As the SEC action against SolarWinds’ CISO Timothy Brown and the DOJ’s conviction of Uber CISO Joe Sullivan demonstrate, there is a growing trend of finding CISOs personally liable for security failings. This article examines key aspects of the DOJ and SEC cases, and offers insights from attorneys at Paul Weiss, Perkins Coie, Freshfields and Ropes & Gray on the actions’ impact on the cybersecurity community and how CISOs can mitigate personal liability risk. See “Navigating SEC Cybersecurity Enforcement in a Post-SolarWinds World” (Nov. 15, 2023).