In this week's episode Dr. Crane talks to Tim Brown, the CISO of SolarWinds about the Sunburst malware intrusion, how it affected him and his company, the changes he made, and how Tim stayed on as CISO after the intrusion.

SolarWinds shot to national prominence due to the Sunburst malware intrusion, first discovered by FireEye in 2020.

This incident resulted in the first stand-up of a cyber unified coordination group, with the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Office of the Director of National Intelligence, to coordinate a whole of government response to this incident.

The Atlantic council said that Sunburst was a significant moment for cloud computing security and the attack raised concerns about the existing threat model that major cloud service providers use. Now imagine being the cybersecurity leader at the organization identified in this intrusion that affected thousands of customers.

That was the situation Tim found himself in, in late 2020. He joins me here today to share his experience and wisdom in dealing with one of the most significant cybersecurity incidents in recent memory.

In this episode:

00:00 — Highlight Clip

02:07 — Introductions

02:54 — Sunburst Incident Overview

05:55 — Difficulties Of Handling An Incident During The Holidays

07:05 — How Tim Stayed As CISO

09:06 — Pivoting From Internal To External Facing CISO

11:16 — Organization Reporting Obligations

12:58 — Finding Help For A Large Incident

14:16 — Reaching Out To National Defenders

15:56 — Cooperating With CISA For Messaging

16:47 — Lessons And Improvements Going Forward

18:58 — Validating A Digital Supply Chain

20:55 — Assume Breach Before And After

21:24 — Sign Off

Tim Brown:

Orange Matter — https://orangematter.solarwinds.com/author/tim-brown/

LinkedIn — https://www.linkedin.com/in/tim-brown-93639a1/

Links in this episode:

SolarWinds RSA Presentation —  https://www.youtube.com/watch?v=7DHb1gzF5o4

Thanks To Our Sponsors:

Heinz College CISO Certificate — https://www.heinz.cmu.edu/programs/executive-education/chief-information-security-officer-certificate

CISOWise vCISO — https://www.cisowise.com/

Heinz College:

https://www.facebook.com/heinzcollege

https://www.linkedin.com/school/carnegie-mellon-university---h.-john-heinz-iii-college/

Carnegie Mellon:

https://www.linkedin.com/school/carnegie-mellon-university

https://www.facebook.com/carnegiemellonu

Follow CISOWise on all podcast apps.

Website — https://www.cisowise.com/podcast

Show Notes & Transcript — https://www.cisowise.com/podcast/001-tim-brown-on-sunburst