Risk Never Sleeps Podcast – Episode #195

No Simulation Mode: What Happens When the Worst-Case Scenario Is Real
Guest: Tim Brown, CISO & VP of Security, SolarWinds
Host: Ed Gaudet, CEO & Founder, Censinet
Date: February 5, 2026

Overview

In this episode, Ed Gaudet sits down with Tim Brown, Chief Information Security Officer and VP of Security at SolarWinds, to explore what it’s like when the theoretical “worst-case scenario” becomes reality. The conversation centers on the aftermath of the landmark SolarWinds supply chain attack, lessons on incident response, regaining customer trust, and personal reflections on navigating crises and careers in security. Listeners gain first-person insights, practical advice, and a glimpse into the personality and resilience required to lead through unprecedented cybersecurity incidents.

Key Discussion Points and Insights

Tim Brown’s Background and Journey in Security

[00:39–03:04]

Tim traces his roots to software engineering with early stints at Wang Labs and Axis 360/Accent Technologies (acquired by Symantec), holding CTO roles at Symantec, CA, and Dell before moving to a hands-on CISO role at SolarWinds.
“I built a lot of security products…then I decided to go be a CISO myself.” (Tim Brown, 00:39)

SolarWinds Attack: The Reality of a Nation-State Threat

[03:19–05:15]

Tim recounts the SolarWinds incident (December 12, 2020) where the Russian SVR compromised their build systems, injecting tainted code delivered to 18,000 customers.
“Nation states were real, they weren’t theoretical… they were quiet. And we were just a route to the four government agencies they were trying to access and some commercial customers.” (Tim Brown, 04:09)
Only under 100 customers were negatively affected, but the severity was immense.

Incident Response: Plans vs. Reality

[05:41–10:20]

Their existing incident response plan (levels 0–4) was stress-tested by unprecedented scale.
Muscle memory from practicing smaller incidents proved invaluable.
- “First lesson is making sure that you practice and don’t just practice the big stuff.” (Tim Brown, 06:35)
Importance of internal relationships meant crisis meetings weren’t the first time teams (Legal, HR, Engineering, IT) interacted, which was vital for rapid, coordinated action.
Brought in third-party experts (e.g., CrowdStrike) to instrument and assess the environment.
Organization and specialization within response teams (some focused on technical root cause, others on communications, etc.) was critical.

Surviving and Healing After Crisis

[10:22–14:52]

Massive upgrades in security post-incident: YubiKeys everywhere, micro-segmentation, triple build pipelines, third-party audits, expanded Red Teaming, and introducing security contacts for every customer.
- “We do triple build for Orion…no one having access to all three…comparing the results before we ship them.” (Tim Brown, 11:21)
Emphasis on transparency—publishing updates, answering questions directly, and communicating openly helped regain customer trust.
- “Transparency is critical…we got a lot of credit for transparency.” (Tim Brown, 15:08)
Emotional resilience: letting customers vent, understanding their anger, and growing a “hard shell.”
- “Let them yell. Right. And it’s appropriate.” (Tim Brown, 14:52)
Discusses the changed nature of the CISO role post-incident—requires different skill sets, especially in communication and transparency.

Security Leadership: Skills, Survival, and Teamwork

[15:08–18:45]

Articulates the necessity for a CISO to adapt: skills needed before and after incidents can differ dramatically.
- “What we needed is… people capable of being transparent, capable of working post-incident.” (Tim Brown, 17:08)
- “Grace throughout the process.” (Tim Brown, 18:39)
The SolarWinds team survived thanks to mutual support and adaptability.

Personal Reflections

[19:06–24:28]

If meeting his 20-year-old self: “Be patient, learn as much as you can. Enjoy the ride.”
On work-life balance: owns a farm, with horses and mini-donkeys—finds stress relief away from tech.
- “How do you relieve your stress? …I can relax a little bit and have that separation.” (Tim Brown, 19:40)
Early jobs: Market Basket grocery store—learned to work with the public (and being yelled at!).
Education: North Adams State and further at The Wharton School.

Music, Hobbies, and Personality

[24:30–27:18]

Favorite music: Journey, Rush, Van Halen, Led Zeppelin, Eagles, The Grateful Dead.
- “You have to have some Led Zeppelin in there too.” (Tim Brown, 24:53)
Classic car enthusiast: collects and works on cars with his son.
- “I’ve got a Corvette. I’ve got an old BMW. I’ve got a old Jeep truck.” (Tim Brown, 26:21)

AI: Predictions and Concerns

[27:23–31:56]

Forecasts AI’s impact as broader than the cloud—comparable to the arrival of the internet.
Concerned about large-scale job displacement (esp. outsourced help desk roles in India, Manila), emphasizing the need for global attention to human transitions.
AI will enable previously impossible security architectures—“B1 bomber analogy”: humans can’t fly it alone, computers make it possible.
“AI is going to actually allow us to remove…some of that efficiency for security.” (Tim Brown, 29:21)
Cautions about a “skip-generation” effect in workforce adaptation—recent grads may not be as AI-literate as the next incoming generation.

Advice for Future Security Professionals

[32:18–33:22]

“Be a lifetime learner… embrace that change and be willing to learn again.”
Be eager to say, “I don’t know this today, but I can go learn it right then you’re going to be much more prepared to succeed in the future.” (Tim Brown, 33:13)

Notable Quotes & Memorable Moments

On Muscle Memory:
“So, muscle memory really is very important. So first lesson is making sure that you practice and don't just practice the big stuff…use tabletops, use little tabletops.”
(Tim Brown, 06:12)
On Transparency vs. Legal Silence:
“Transparency is critical. Yes. So that's where you have to have the balance. And we got a lot of credit for transparency... The best thing you can do is be quiet, not talk to anybody. [But] company surviving perspective and thriving perspective, you know, transparency is critical.”
(Tim Brown, 14:58)
On Leading Through Crisis:
“I didn't just ruin our Christmas. I ruined, you know, 18,000 customers’ Christmases. So they should be mad.”
(Tim Brown, 14:35)
On Security Leadership After a Breach:
“Shocking skills that I needed post incident were very different than the skills I needed pre incident…if you're not capable for that thing, you have to be, you know, consider being augmented or potentially replaced because the skills are just very different.”
(Tim Brown, 16:59)
On the AI Transition:
“I think we're going to see huge unemployment in those [outsourced help desk] spaces and how we're going to handle that…It's going to be, you know, going to steam power, right. And it's, yeah.”
(Tim Brown, 27:38)
On Lifelong Learning and Adaptation:
“Be excited about learning. The AI world can either be a great opportunity or it could be a detriment. And think about the opportunities that it presents itself, the opportunities to do things differently. So always continue to think.”
(Tim Brown, 32:35)
On Team Culture During Crisis:
“We all had little lapses here and there, but we gave each other kind of grace throughout the process.”
(Tim Brown, 18:36)

Timestamps for Important Segments

Tim Brown’s journey to CISO – 00:39–03:04
The SolarWinds attack: timeline & impact – 03:19–05:15
Incident response muscle memory and scaling up – 05:41–10:20
Transforming security post-incident – 10:22–14:52
Trust and transparency with customers – 13:28–14:52
Changing face of CISO leadership – 15:08–18:45
Personal reflections: work-life and stress relief – 19:06–21:19
Early work and education experiences – 21:22–24:28
Hobbies: music and vintage cars – 24:30–27:18
AI disruptions and predictions – 27:23–31:56
Advice to new security professionals – 32:18–33:22

Episode Tone & Style

Honest, candid, and conversational
Blends technical insight with personal storytelling
Empathetic and mindful of human elements in crisis
Frequent humor and rapport between host and guest

For more resources and ways to boost your risk awareness and safety, visit www.censinet.com.

Risk Never Sleeps Podcast – Episode #195

Overview

Key Discussion Points and Insights

Tim Brown’s Background and Journey in Security

[00:39–03:04]

Tim traces his roots to software engineering with early stints at Wang Labs and Axis 360/Accent Technologies (acquired by Symantec), holding CTO roles at Symantec, CA, and Dell before moving to a hands-on CISO role at SolarWinds.
“I built a lot of security products…then I decided to go be a CISO myself.” (Tim Brown, 00:39)

SolarWinds Attack: The Reality of a Nation-State Threat

[03:19–05:15]

Tim recounts the SolarWinds incident (December 12, 2020) where the Russian SVR compromised their build systems, injecting tainted code delivered to 18,000 customers.
“Nation states were real, they weren’t theoretical… they were quiet. And we were just a route to the four government agencies they were trying to access and some commercial customers.” (Tim Brown, 04:09)
Only under 100 customers were negatively affected, but the severity was immense.

Incident Response: Plans vs. Reality

[05:41–10:20]

Their existing incident response plan (levels 0–4) was stress-tested by unprecedented scale.
Muscle memory from practicing smaller incidents proved invaluable.
- “First lesson is making sure that you practice and don’t just practice the big stuff.” (Tim Brown, 06:35)
Importance of internal relationships meant crisis meetings weren’t the first time teams (Legal, HR, Engineering, IT) interacted, which was vital for rapid, coordinated action.
Brought in third-party experts (e.g., CrowdStrike) to instrument and assess the environment.
Organization and specialization within response teams (some focused on technical root cause, others on communications, etc.) was critical.

Surviving and Healing After Crisis

[10:22–14:52]

Massive upgrades in security post-incident: YubiKeys everywhere, micro-segmentation, triple build pipelines, third-party audits, expanded Red Teaming, and introducing security contacts for every customer.
- “We do triple build for Orion…no one having access to all three…comparing the results before we ship them.” (Tim Brown, 11:21)
Emphasis on transparency—publishing updates, answering questions directly, and communicating openly helped regain customer trust.
- “Transparency is critical…we got a lot of credit for transparency.” (Tim Brown, 15:08)
Emotional resilience: letting customers vent, understanding their anger, and growing a “hard shell.”
- “Let them yell. Right. And it’s appropriate.” (Tim Brown, 14:52)
Discusses the changed nature of the CISO role post-incident—requires different skill sets, especially in communication and transparency.

Security Leadership: Skills, Survival, and Teamwork

[15:08–18:45]

Articulates the necessity for a CISO to adapt: skills needed before and after incidents can differ dramatically.
- “What we needed is… people capable of being transparent, capable of working post-incident.” (Tim Brown, 17:08)
- “Grace throughout the process.” (Tim Brown, 18:39)
The SolarWinds team survived thanks to mutual support and adaptability.

Personal Reflections

[19:06–24:28]

If meeting his 20-year-old self: “Be patient, learn as much as you can. Enjoy the ride.”
On work-life balance: owns a farm, with horses and mini-donkeys—finds stress relief away from tech.
- “How do you relieve your stress? …I can relax a little bit and have that separation.” (Tim Brown, 19:40)
Early jobs: Market Basket grocery store—learned to work with the public (and being yelled at!).
Education: North Adams State and further at The Wharton School.

Music, Hobbies, and Personality

[24:30–27:18]

Favorite music: Journey, Rush, Van Halen, Led Zeppelin, Eagles, The Grateful Dead.
- “You have to have some Led Zeppelin in there too.” (Tim Brown, 24:53)
Classic car enthusiast: collects and works on cars with his son.
- “I’ve got a Corvette. I’ve got an old BMW. I’ve got a old Jeep truck.” (Tim Brown, 26:21)

AI: Predictions and Concerns

[27:23–31:56]

Forecasts AI’s impact as broader than the cloud—comparable to the arrival of the internet.
Concerned about large-scale job displacement (esp. outsourced help desk roles in India, Manila), emphasizing the need for global attention to human transitions.
AI will enable previously impossible security architectures—“B1 bomber analogy”: humans can’t fly it alone, computers make it possible.
“AI is going to actually allow us to remove…some of that efficiency for security.” (Tim Brown, 29:21)
Cautions about a “skip-generation” effect in workforce adaptation—recent grads may not be as AI-literate as the next incoming generation.

Advice for Future Security Professionals

[32:18–33:22]

“Be a lifetime learner… embrace that change and be willing to learn again.”
Be eager to say, “I don’t know this today, but I can go learn it right then you’re going to be much more prepared to succeed in the future.” (Tim Brown, 33:13)

Notable Quotes & Memorable Moments

On Muscle Memory:
“So, muscle memory really is very important. So first lesson is making sure that you practice and don't just practice the big stuff…use tabletops, use little tabletops.”
(Tim Brown, 06:12)
On Transparency vs. Legal Silence:
“Transparency is critical. Yes. So that's where you have to have the balance. And we got a lot of credit for transparency... The best thing you can do is be quiet, not talk to anybody. [But] company surviving perspective and thriving perspective, you know, transparency is critical.”
(Tim Brown, 14:58)
On Leading Through Crisis:
“I didn't just ruin our Christmas. I ruined, you know, 18,000 customers’ Christmases. So they should be mad.”
(Tim Brown, 14:35)
On Security Leadership After a Breach:
“Shocking skills that I needed post incident were very different than the skills I needed pre incident…if you're not capable for that thing, you have to be, you know, consider being augmented or potentially replaced because the skills are just very different.”
(Tim Brown, 16:59)
On the AI Transition:
“I think we're going to see huge unemployment in those [outsourced help desk] spaces and how we're going to handle that…It's going to be, you know, going to steam power, right. And it's, yeah.”
(Tim Brown, 27:38)
On Lifelong Learning and Adaptation:
“Be excited about learning. The AI world can either be a great opportunity or it could be a detriment. And think about the opportunities that it presents itself, the opportunities to do things differently. So always continue to think.”
(Tim Brown, 32:35)
On Team Culture During Crisis:
“We all had little lapses here and there, but we gave each other kind of grace throughout the process.”
(Tim Brown, 18:36)

Timestamps for Important Segments

Tim Brown’s journey to CISO – 00:39–03:04
The SolarWinds attack: timeline & impact – 03:19–05:15
Incident response muscle memory and scaling up – 05:41–10:20
Transforming security post-incident – 10:22–14:52
Trust and transparency with customers – 13:28–14:52
Changing face of CISO leadership – 15:08–18:45
Personal reflections: work-life and stress relief – 19:06–21:19
Early work and education experiences – 21:22–24:28
Hobbies: music and vintage cars – 24:30–27:18
AI disruptions and predictions – 27:23–31:56
Advice to new security professionals – 32:18–33:22

Episode Tone & Style

Honest, candid, and conversational
Blends technical insight with personal storytelling
Empathetic and mindful of human elements in crisis
Frequent humor and rapport between host and guest

For more resources and ways to boost your risk awareness and safety, visit www.censinet.com.

wavePod

Episode #195. No Simulation Mode: What Happens When the Worst-Case Scenario Is Real, with Tim Brown, Chief Information Security Officer and VP of Security for SolarWinds

Powered by Wave AI

Summary

Risk Never Sleeps Podcast – Episode #195

Overview

Key Discussion Points and Insights

Tim Brown’s Background and Journey in Security

SolarWinds Attack: The Reality of a Nation-State Threat

Incident Response: Plans vs. Reality

Surviving and Healing After Crisis

Security Leadership: Skills, Survival, and Teamwork

Personal Reflections

Music, Hobbies, and Personality

AI: Predictions and Concerns

Advice for Future Security Professionals

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Episode Tone & Style

Summary

Risk Never Sleeps Podcast – Episode #195

Overview

Key Discussion Points and Insights

Tim Brown’s Background and Journey in Security

SolarWinds Attack: The Reality of a Nation-State Threat

Incident Response: Plans vs. Reality

Surviving and Healing After Crisis

Security Leadership: Skills, Survival, and Teamwork

Personal Reflections

Music, Hobbies, and Personality

AI: Predictions and Concerns

Advice for Future Security Professionals

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Episode Tone & Style