Watch your words: Tim Brown's advice for CISOs

"Anything you say can and will be used against you."

As the first CISO personally indicted in a civil lawsuit, Tim Brown knows all about how what he and his colleagues said -- be it industry language or benign jokes -- could be used against him and his company, SolarWinds.

Brown was the CISO at SolarWinds when the infamous 2020 supply chain attack occurred. Nation-state hackers had injected malicious code into SolarWinds Orion updates, enabling them to infiltrate thousands of organizations worldwide, including government agencies and private companies, and conduct cyberespionage.

What ensued was not only what is widely considered the first large-scale, highly sophisticated supply chain attack executed through a trusted vendor, but also a data discovery and interrogation by the SEC unlike any Brown had ever imagined, given he knew he had nothing to hide.

In October 2023, SolarWinds and Brown were charged with fraud for misleading investors regarding cybersecurity ...