Report Reveals Top Lessons Learned from SolarWinds, Twitter and RSA Security Breaches

Report unveils insights from five cybersecurity leaders who have guided teams through severe incidents

MIAMI – NOVEMBER 16, 2022 – Despite heightened cybersecurity threat awareness, small businesses and corporate behemoths alike are still falling victim to attacks. Lumu, the creator of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real-time, today released a report that shares candid insights from cybersecurity leaders at SolarWinds, Twitter and more who have guided incident response teams through some of the worst recent security breaches.

“Labor shortages, increased burnout and high resignation rates are posing serious risks for businesses as they attempt to protect themselves from constant cybersecurity threats,” says Ricardo Villadiego, Founder and CEO of Lumu. “Our new CISO report shares preparedness lessons and advice from some of today’s top cybersecurity leaders so that they can feel better equipped to handle potential threats.”

The top five lessons cybersecurity leaders have learned from leading their companies through security breaches include:

Preparation is Everything

Michael Coates, former CISO at Mozilla and Twitter, founder of Altitude Networks and current CISO at CoinList, is adamant that preparation is invaluable to ensuring that a security breach does not end in an egregious catastrophe. Coates encourages business leaders to create the breach now through tabletops or through simulated breaches, watch how their team responds and where things fall apart. This will enable them to know the things they would have wished they’d known before a breach really happens.

Don’t Underestimate the Ruthlessness of the Adversary

Fighting to deliver IT access to doctors serving 20,000 patients per day at the height of the COVID-19 pandemic, Rafaela França, former Head of Information Security at Mater Dei Hospital, founder of IT Advisory and co-founder of Ctrl Saúde, has learned that adversaries have no room for compassion and will always strike when businesses are most vulnerable. França advises leaders to have contingency plans ready, have strategies with redundancies, systemic monitoring, and an attack/defense map in place and be prepared to execute contingency plans and enter ‘war room’ mode. 

Communicate with Respect

Following the Sunburst attack on SolarWinds which brought the term “supply chain attack” to the forefront of cybersecurity, Tim Brown, CISO at SolarWinds, has learned the importance of clear communication. Brown advises that the more leaders communicate at the beginning and the more they communicate openly with customers, the better. Being the face of large-scale breaches and answering calls from the countries of the world requires a very different skill set than what most CISOs are accustomed to.

Be Humble

Márcio Sá, Founder and Security Strategist of Castle Security Services, former CISO of 2TM Group and former Head of Information Security at Localiza Rent a Car, has learned the value of humility after experiencing a ransomware attack. The incident response team needs to know about the limitations. “Understand that you don’t have full control and that the adversary has the advantage—in time and sometimes also in budget,” says Sá. “Understand that you will have to present the business risks and ask for help on many fronts.”

Notice the Patterns

Bret Hartman, Cybersecurity Lecturer at California Polytechnic State University, former VP & CTO at Cisco, former CTO of RSA and former CTO of Information Security at EMC, shares lessons from the 2011 RSA breach. Hartman wants leaders to “be paranoid” and have monitoring and visibility in place so that they can correctly measure their risk. He also advises having a plan in place to recover when something goes wrong. Hartman concludes that cybersecurity professionals need to focus on learning and continuous, incremental improvement so that future breaches can be stopped or mitigated.

To view the full findings of the CISOs’ Lessons from Security Breaches report please download:


About Lumu

Headquartered in Miami, Florida, Lumu is a cybersecurity company focused on helping enterprise organizations illuminate threats and isolate confirmed instances of compromise. Applying principles of Continuous Compromise Assessment, Lumu has built a powerful closed-loop, self-learning solution that helps security teams accelerate compromise detection, gain real-time visibility across their infrastructure, and close the breach detection gap from months to minutes. Learn more about how Lumu illuminates network blindspots at

Press Contact

Ciara DiVita
[email protected]

Share this post

Latest Public Reports