CISO Tradecraft® #246 - Tim Brown on SolarWinds: What Every CISO Should Know
5 snips
Aug 18, 2025 Tim Brown, the Chief Information Security Officer of SolarWinds, shares his firsthand experience navigating the infamous supply-chain breach. He discusses the attacker’s sophisticated tactics and the challenges of incident response, including real-time communications and customer notifications. Tim emphasizes the importance of supply-chain security, highlighting tools like SBOMs for risk assessment. He also covers the legal complexities and accountability that CISOs face in today’s regulatory landscape, offering crucial insights for cybersecurity leaders.
AI Snips
Chapters
Transcript
Episode notes
Immediate Crisis Response And Sacrifice
- Tim Brown describes being notified by Mandiant on a Saturday and working nonstop through Christmas to investigate the breach.
- He ran dual war rooms, stayed remote during COVID, and lived at the office for three weeks to contain the incident.
Build Pipeline Tampering Over Source Control
- The attackers altered SolarWinds' backend build artifacts rather than source control, creating tainted compiled binaries.
- That method made detection harder because signed executables matched expected signatures, not source.
Downloaded Doesn't Mean Fully Compromised
- Although ~18,000 customers downloaded the compromised update, fewer than 100 progressed to the active second-stage payload.
- Firewalls and not exposing Orion to the internet limited the attacker’s reach.