Do CISOs Need Their Own Legal Counsel? Some Lessons from SolarWinds and Uber

Logo
Presented by

Scott Giordano, John Barker, John Bates and David Patariu & B Dunlap Moderator

About this talk

In October 2023, the U.S. Securities and Exchange Commission (SEC) filed a civil complaint against SolarWinds and its CISO, Timothy Brown. The charges stemmed from the September 2019 intrusion by threat actors into SolarWinds, which affected some 18,000 customers. This action by the SEC is likely the first time the agency targeted a CISO for alleged cybersecurity failures. It comes on the heels of the October 2022 criminal conviction of Uber CSO Joe Sullivan for withholding information about a 2016 breach at Uber from federal investigators. All of this raises an important issue for CISOs: Should they have their own legal counsel to guide them on legal compliance and working with regulatory agencies? And if so, who should pay – them, or their employers? In this presentation by cybersecurity attorneys, we’ll take a deep dive into the hard choices that modern CISOs face and some possible ways forward. Takeaways include: · Evaluating the SolarWinds and Uber cases and the claims against the CISOs · Understanding at what point a CISO needs to hire independent legal counsel · Exploring the various types of insurance and why your policy may be the wrong one
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (469)
Subscribers (159388)
ISC2 Security Briefings brings attendees both stand alone webcasts and multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.