SolarWinds is a leading provider of powerful and affordable IT infrastructure management software. Headquartered in Austin, Texas, SolarWinds offers a comprehensive suite of solutions designed to monitor and manage the performance of IT environments, whether on-premises, in the cloud, or hybrid models.
Trusted by over 300,000 customers worldwide, including 96% of the Fortune 500, SolarWinds delivers value by simplifying complex IT challenges and enhancing operational efficiency. As the Chief Information Security Officer (CISO) and Vice President of Security at SolarWinds, Tim Brown has been instrumental in driving digital innovation and enhancing security frameworks. Since joining SolarWinds in 2017, he has overseen internal IT security, product security, and security strategy. He is renowned for spearheading the company’s “Secure by Design” initiative, which focuses on creating a robust cybersecurity standard across people, infrastructure, and software development.
The Leader
Tim Brown’s career journey is different from many CISOs. He began as an engineer building security products, transitioned to managing product teams, and later served as CTO in various roles, including for a startup and Dell Software’s security portfolio. Eight years ago, he moved to the CISO role, bringing a strong background in invention, engineering, and product development with deep knowledge of how software is built.
As the CISO, Tim sees his role under constant evolution as cyber threats become more aggressive and sophisticated, requiring constant adaptation. He believes that balancing technical and strategic responsibilities is key to success and today, sharing insights and learning from their own previous experiences, as well as from others, helps companies build stronger defenses without starting from scratch each time.
An avid inventor, Tim Brown holds 18 patents on security-related topics and has served as a trusted advisor to government bodies, including Congress and the White House. His extensive experience includes roles at Symantec, CA Technologies and Dell Software and ITSPMagazine, where he contributed significantly to cybersecurity strategies.
Leading from the Front
Tim’s leadership and expertise were instrumental in navigating SolarWinds through one of the most significant cybersecurity incidents in recent history. His leadership was pivotal during the response to the SUNBURST attack in December 2020, where he led remediation efforts and worked closely with customers to ensure their security. Tim Brown led the incident response team to quickly identify and mitigate the breach. This involved isolating affected systems and working to understand the scope of the attack. He ensured transparent and timely communication with SolarWinds’ customers, providing them with the necessary information and guidance to protect their own environments.
Tim coordinated closely with government agencies and cybersecurity experts to investigate the attack and enhance security measures. Post-attack, he spearheaded the “Secure by Design” initiative, focusing on strengthening security across all aspects of SolarWinds’ operations, from software development to internal processes. He oversaw the remediation efforts, ensuring that vulnerabilities were addressed and systems were fortified against future threats.
Tim’s focus is now on ensuring that the team is always prepared for potential cybersecurity incidents. “Two important ways we prepare our teams are through red team exercises and fostering a security-focused culture. Instead of generic yearly training, we personalize training for each department, helping them internalize specific threats relevant to their roles. This way, when an incident ever does occur, people recognize it and can act quickly,” he shares.
Empowering Organizations
SolarWinds offers a comprehensive suite of IT management and observability solutions designed to simplify the complexities of modern IT environments. Their platform provides full-stack observability, enabling organizations to monitor and manage their entire IT infrastructure, from on-premises to multi-cloud environments. Key products include network management tools, database performance management, and IT service management solutions. These tools help IT professionals gain deep insights into system performance, streamline operations, and enhance overall efficiency.
One of the standout features of SolarWinds is its focus on hybrid cloud observability, which allows businesses to seamlessly transition between on-premises and cloud environments while maintaining optimal performance and security. Additionally, SolarWinds leverages AI to enhance IT service management, automating repetitive tasks and improving ticket resolution times. This not only boosts productivity but also ensures a better user experience for employees and customers alike. With a strong emphasis on ease of use and value, SolarWinds continues to be a trusted partner for organizations looking to optimize their IT operations.
Innovative Solutions
Tim Brown is excited about some of SolarWinds’ latest innovations around its comprehensive observability solutions. SolarWinds Observability works by providing full-stack visibility across on-prem and cloud environments, which gives customers the flexibility to choose how they monitor and manage their systems. The solutions – and their adaptable deployment options – really help customers meet the needs of increasingly complex hybrid IT infrastructures.
Incorporating customer feedback has been a huge part of SolarWinds’ product development process – they continuously listen and directly integrate customers’ suggestions into their products. These incorporations enhance their solutions and help the customers adapt to the ever-changing landscape.
Enhancing Security and Resilience
The “Secure by Design” initiative by SolarWinds is a comprehensive approach to enhancing cybersecurity and resilience within their software development processes. Launched in response to the SUNBURST cyberattack, this initiative focuses on creating a more secure environment through several key principles, including transparency, maximum visibility, and an “assume breach” mindset.
SolarWinds has developed a Next-Generation Build System to ensure a resilient build environment and has implemented rigorous security practices such as frequent red and purple teaming, auditing, and community collaboration to support cyber resiliency. This initiative underscores SolarWinds’ commitment to leading the industry in secure software development and protecting its customers from sophisticated cyber threats.
Organizations can significantly benefit from SolarWinds’ “Secure by Design” initiative in several ways. Firstly, by adopting the enhanced security measures and practices embedded in SolarWinds’ software development process, organizations can reduce their vulnerability to cyber threats. The initiative’s focus on transparency and maximum visibility ensures that potential security issues are identified and addressed promptly, minimizing the risk of breaches.
Additionally, the “assume breach” mindset encourages organizations to be proactive in their cybersecurity strategies, preparing for potential incidents rather than merely reacting to them. This proactive approach, combined with rigorous security practices like frequent red and purple teaming, helps organizations build a more resilient IT infrastructure. Ultimately, these benefits lead to improved trust and confidence among stakeholders, as organizations can demonstrate their commitment to maintaining robust security standards and protecting sensitive data.
The Future: Threats and Opportunities
In Tim’s opinion, the biggest emerging cybersecurity threats are sophisticated nation-state actors collaborating with ransomware groups and other cyber criminals to achieve espionage and economic goals. Additionally, AI will play a significant role in enhancing attacks, making them more targeted and thoughtful.
In the next five years, Tim envisions increased collaboration among security teams globally, with a focus on sharing information and best practices. Personalized security combined with deception tactics will give companies an advantage and put attackers at a disadvantage. Public-private partnerships and information sharing need to be as transparent as the adversaries’ networks. AI will play a crucial role in this evolution.
“I’m also hoping companies stop exploiting their competitors’ cyber incidents and instead collaborate to prevent them, fostering maturity and cooperation across the industry. My goal is to foster public-private partnerships and create a transparent community for better cybersecurity,” he says.
“As the good guys, we need to overshare with each other. Too often, we find ourselves starting from scratch instead of learning from our peers. My goal is to foster private-private and public-private partnerships and create a transparent community for better cybersecurity,” he says.
Tim Brown concludes our interaction with the following message for the CISOs across the globe:
“My biggest advice to CISOs is to stay informed about compliance and regulatory challenges, which are continuously evolving. It’s important to collaborate closely with legislators legal teams and participate in decision-making processes to ensure companies meet regulatory requirements effectively. It’s important to be part of the team that is making the decisions around regulations and not working in a vacuum.”
Quote: “Coming together is the beginning. Keeping together is progress. Working together is success.”- Henry Ford.
Quote: “SolarWinds stays ahead in cybersecurity through its “Secure by Design” approach, using next-generation build processes and a secure software development lifecycle to innovate in cybersecurity technology continually.”
Quote: “I’m excited about a number of advancements in identity management, particularly passwordless authentication, as well as automation in incident response.”
Quote: “AI’s ability to detect deviations from normal behavior will be a game-changer for breach management and defense.”
Check – Latest Magazines