Tim Brown, CISO of SolarWinds, on Sunburst

https://is1-ssl.mzstatic.com/image/thumb/Podcasts116/v4/68/1a/c3/681ac30c-0656-bc73-6b0a-9ddacd82675e/mza_1050242407832124273.jpg/600x600bb.jpg

CISOWise

11 episodes

5 days ago

We are asking CISOs and other cyber security leaders a simple question: What works and what doesn’t? A podcast of pragmatic advice from experienced CISOs and expert cybersecurity professionals of what works... and what doesn't. The cybersecurity field is old enough now that we have some experienced hands - especially those that have done the same thing more than once, at different companies. Now we are looking to share their insights and hard-fought lessons leading the cyber defense program to which they are entrusted. This is a podcast by CISOs for CISOs and aspiring CISOs.

Careers

Business

RSS

All content for CISOWise is the property of CISOWise and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Careers

Business

https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded_episode400/18616140/18616140-1668267670917-f966eb52fef6d.jpg

Tim Brown, CISO of SolarWinds, on Sunburst

CISOWise

21 minutes 55 seconds

2 years ago

Tim Brown, CISO of SolarWinds, on Sunburst

In this week's episode Dr. Crane talks to Tim Brown, the CISO of SolarWinds about the Sunburst malware intrusion, how it affected him and his company, the changes he made, and how Tim stayed on as CISO after the intrusion.

SolarWinds shot to national prominence due to the Sunburst malware intrusion, first discovered by FireEye in 2020.

This incident resulted in the first stand-up of a cyber unified coordination group, with the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Office of the Director of National Intelligence, to coordinate a whole of government response to this incident.

The Atlantic council said that Sunburst was a significant moment for cloud computing security and the attack raised concerns about the existing threat model that major cloud service providers use. Now imagine being the cybersecurity leader at the organization identified in this intrusion that affected thousands of customers.

That was the situation Tim found himself in, in late 2020. He joins me here today to share his experience and wisdom in dealing with one of the most significant cybersecurity incidents in recent memory.

In this episode:

00:00 — Highlight Clip

02:07 — Introductions

02:54 — Sunburst Incident Overview

05:55 — Difficulties Of Handling An Incident During The Holidays

07:05 — How Tim Stayed As CISO

09:06 — Pivoting From Internal To External Facing CISO

11:16 — Organization Reporting Obligations

12:58 — Finding Help For A Large Incident

14:16 — Reaching Out To National Defenders

15:56 — Cooperating With CISA For Messaging

16:47 — Lessons And Improvements Going Forward

18:58 — Validating A Digital Supply Chain

20:55 — Assume Breach Before And After

21:24 — Sign Off

Tim Brown:

Orange Matter — https://orangematter.solarwinds.com/author/tim-brown/

LinkedIn — https://www.linkedin.com/in/tim-brown-93639a1/

Links in this episode:

SolarWinds RSA Presentation — https://www.youtube.com/watch?v=7DHb1gzF5o4

Thanks To Our Sponsors:

Heinz College CISO Certificate — https://www.heinz.cmu.edu/programs/executive-education/chief-information-security-officer-certificate

CISOWise vCISO — https://www.cisowise.com/

Heinz College:

https://www.facebook.com/heinzcollege

https://www.linkedin.com/school/carnegie-mellon-university---h.-john-heinz-iii-college/

Carnegie Mellon:

https://www.linkedin.com/school/carnegie-mellon-university

https://www.facebook.com/carnegiemellonu

Follow CISOWise on all podcast apps.

Website — https://www.cisowise.com/podcast

Show Notes & Transcript — https://www.cisowise.com/podcast/001-tim-brown-on-sunburst