Tim Brown's job changed overnight. December 11th, he was the CISO at SolarWinds managing security operations. December 12th, he was leading the response to one of the most scrutinized cybersecurity incidents in history.
First CISO Charged by SEC: Tim Brown on Trust, Context, and Leading Through Crisis - Interview with Tim Brown | AISA CyberCon Melbourne 2025 Coverage | On Location with Sean Martin and Marco Ciappelli
AISA CyberCon Melbourne | October 15-17, 2025
Tim Brown's job changed overnight. December 11th, he was the CISO at SolarWinds managing security operations. December 12th, he was leading the response to one of the most scrutinized cybersecurity incidents in history.
Connecting from New York and Florence to Melbourne, Sean Martin and Marco Ciappelli caught up with their longtime friend ahead of his keynote at AISA CyberCon. The conversation reveals what actually happens when a CISO faces the unthinkable—and why the relationships you build before crisis hits determine whether you survive it.
Tim became the first CISO ever charged by the SEC, a distinction nobody wants but one that shaped his mission: if sharing his experience helps even one security leader prepare better, then the entire saga becomes worthwhile. He's candid about the settlement process still underway, the emotional weight of having strangers ask for selfies, and the mental toll that landed him in a Zurich hospital with a heart attack the week his SEC charges were announced.
"For them to hear something and hear the context—to hear us taking six months off development, 400 engineers focused completely on security for six months in pure focus—when you say it with emotion, it conveys the real cost," Tim explained. Written communication failed during the incident. People needed to talk, to hear, to feel the weight of decisions being made in real time.
What saved SolarWinds wasn't just technical capability. It was implicit trust. The war room team operated without second-guessing each other. The CIO handled deployment and investigation. Engineering figured out how the build system was compromised. Marketing and legal managed their domains. Tim didn't waste cycles checking their work because trust was already built.
"If we didn't have that, we would've been second-guessing what other people did," he said. That trust came from relationships established long before December 2020, from a culture where people knew their roles and respected each other's expertise.
Now Tim's focused on mentoring the next generation through the RSA Conference CSO Bootcamp, helping aspiring CISOs and security leaders at smaller companies build the knowledge, community, and relationships they'll need when—not if—their own December 12th arrives. He tailors every talk to his audience, never delivering the same speech twice. Context matters in crisis, but it matters in communication too.
Australia played a significant role during SolarWinds' incident response, with the Australian government partnering closely in January 2021. Tim hadn't been back in a decade, making his return to Melbourne for CyberCon particularly meaningful. He's there to share lessons earned the hardest way possible, and to remind security leaders that stress management, safe spaces, and knowing when to compartmentalize aren't luxuries—they're survival skills.
His keynote covers the different stages of incident response, how culture drives crisis outcomes, and why the teams that step up matter more than the ones that run away. For anyone leading security teams, Tim's message is clear: build trust now, before you need it.
AISA CyberCon Melbourne runs October 15-17, 2025 Coverage provided by ITSPmagazine
GUEST:
Tim Brown, CISO at SolarWinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/
HOSTS:
Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.com
Marco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.com
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to share an Event Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
Sean Martin and Marco Ciappelli reconnect with longtime friend Tim Brown, CISO of SolarWinds, from New York and Florence to Melbourne ahead of his keynote at AISA CyberCon. Tim discusses his eight-year journey at SolarWinds, including navigating the December 2020 incident, becoming the first CISO ever charged by the SEC, and leading the company through recovery to private equity acquisition.
The conversation explores the critical importance of implicit trust within response teams, how Tim's role transformed overnight when the incident hit, and why verbal communication with emotional context proved far more effective than written documentation during crisis. Tim shares candidly about the mental and physical toll, including suffering a heart attack in Zurich the week his SEC charges were announced, and how compartmentalizing and creating safe spaces helped him manage stress.
Tim also discusses his work with the RSA Conference CSO Bootcamp, a mentorship program for aspiring CISOs and security leaders at smaller companies. The bootcamp focuses on building practical knowledge, community connections, and understanding the non-technical aspects of CISO roles like board communication and executive partnerships. He emphasizes how relationships built before incidents determine success during crisis, and how teams that step up versus run away reveal organizational culture. Tim's keynote at CyberCon covers lessons learned at different stages of incident response and how culture drives outcomes when crisis hits.
1. On Historic SEC Charges: "I was the first CISO to ever been charged by the SEC, so that happened a couple years ago. We're in the middle of trying to get a settlement complete."
2. On Context and Communication: "For them to hear something and hear the context—to hear the context of us taking six months off of development, new features to focus on security and build system. Easy to say, but what does that mean? That means 400 engineers focus completely on this for six months and a pure focus."
3. On Implicit Trust: "One of the things that we got really lucky with, is that we really operated through the war room team on implicit trust. If we didn't, we would be second guessing what other people did."
4. On Finding Safe Spaces: "I leave work at work and I don't bother my wife with what's going on at work very often at all. And one of the things she told me the other day is, you know, you can talk to me, but I know this is your safe place. And it is my safe place."
5. On His Mission: "That's the big thing of what my mission is, right? If I can share for good. If I can share for people and if they get some lessons from it and it helps them, then this whole saga's been worthwhile."
"I appreciate you as a friend. I value all the work that you do in this world of CISO and contributing back to the community, and I know others do too, and have a lot of people, have tremendous respect for you."
"I love the fact that you don't have a script that you're going to repeat. I mean, I know you're very spontaneous and honest and your feelings. I mean, I think just people listening to you right now, they understand who you are."