CISO Trainings,
Events,
RSAC Conference
The Personal, Legal, and Health Challenges for CISOs Illustrated by SolarWinds’ Tim Brown
CISOs endure immense pressure due to regulatory oversight and potential legal ramifications following data breaches. Tim Brown, the Chief Information Security Officer at SolarWinds, recently shed light on the personal and professional consequences he faced after the U.S. Securities and Exchange Commission (SEC) filed charges against him in connection with the notorious 2020 supply chain attack.
Brown recounted that his legal troubles began well before the SEC’s formal charges in September 2023, which accused him of misleading investors regarding cybersecurity risks. He described the profound emotional impact of being singled out personally in the SEC’s investigation, a situation compounded by a heart attack he suffered the same week the charges were filed. This incident underscores the serious health and psychological challenges confronting CISOs.
“The month following the incident, I lost about 25 to 30 pounds. I don’t recommend experiencing that as a weight-loss strategy,” Brown remarked, highlighting the significant personal toll such scrutiny can impose. A federal Judge dismissed most of the SEC’s claims against both Brown and SolarWinds in a ruling made in 2024, providing some relief in a protracted legal dispute.
In a candid video interview during the RSAC Conference 2025, Brown elaborated on the importance of the Cyber Sarbanes-Oxley legislation, which delineates specific accountability structures within cybersecurity frameworks. He also emphasized the necessity of organizational support for CISOs during crises and the pivotal role of company culture in bolstering security leaders.
With over 25 years of experience in IT and security, Brown is recognized for his expertise in identity management, privileged access, and threat modeling. He holds 15 patents and has significantly contributed to enterprise patent initiatives. His advisory roles include involvement with the Open Identity Exchange and the Transglobal Secure Collaboration Program, in addition to serving as the global CTO for a joint venture between Dell and Deloitte.
In reflecting upon the ongoing pressures faced by security directors, Brown’s experiences serve as a stark reminder of the legal and personal vulnerabilities inherent in cybersecurity leadership roles. As the landscape for cybersecurity continues to evolve, it will be critical for organizations to provide robust support mechanisms for their security executives.
