes AI has come to the forefront as a focus area for security leaders this year in several ways. One of these is AI co-pilots and how they are “super powering developers,” as Patrick says. Another is AI applications that are “sitting behind an API and the unique attack surface there.” Finally, he believes CISOs are thinking about the future implications for customers interacting with an agent and how that might impact fraud protection.
AI is even having an impact on compliance – a topic that Patrick will be discussing with CISOs in the New York Community at their upcoming Inner Circle gathering. “AI is upending a lot of the traditional ways that we do things, so how does that impact compliance?” he asks. “We will look at whether you can leverage AI to assist you in some of the more mundane tasks associated with compliance and the compliance of AI throughout the supply chain.”
Whether we like it or not, everybody is infusing AI into everything that they do in your supply chain.
Keeping up with the Pace of Technological and Threat Evolution
A major theme that Patrick is hearing from CISOs and customers currently is the pressure to keep up with the rapid pace of change in both technology and cyber threats. “Cloud was a shift,” he notes. “But now, we see edge security and a lot of AI applications and AI threats, so everybody is kind of wrapping their heads around that.”
Patrick also highlights that the speed of development is accelerating. He shares that developers have enhanced tools that can push code more quickly, so “everything is happening fast,” and security strategies have to keep up with fast development cycles and API-based architectures.
As the development teams become “super powered” with AI co-pilots, Patrick shares that “the number of code commits increases very rapidly. Unfortunately, with AI developed code, or co-developed code, the functional success rate of that code is picking up significantly, but the security risk of code developed by LLMs is static.” He explains that CISOs could infer that security “may be taking a back seat” to the improved functionality.
In addition, CISOs are constantly challenged by the increasing speed at which attackers exploit vulnerabilities. “The time between a vulnerability being made public until you are seeing somebody knock on your door to test it continues to get faster and faster,” he explains.
There is less time for a grace period to protect yourself from any known threat.
Pushing Security Out to the Edge
Patrick believes that “pushing security out to the edge” is an area in which Akamai has been an innovator. He has had a front row seat to Akamai’s evolution since he started there in 2005. “I was early in focusing on the security capabilities of the Akamai platform,” he explains. “My focus was on how we can protect applications and infrastructure and DNS. I saw some attacks early in my time here, and I thought that our massively distributed reverse proxy architecture was uniquely positioned to stay in front of the trajectory of threats and where they were headed.”
Patrick's journey to his current role began with a background in electrical engineering and experience in the Department of Defense and in designing Tier one ISP networks. His long tenure at Akamai has allowed him to witness and contribute to significant changes in the realm of security.
I find it genuinely interesting to learn about the different challenges that our customers are facing and the different techniques that attackers are pursuing.
Patrick describes his leadership style as curious and collaborative and thinks that his curiosity has served him well in cybersecurity. His role in security strategy has enabled him to partner with Akamai customers on new initiatives and solutions. “We are fortunate to have a lot of clever architects among our customers, and we have co-invented a number of things over the years by listening to their challenges and going back and forth on ideas,” he explains.
Balancing Security with Business Agility
One area of opportunity that Patrick sees for CISOs is aligning security programs with business objectives, ensuring that security measures do not overly hinder the current rapid pace of development and innovation. “It’s a balancing act for security leaders to introduce enough security friction to stay within risk tolerance, while also not slowing down the development teams and pushing too far in the other direction,” he explains.
He stresses the importance of establishing guardrails that allow for the safe adoption of new technologies while maintaining an acceptable level of risk. A perfect example of this is AI adoption. “In general, it's probably not a great position to take as a CISO to flat out block AI,” he shares. “It's more about allowing the business to experiment and reap the dividends of AI – but at the same time, establishing guardrails.”
Patrick will be leading a discussion on AI and compliance, Accelerate Success — Transforming Compliance into a Catalyst for Efficiency, on October 1 with the New York CIO Community. To join the conversation, sign into the app to register for the community networking dinner. Or, if you haven’t yet joined a Gartner CISO Community, apply here to get together with your CISO peers at local programs throughout the year.
Special thanks to Patrick Sullivan and Akamai Technologies.
By CISOs, For CISOs®
Join the conversation with peers in your local CISO community.
