SolarWinds CEO gives chief security officer authority and air cover to make software security a priority

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

New leader is also making changes to the software development process to make it harder for attackers to find vulnerabilities.


Image: iStock/Andreus

SolarWinds CEO Sudhakar Ramakrishna is making changes at the board level and in daily operations to change the company’s security mindset. The company launched a Secure by Design initiative in response to the recent cybersecurity attack. This project is designed to build security into the design phase of software development and to make security an ongoing instead of an after-the-fact priority. 

During a panel discussion about cybersecurity, Ramakrishna said he used his experience as an engineer and a manager to shape the company’s response to the attack. He created a cybersecurity committee for the board that includes him and two sitting board members. He also said that he has given the company’s chief security officer the power to stop any software release if necessary to address security concerns.

“We’re providing independence, confidence and air cover to build a level of comfort and create a seat at the table,” he said. 

He said companies have to raise the profile of security officers to the board level to illustrate the importance of the role to the entire company. 

“Otherwise it just becomes a cost line item in the P&L,” he said.

Ramakrishna described his plan for changing the company’s security culture during a “Big Breaches” panel discussion with the authors of a new book and several industry security experts.

In a discussion about how to reduce the frequency of these attacks, Jimmy Sanders, head of security for Netflix and ISSA International Board of Directors, said that the industry needs to adopt a different approach to security, one that requires bad actors to succeed with an attack multiple times to gain access instead of just once.  

SEE: Identity theft protection policy (TechRepublic Premium)

Ramakrishna said his company is experimenting with an approach like this. The…