SolarWinds security chief on the risks and rewards of being a CISO therecord.media/solarwind…

s the chief information security officer of SolarWinds, Tim Brown had a front-row view of the company’s 2020 Sunburst incident — where the Russian Foreign Intelligence Service inserted malware into a version of SolarWinds’ Orion IT monitoring application.

The hack gave Russian operatives a foothold into high-value targets including several large companies as well as the Defense Department, Justice Department, Commerce Department, Treasury Department, the Department of Homeland Security, the State Department, the Department of Energy and more.

In the aftermath of the incident, Brown found himself at the center of a landmark decision by the Securities and Exchange Commission (SEC) to charge him and the company with fraud for their role in allegedly lying to investors by “overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks” from 2017 to 2021.