Our Chief Product Officer, William MacMillan, discussed with Politico’s Dana Nickel the importance of the CISA 2015 cybersecurity law and its treatment in the continuing resolution that ended the latest government shutdown.
MacMillan discussed the importance of retroactive protections for companies and critical infrastructure operators that continued to share cyber threat data during the shutdown. You can learn more about the conversation and the topic on Politico’s cybersecurity newsletter.
Andesite’s Chief Product Officer, William MacMillan, wrote an article for Security Management magazine about the lessons on change management that he learned as the CIA CISO.
“Organizational change management is inherently anxiety provoking. Focus that change management effort on cybersecurity and you’ve made a stressful, complicated task even more fraught…When you avoid the typical traps, build alignment, and act with conviction and consistency, success is possible. That was the situation I found myself in at the U.S. Central Intelligence Agency (CIA) in the early 2020s. These are the lessons drawn from that daunting but ultimately successful effort. “
“In many organizations, business leaders feel that cybersecurity is a drag on their productivity, and cybersecurity practitioners think that business leaders “don’t get it.” It doesn’t have to be this way. There are principles that can help leaders achieve alignment between cybersecurity and the organizational mission.
“A fundamental principle that should guide alignment is that cybersecurity risk and operational risk are indivisible. If this principle is violated, alignment is impossible.”
Carbaugh, a former CIA operative who was also part of the first U.S. team deployed to Afghanistan following the 9/11 attacks, was interviewed during Black Hat to talk about his perspective on some of the industry’s biggest challenges: rising AI-driven threats and a shrinking pool of skilled defenders.
Reflecting about his background, he explained, “I spent so much of my time focused on counterterror direct kinetic physical threats to the United States…But you realize playing out in the background all along are those cyber threats, that are persistent, that are coming every minute of the day.”
“The community here in Las Vegas has felt the impact of these attacks across a broad array of targets,” Carbaugh said. “It does highlight the importance of the conference, bringing together people to solve challenges, we’re all feeling it, this pressure.”
Our Chief Product Officer, William MacMillan, and Lucas Moody, SVP & CISO at Alteryx, joined the crew at HatchPad’s The Pair Program to discuss a pressing issue: SOC analysts burnout.
The conversation focused on how to reverse the skyrocketing burnout in SOC teams, and how AI can support rather than replace analysts. They emphasized the role of curiosity and creativity in modern cybersecurity and why junior analysts are essential to ensure a sustainable future for cyber defense.
MacMillan shared insights about the shift towards an AI-driven decision-layer built to empower analysts and what is next for Human-AI collaboration in cybersecurity.
GovCast interviewed Andesite Chief Product Officer William MacMillan to talk about the role of Human-AI collaboration in national security.
Artificial intelligence powers many cybersecurity applications, and government agencies are increasingly using AI to augment systems in national security and intelligence capacities. The complexities of AI implementation require careful architectural considerations and robust governance frameworks to ensure safe execution.
William MacMillan, former CISO at CIA and current chief product officer at Andesite AI, noted how AI holds tremendous potential to enhance efficiency and accuracy, particularly through “human in the loop” systems that manage vast amounts of data.
MacMillan also talks about the critical role of leadership in establishing international AI standards and the necessity of user training and human-AI collaboration for effective implementation.
At Andesite, we take AI security seriously. With our Safe AI Architecture™, we’ve built guardrails to protect customers’ networks and data. We use encryption at-rest, in-transit, and in-storage, and do not train our AI with customer data.
That’s why it made so much sense for us to sign CSA’s AI Trustworthy Pledge, a public commitment to develop and manage AI responsibly.
The Pledge emphasizes our dedication to AI safety best practices, and our alignment with the four core principles of trusted AI:
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products.
CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.
Andesite’s Chief Product Officer William MacMillan writes about how “despite massive investment in tools and technologies, many SOCs still find themselves overwhelmed by the very chaos they aim to control.”
“Analysts are drowning in data, jumping between disconnected tools, and trying to make sense of endless alerts. The result? An epidemic of burnout among the talented security professionals who are critical to keeping organizations safe.
“This has become particularly acute for state and local government security teams that must protect critical infrastructure and sensitive citizen data with typically smaller budgets and staff than their federal or private-sector counterparts.
“Despite this challenge, today we’re seeing states significantly increase cybersecurity investments, with initiatives like the proposed $88 million Cyber Command in Texas and New York’s enhanced cybersecurity funding for its Joint Security Operations Center.
“The root cause lies in a fundamental misconception about security operations. For decades, we’ve tried to impose rigid structure on inherently unstructured problems. Various products promised to bring order through centralization and automation. Instead, they often added layers of complexity, transforming threat hunting from finding a needle in a haystack to finding the right needle in a stack of needles.
Andesite is proud to announce that it has earned the Trusted Cloud Provider trustmark from the Cloud Security Alliance (CSA).
CSA is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products.
CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.
On Dark Reading, Andesite’s Chief Product Officer William MacMillan writes about how for too long, cybersecurity analysts have been treated as mere cogs in a machine and it’s time to change that and revolutionize security operations.
“In the battle against cyber threats, we’re losing our most vital asset: our people. While the industry fixates on the latest tools and technologies, security analysts are burning out, crushed under the weight of an impossible mission. This isn’t just a talent shortage, but an existential crisis threatening the future of cybersecurity defense. Until we prioritize supporting the humans at the heart of cyber operations, no tool or technology will be enough to keep us secure.
“Security operations centers (SOCs), the heart of cybersecurity, have become pressure cookers of burnout and frustration. The numbers tell a dire story: More than half of SOC analysts have considered leaving the field, and with them goes the institutional knowledge and expertise that take years to develop. Each departure is a victory for malicious actors, who know that even the most sophisticated tools are only as effective as the humans behind them.
Andesite’s Chief Product Officer William MacMillan argues on SC Media that so far the attempts to automate the Security Operations Center (SOC) have failed.
Almost 20 years since the rise of the SIEM, and 10 years after SOAR platforms first hit the market, SOCs are still struggling. Analysts are drowning in an “everywhere data” environment, struggling to interpret, prioritize, and respond to seemingly never-ending indicators as close as possible to the speed of threat. Many companies run more than 100 different security tools, forcing analysts to bounce between screens and portals, each with its own query language, while trying to piece together a cohesive investigative narrative. SOC leaders face mounting pressure to deliver on metrics and prove ROI on their growing security budgets.