Tim Brown, CISO at SolarWinds, shares why the CISO role—despite its pressures—is more important and rewarding than ever, offering a candid look at leadership, liability, and resilience in today’s cybersecurity environment. From personal lessons learned to critical conversations on stress, insider threats, and supply chain security, this episode brings clarity to what it truly means to lead in security.
In this Chats on the Road to RSAC 2025, , Sean Martin and Marco Ciappelli connect with Tim Brown, Chief Information Security Officer at SolarWinds, to unpack the critical issues facing CISOs today—and why the role remains worth pursuing.
Brown is participating in multiple sessions at RSAC Conference 2025, including the CISO Bootcamp and Cyber Leaders Forum. Both are closed-door conversations designed to surface real concerns in a confidential, supportive setting. These aren’t theoretical discussions—they’re rooted in hard-earned experience. Brown, who has faced high-profile scrutiny and legal fallout from a past incident at SolarWinds, brings a uniquely personal perspective to these sessions.
He points out that fear and hesitation are keeping many deputy CISOs from stepping up into the top role. His message to them: don’t be afraid of the position. Despite the weight of responsibility, the role offers real influence, the ability to shape enterprise architecture, and the opportunity to drive meaningful business decisions. Brown emphasizes the importance of community support and collective growth, noting that the cybersecurity industry—still relatively young—is maturing and finding its footing when it comes to accountability and resilience.
Beyond leadership development, mental health and stress management are key themes in the Cyber Leaders Forum. Brown acknowledges the toll the job can take, even sharing that his own health suffered despite thinking he was managing stress well. This honest reflection opens the door for deeper conversations about personal well-being in high-pressure roles.
He’s also appearing at the Cloud Security Alliance Summit with Chris Hoff, Chief Security Officer at LastPass, where they’ll discuss incident response and field questions from the audience. On Wednesday, Brown joins a breakfast session with Tactic and Hyperwise, guiding attendees through a crisis simulation based on lessons from the Sunburst attack. His focus? Helping others avoid being unprepared in a moment of chaos.
From insider threat modeling to supply chain transparency and the challenges of monitoring runtime behavior, Brown is clear-eyed about where CISOs need to focus next.
This episode isn’t just a preview of conference sessions—it’s a call to future security leaders to lean in, not back.
___________
Guest:
Tim Brown, CISO, Solarwinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com
Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com
___________
Episode Sponsors
ThreatLocker: https://itspm.ag/threatlocker-r974
Akamai: https://itspm.ag/akamailbwc
BlackCloak: https://itspm.ag/itspbcweb
SandboxAQ: https://itspm.ag/sandboxaq-j2en
Archer: https://itspm.ag/rsaarchweb
Dropzone AI: https://itspm.ag/dropzoneai-641
ISACA: https://itspm.ag/isaca-96808
ObjectFirst: https://itspm.ag/object-first-2gjl
Edera: https://itspm.ag/edera-434868
___________
Resources
RSAC Session: CLF Ask Me Anything Session with Tim Brown, CISO, SolarWinds: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739404173721001x1MH
RSAC Session: CISO Boot Camp Exclusive Fireside Chat with Tim Brown, CISO, SolarWinds: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739403254724001isXh
CSA Summit at RSAC 2025: Fireside Chat with Tim Brown and Chris Hoff: https://www.csasummitrsac.com/event/5b3547c2-c652-4f77-97de-5b094e746626/agenda?session=1452408b-c822-4664-87b8-38ce1276247b
Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
___________
KEYWORDS
tim brown, sean martin, marco ciappelli, solarwinds, rsac 2025, ciso, cybersecurity, leadership, liability, stress, mental health, insider, resilience, incident, response, supply, chain, simulation, cloud, security, event coverage, on location, conference
[00:00:00] Sean Martin: Marco
[00:00:01] Marco Ciappelli: Sean.
[00:00:02] Sean Martin: room. Room,
[00:00:03] Marco Ciappelli: Room. Room
[00:00:04] Sean Martin: yes.
[00:00:05] Marco Ciappelli: where we go over along the coast or through the valley.
[00:00:10] Sean Martin: know,
[00:00:11] Tim Brown: Are you guys driving again?
[00:00:12] Marco Ciappelli: We are, we're
[00:00:14] Tim Brown: All.
[00:00:14] Marco Ciappelli: on the road. Yeah. After a few years.
[00:00:18] Sean Martin: I'll be arriving from LA this year,
[00:00:19] Marco Ciappelli: Yeah.
[00:00:20] Sean Martin: and so we figured, uh, we'll, we'll take the journey up.
[00:00:23] Marco Ciappelli: there will be some surprise like stopping somewhere in the
[00:00:27] Sean Martin: For us too.
[00:00:28] Marco Ciappelli: The middle of nowhere, probably considering the route we're gonna do, but, uh, no, it's gonna be fun. Back, uh, back to the origin,
[00:00:35] Sean Martin: I'm picturing, uh, Harris ranches on the, on the stoppage points, but, uh, have a, have a good sniff of some cows.
[00:00:42] Marco Ciappelli: Uh, pass on that one.
[00:00:46] Sean Martin: But, uh, no, the journey up to see our good friends, including one who's here on with us. Mr. Tim Brown. Tim, how are you? It's good to see you.
[00:00:59] Tim Brown: Good. See you too.[00:01:00]
[00:01:00] Sean Martin: It's, it's been a while. It's been a while. And, uh, I'm excited to, uh, catch you in person. You, you have a busy week in San
[00:01:08] Tim Brown: I do, yeah, a lot of good sessions. Um, should be a good RSA, I'm looking forward to it.
[00:01:13] Sean Martin: Yeah, there's, there's a lot of energy this year. Um, I don't know what it is. People, people just seem to be excited to get back together with each other and have some good conversations and, and be the one community that, that we all know supports each other.
Maybe that's it. Um, and a lot of, lot of good sessions this year. I know. Let, let's start with the, you have two sessions. Uh, on the main RSA agenda, um, can you tell us a little bit about those two to kick things off?
[00:01:45] Tim Brown: absolutely. So similar, similar format on both of them. So one is the CISO Bootcamp. Um, so that's those aspiring to be ciso. Um, and we're just gonna do an ask me anything. So, um, [00:02:00] you know, solo went for eight years, went through a major incident. Lots of people have questions around, you know, that, um, lots of people have questions around kind of what all of all the, you know, SEC stuff that went on our kind of the process flow around, that type of thing.
Um, so, you know, people have questioned though, I love open forum. Um, these will be closed door, um, Chatham House rules, um, so we can really be pretty open on answers on things. Um, so look forward to, to, to, for the bootcamp one, um, as well as the Cyber Leaders Forum.
[00:02:39] Sean Martin: Can I ask you one on the boot, just outta curiosity? So sadly I can be in there. Press is not
[00:02:46] Tim Brown: you're not invited, sorry.
[00:02:51] Sean Martin: Do you expect most of the conversation to be around the incident, or do you think there'll be broader, more, not necessarily more strategic, [00:03:00] but broader, also strategic and may perhaps even down into some tactical things, pro programmatic things.
[00:03:06] Tim Brown: Yeah, I think some of them will be, you know, one of the things that we've seen, which is sad is. Uh, because of the stuff that's going on with me, people are hesitant to take that jump into the CSO role.
[00:03:19] Sean Martin: Hmm.
[00:03:20] Tim Brown: Uh, we see a lot of deputies that are really don't want to take on the CSO role. So, you know, I think one of the things that I'm trying to be as an ambassador too, grow right?
And the job is still a great job. It's a great role to have. It gives you, um, a lot of, um. A lot of, not just importance, but a lot of decisions that you're driving the company towards the right direction. You know, a lot of, um, capability to set the design, set the goal, set the architecture. All of those things happen when you're the ciso, when you're the deputy, you're following somebody else.
So [00:04:00] it's really a great progression for people and we'll get liability under control. So that will happen. And
[00:04:09] Sean Martin: You, you and Joe Oliver are on, on the same, same mission on that front.
[00:04:13] Tim Brown: absolutely. You know, Joe had didn't have support. I had great support. So that's our con contrast, but we're both in full agreement that yeah, it's a really important and great role that we need to encourage people to get into.
So that's one of my big messages for the bootcamp.
[00:04:30] Marco Ciappelli: I think, I think, you know, from a, at a human level and for the industry and for the community, this is extremely important. I mean, uh, I mean of, I'm sure it wasn't an easy moment, it wasn't an easy moment for, for Joe, for you or for anybody to find himself. But, but it's also if the community comes together and there is understanding, there is growth.
And, and maybe, maybe that's my question for you. I mean, is I, I don't think people understand. People may be afraid to ask that [00:05:00] question, but maybe they shouldn't, as you said, because what, I mean, what happened after that?
[00:05:07] Tim Brown: Yeah, I mean, growth is important. And just remember, our industry's only 30 years old. We're we're little children, right? We're, you know, accounting industry, hundreds of years, thousands of years old. Um, so we are maturing. So, you know, as we mature, we have to put controls in place. We have to put rules in place, we have to put safeguards in place.
We have to, you know, figure out what responsibility we, we have as CISOs, what responsibility we don't have as CISOs. So. It's just a natural maturing model that we're going through. So that's the way that I look at it. And one that we'll get through, no question. Um, and as we get through it, you know, we all get better and stronger.
Um, you know, we take less time thinking about it, more time, you know, practicing and, you [00:06:00] know, operating in a way that we need to.
[00:06:02] Sean Martin: Yeah. Yeah. Good guardrails. In practice, we can make decisions based on experience and not have to figure out if our gut's telling us the right thing. So the, the other session very, very similar. I. Think in terms of, of format, different group. So one we were just talking about is the CISO Bootcamp, the other one's Cyber Leader Forum.
So d different, different roles in there. What? What's that
[00:06:27] Tim Brown: Yeah, absolutely. Invited forum. So it's invited folks that have been in the industry, CISO as directors, um, you know, um, deputies, those types of things. Um, so more mature, um, kind of audience. Uh, those who've been playing the role. I. Um, yeah, in the last few years I've met many, uh, haven't met everybody yet, so it's always good to, um, go and talk to folks.
Um, so, you know, the questions there, they will range from different things. Um, you know, uh, we're focusing a lot [00:07:00] on mental health and stress and how you manage stress, so that's one that comes up often. Um, you know, the, I'm not a great. Poster child for that one. Um, you know, I thought I managed stress well, had a heart attack, so I guess I wasn't managing it as well as I thought.
Um, but there's still just the realization of that, right? So we're all trying to develop our own methods to be able to. Manage through things so important to be doing that. Um, they'll talk about, you know, liability, what controls we have, you know, where we might be headed. Um, big questions on whether we need personal insurance as a CISO or not.
Um, so I expect that conversation will go in that direction.
[00:07:47] Sean Martin: Yeah, makes, makes sense. And for those two, so invitation only is that people are already invited if they, if they're to be included or somebody can, can [00:08:00] make a request to be, or, or third
[00:08:02] Tim Brown: Yeah, they,
[00:08:02] Sean Martin: to say, please include this person.
[00:08:05] Tim Brown: yeah, they can, but there's, uh, there is a waiting list I heard the other day. So, um, so you can get on the waiting list, um, for, you know, the session. Uh, but should be exciting, um, should be kind of a full day or full series of, um, series of presentations under that banner of CSO Bootcamp and CLF.
[00:08:27] Sean Martin: Yeah.
[00:08:27] Marco Ciappelli: And here again is, you know, the value of the community, the sharing, the not hiding things under, you know, in the closet or under the carpet. And just pretend never happened. And not only in term of breaches and the risk of the jobs, but also I. The personal aspect of this, and, and if I, I think Sean can definitely agree with me and I, the, the industry definitely change.
The community has changed. We, we jump on those kind of, either if they're closed door conversation or more [00:09:00] open psychological. Uh, you know, a mental health conversation. People, they, they, they get booked. I mean, you, you just can't get in unless you jumped on it. So that means a lot. I think, again, for the maturity of the community.
[00:09:13] Tim Brown: It does. It does. And you know, I think we're just trying to get our guardrails set. Um, and I think the industry as a whole is growing and, you know, the, um, we'll get there now, no question. Uh, you know, in the last four years, or last two years since, you know, since I've been charged, the, you know, the position's been elevated to different position, right?
I think people have, you know, CISOs are gonna listen to more. Ex, um, their expectations of a CISO are more. Um, so I think those are good things. Um, so, uh, it'll be good to, you know, good to meet folk. Good to talk to it. Yeah. In certain forums. I do do open sessions as well. So, um, you know, the other one is an open session, the [00:10:00] Cloud Security Alliance.
Uh, that's on Monday.
[00:10:03] Marco Ciappelli: tell us about that too.
[00:10:04] Sean Martin: Yeah, it's a summit. Yeah.
[00:10:05] Tim Brown: Yeah, so that's Cloud Security Alliance Summit. They usually do it on Monday. So this one's on Monday. Um, you know, myself and, uh, Chris Hoff, who's the CSO for LastPass, um, goes by Hoff. So Hoff and I will close the session, uh, the last, uh, last session of the day. I think it's like three 30.
Um, and, you know, we'll spend probably like, you know, 20 minutes, half hour at most talking about kind of what an incident is, and then take question. That one is open, that one is recorded. That one, you know, will be there for people to listen to. Um, or if they can get in, um, they'll, you know, please feel free to, you know, come visit.
[00:10:49] Sean Martin: Yeah, I can, I can say that, uh, the CSA summit is always a hit, uh, at RSA and I've been been to others as well. I. And, uh, Jim does a [00:11:00] great job pulling everybody, everybody together, and I'm excited to see you and you and Hoff on the same stage at the same time. That's
[00:11:06] Tim Brown: Yeah. Yeah, it should be fun. Should be fun. Um, always conversation.
[00:11:11] Sean Martin: yeah, absolutely. So that's on Monday. So you get, you have, let's see, Monday and Wednesday, Monday, Tuesday, Wednesday, three different sessions. So you have a little time in between, uh, your presentation and, and, and, uh, chats. What else are you doing?
[00:11:28] Tim Brown: Couple other things. So I've got a, on Wednesday morning, um, a crisis simulation. So we're gonna run through an incident, uh, simulate a crisis. Yeah. One of the, um, companies, I'm on the advisory board for tactic. Um, them and hyper. Hyper wise. Yeah, hyper wise. Uh, Wednesday AM around seven 30, they're doing a breakfast session.
Um, and in that we're gonna, yeah, really walk through a crisis. We're gonna walk through a table talk, we're gonna walk through, you know, [00:12:00] um, what. Crisis looks like and what you should do and the, the, the flow you should use. You know, one of the things that I discovered going through the sunburst incident was, you know, we're making decisions at the most, you know, stressful time of our life.
We have people making decision and there wasn't a lot of automation. Not a lot of workflow up there, not a lot of guidance. So, um, I came across the tactic folks who were really automating some of that process and helping with guidance, helping people make decisions with knowledge and, um, help during that cycle.
Uh, that's what we're gonna cover on Wednesday morning.
[00:12:42] Marco Ciappelli: Very
[00:12:42] Sean Martin: And Mark Marco will probably, uh, echo what I say. I mean, even in non-stressful time, if you don't have a picture of something happened, what's next, which he and I are going to kind of working through some of those things for ourselves. If you don't have that in place, it's, [00:13:00] it can be stressful in a time of stress.
Adding more stress is, can be overwhelming, which is not
[00:13:06] Tim Brown: Yeah. Yeah. So.
[00:13:07] Marco Ciappelli: knowing, not having a plan is probably
[00:13:09] Tim Brown: Exactly not knowing, not having a plan, not having the, um, an expectation, right. What should I expect? Right. Um, and you know, truthfully, that's where we were and you know, four years or four years ago trying to go through this, um, lucky we had great guidance and we had really good people who had gone through many of them, so they really helped set some expectations, but it would've been much better if.
If I had that experience of, oh, this is what I expect next, this is what I expect next, this is what I expect next. So, um, you know, those are the things we're trying to, um, put into a platform to help people. I.
[00:13:52] Marco Ciappelli: Yeah. And you know there is two way one, you, you're the one that is in the middle of it as it happens to you and it's, and then [00:14:00] you use your experience to tell other people, look, you don't need to hit the head on the wall. It, let me tell you, it's, you know, there, there are way to handle it. But what I wanna talk about for a minute, 'cause you, you've been.
To many obviously, RSA conferences and, and other conferences have been around for a very long time. And so I'm reflecting as you're talking about this thing that be conscious about the fact that, you know, things will probably, can happen, will happen. You need to be ready. Years ago, it was more like any vendor will be like, eh, we, we just don't make it happen.
And it was just setting up for failure. If, if, I mean not being ready because somebody tells you, yeah, you're waterproof a hundred percent, you're good. It doesn't prepare you for the reality. I.
[00:14:51] Tim Brown: No, no, not at all. And you know, we do our best we can. Do the best we can to be able to. Be resilient. [00:15:00] Um, but bottom line is stuff can happen, right? And I think now the industry is looking at, well, if something happens, how do I limit exposure? Right? How do I limit damage? Um, uh, um, uh, you know, a real believer that if the inside of threat, it's going to grow, uh, that's gonna become an easier method to be able to infiltrate a company.
We.
[00:15:24] Sean Martin: Seeing a lot of things on that already.
[00:15:26] Tim Brown: Yeah, we have to think about modeling, right? Um, what if so and so is compromised? And that comes into, you know, my planning and play today as far as thinking about, okay, well what if this person comes compromise? Right? Do they have the keys to the safe or do they not? Right? Um, what can, what we can we do to put in place to protect them?
The person, what can we do to put in, um, safeguards to protect the company? So we have to start thinking that way because, you know, as we put more and more [00:16:00] safeguards in place, it's gonna become, you know, more, um, it's gonna become much more of a better, a better business model to go after insider than it is to infiltrate a company in other ways, just to be cheaper, easier, all of those things.
So yeah, we have to start thinking soon. Breach everywhere.
[00:16:21] Sean Martin: So we, we have, uh, preparedness for response. We have, uh, insider threats and identity, uh, risk management, if you will. Uh, what other, what other things are you seeing shifting in the CSO role that you're looking for? Ah,
[00:16:39] Tim Brown: is a big one. Yeah. Um, you know, as a vendor and a consumer, right. One of the things that we see as very important, I. Is for us to understand what makes up our software. Um, understand who built it, how they built it, um, be prepared for, you know, some of the [00:17:00] components potentially being tainted.
Right? Uh, we've had some wake up calls on tainted libraries and we have to take them seriously 'cause we're only seeing the ones we find. Right? Not ones that. Have potentially been tainted for use by other, um, that could be out there. So if we don't know their in product, then how do we know what they're doing right?
How do we know what has been going on? So, improvement in supply chain, improvement in, um, requirements for vendors, for supply chain, um, all of those things. More transparency as we talked about. Um, all important for us to move the needle, right? And, you know, basically move the needle for everyone. We're not set up as an industry to be able to handle the amount of data that comes from vendors, so we have to change that side of the world too.
People aren't ready to consume the information yet.
[00:17:59] Sean Martin: Yeah, [00:18:00] so there's, there's the, the makeup of stuff and then there's the runtime of stuff. Do you see that? Are we there yet
[00:18:08] Tim Brown: Yeah, we're not there yet. Yeah, we're not there yet. I mean, the, one of the problems is the monitoring of what's good and determining that that traffic is good or bad or the, the just like user behave analytics we need. System, behavior analytics, application, behavioral analytics, what is the normal characteristics of my software, and then if I go outside of that, something's going on.
Right. Um, but I think we'll get there. Um, yeah, I think we'll get there. You have to remember, you know, technology is advancing so fast and, you know, we talked about AI from a, um, potential perspective, but if you look at what AI can give us. How it could advance what we're doing and where it could advance deviation from normal.
There's a lot of models that help, [00:19:00] things that we couldn't do because of lack of compute, lack of applications we can start doing today. So that's gets us excited.
[00:19:08] Marco Ciappelli: Yep. Sure is exciting. And you know what, I'm excited to see you there. I hope we get an opportunity to hang out. I know you're busy, but will be nice to catch up at a personal. Level with you and, uh, and, you know, and many other people. Um, that's why we, we go to these conferences and, and, and that's the excitement, you know, to learn from each other, but also to, to bring that human touch that, that we all need, right?
[00:19:35] Tim Brown: Absolutely. Yeah, it's always a great opportunity. So now you guys just have to drive safe. And
[00:19:39] Marco Ciappelli: Yes.
[00:19:40] Tim Brown: don't have any exciting times on the drive
[00:19:43] Sean Martin: too exciting. Exactly.
[00:19:44] Marco Ciappelli: Yeah, I'll probably record a podcast as we drive. We'll see.
[00:19:48] Sean Martin: That's right. That's a rental car. Who cares? Oh boy. Stay away from the cows, Marco. That's all I'll say.
[00:19:56] Marco Ciappelli: Oh yeah, I'm not gonna, I'm not gonna go in.
[00:19:59] Sean Martin: [00:20:00] Although some people are expecting cows cow shops in the, uh, podcast, but enough to see.
[00:20:05] Marco Ciappelli: I don't know. I don't know about that. That's a surprise. We'll, we'll see what happen. We'll see what happen, but, but yeah, but what I know for sure is that we are going to be there, of course, uh, say see conference, uh, 2025 and we'll get there on, uh, probably Saturday, hang out a little bit on Sunday, and then Monday.
Tuesday, Wednesday, Thursday's gonna be full. That's the 28th to May 1st. And we are really excited and you, everybody should stay on and follow us and subscribe because pre-event, which also known as chats on the road and uh, and then a lot of content when we are there, something really fun. Something special too.
Uh, like the darpa uh, setting up on Monday morning. That's how we're gonna start. So we're get an inside of we camera and [00:21:00] mics and talk to the people that are organizing this really fun new event, actually. So that's gonna be fun. Stay tuned. And, uh, your final word.
[00:21:10] Sean Martin: I'm just, uh, excited to see my good friend, Tim, and, uh, thrilled to, to know you're engaging with the community. I know people. People value you as you and you, as your role as a ciso. And I think, I think the, the future is bright for that role. And, uh, I love that you're, you're taking the time to help. Help others understand what it means to them and, and what it means to the, to the community, what it means to our world as our businesses try to run safely.
So, um, kudos to you, my friend, for all you're doing and, uh, if you can get invited, if you can't connect with Tim some way or another, and, uh, you can certainly see him and Hoff on stage at CSA for the closing there. So definitely that's one spot you can catch him on, uh, Monday. So, um. [00:22:00] You my friend.
[00:22:02] Marco Ciappelli: It's good to see you.
[00:22:03] Tim Brown: see you guys. We'll see you at r.
[00:22:05] Marco Ciappelli: Yes, of course.