Name: Tim Brown

Organisation: SolarWinds

Job title: Chief Information Security Officer and Vice President, Security,

Date started current role: July 2017

Location: Austin, Texas

Tim Brown serves as Chief Information Security Officer and Vice President, Security for SolarWinds, overseeing internal IT security, product security, and security strategy. As a former Dell Fellow and CTO, Brown deeply understands the challenges and aspirations of the person responsible for driving digital innovation and change. Brown has over 20 years of experience developing and implementing security technology. Nationally, his trusted advisor status has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. He is a member of the advisory board for Clemson University and holds 18 issued patents on security-related topics.

What was your first job? My first real job was Wang Laboratories. I was hired out of college as a Software Engineer focused on creating tests for a new hardware/software product. Quality Assurance (QA) was a great place to start an engineering career.

How did you get involved in cybersecurity? I really started focusing on cybersecurity when I joined Axent Technologies in 1996. I ran the teams building products focused on identity management and multi-factor authentication. Axent was acquired by Symantec in 1999, and shortly after, I joined the CTO office focusing on Architecture and Strategy across the company. Symantec was at that point focused completely on security.

What was your education? Do you hold any certifications? What are they? My education is primarily hands-on– with a great deal of opportunities to learn from experiences and people. I hold a BS in Computer Science with some additional executive education from the Wharton School of Business.

Explain your career path. Did you take any detours? If so, discuss. My career path started as a Software Engineer. Then I managed small teams and then larger teams building products. I eventually switched to global CTO roles. At Symantec, I focused on internal architecture and strategy, working with and building a cohesive architecture team across the company. At CA, I focused externally as the CTO for the Security business. At Dell Software, I was one of six Dell Fellows and focused across the new Dell Software business unit.

A couple of detours in my career have occurred. I joined FTP Software for a quick stint in 1994. Their main product was the TCP/IP stack for Windows. However, when Windows 95 came out, it decimated the business. I also joined a startup for a little over a year. It was a great experience but definitely a detour.

Was there anyone who has inspired or mentored you in your career? So many great people throughout my career. Very early in my career, Jim Ray, one of my first managers, gave me some great advice. I was a new manager running a team of folks who had more experience than I did, but I was ahead on the vision and the technology. Jim told me something I never forgot. He said, “Tim you’re interrupting people. Just because you know all the answers, they don’t need to be yours.” To this day, I listen and I guide conversations to outcomes. I try hard to let others collaborate and come up with ideas. The end result is what matters, not being the loudest in the room.

Rob Clyde, the CTO for Symantec, gave me opportunities to help acquire many companies, the freedom to invent, and to help others drive great vision. I have 18 patents, many of them from Symantec and CA. John Thompson, the CEO for Symantec, showed me how to speak to customers, how to present, and how to be empathetic and humble but still driven. Don Ferguson, CTO for CA and Dell Software, pushed me really hard to take charge and take ownership, have the hard conversations and be bold.

Every day I try to learn something new. The people I’ve worked with throughout the years and the experiences I’ve had continue to shape and mentor me today.

What do you feel is the most important aspect of your job? I manage risk for the business and help the company succeed financially. Both are critical.

What metrics or KPIs do you use to measure security effectiveness? Metrics vary by function. In the product area, we tag every security issue in Jira and give it a CVSS score. This activity allows us to collect and report on product security. We measure our effectiveness internally with our internal security audit function and externally through third-party testing.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? We have hired globally and retrained people internally to help with the security skills shortage. This has worked well for us.

Cybersecurity is constantly changing – how do you keep learning? I read quite a bit. I’m also part of some very good CISO groups that openly share experiences, technologies that they like, and where they are headed. We learn from each other.

What conferences are on your must-attend list? I have attended RSA and Blackhat for years. The best meetings are the side meetings that occur since everyone is there. I also attend some CISO-only events like SINET, which has a great group of people. Team 8 in Israel has also brought together CISOs from around the world.

What is the best current trend in cybersecurity? The worst? Technology continues to evolve and, in many cases, help us reduce risk and improve efficiency. The worst trend is the belief that technology solves all our problems. There is no perfect solution. Managing risk is a 24/7 hard job that takes strong people and great technology.

What’s the best career advice you ever received? I’ve received so much great advice over the years. Here is one piece of advice I remember often from a very unlikely source. I was on a plane sitting next to someone I remember as a 60’s hippy. We started talking and she asked me what I did. I told her that I built software and ran engineering teams. She said, “You must be very passionate about what you do.” The word passionate really got me thinking. I liked what I did but I was not really passionate about it. That was the point where I moved towards security and really focused on trying to help others.

What advice would you give to aspiring security leaders? Continue to learn and learn outside of your area of expertise. Understand the business and learn how to communicate internally and externally. Become a resource beyond pure security.

What has been your greatest career achievement? I have been lucky to have several of them. I have been able to share information and knowledge with thousands of people around the world, helping them gain new knowledge, adjust their thinking, reduce their risk and grow their careers. That is the greatest achievement.

Professionally, I have launched some great products, I’ve invented some great technology with 18 patents, and I became one of six Dell Fellows. In our field, a Fellow is the highest technical achievement. I’ve also been able to guide a company through one of the most public security breaches of all times and help the company thrive.

Looking back with 20:20 hindsight, what would you have done differently? There are a few opportunities I missed, but overall, I’ve learned from each experience so I would do very little differently.