“Brian Carbaugh spent years living and traveling abroad in a variety of alias personas as a CIA officer. Now he’s fronting investor meetings and raising capital as CEO of Andesite, a Virginia-based data analytics startup, one of several recently retired spies taking their field experience from the CIA to the C-suite.”
The article is a great read on the stories of former agents who served in the frontlines and are now building the technology they wished they had in the field.
Brian was also interviewed on Bloomberg TV to talk about the article and his journey from the frontlines to founding and leading Andesite. Watch the interview:
Enterprise organizations are dealing with an unprecedented volume of increasingly dense and complex data. SecOps teams must determine the best way to collect, organize, and use that data so they can identify, prioritize, and respond to threats efficiently and effectively.
The lack of data management solutions that are both scalable and cost-effective often leads to a trade-off between visibility, latency, and costs. To optimize data architecture for SecOps, organizations need to re-think their approach to data storage, management, and access, and consider moving to a modern, modular stack.
In my conversations with security leaders, many are frustrated with how much their SIEM costs but continue to pay because they don’t see another easily manageable path to reduce risk. However, modern data architectures and AI technology make it possible to break out of this cycle.
The Problem with Legacy Solutions
For cybersecurity, data architecture involves the underlying framework for how data is collected, managed, and used. Building a robust architecture requires solid understanding of the ways data from a multitude of sources will be used for analytics and decision-making. It cannot be optimized in isolation from these needs.
A primary SecOps challenge is the proliferation of products that were developed when data was much less complex. Attacks were also less sophisticated — for example, living-off-the-land techniques involving persistent threats over time only became prevalent a decade ago. Our industry has favored and incentivized point-products with targeted solutions, leading to further data sprawl. But attacks that span long periods of time or involve lateral movement are incredibly difficult to track with simple point solutions that don’t connect the data.
Twenty years ago, the standard way to collect and analyze large volumes of data was through a relational database architecture, often managed by a database admin (DBA). Lacking the resources to tailor these complex solutions precisely, many organizations opted for SIEMs that can both store data and act as an analyst interface.
SIEMs were initially created to review application data logs. Over time, we started filtering additional types of data through them. But traditional SIEMS are not highly scalable, certainly not in a cost-effective way.
While the SIEM is still widely used, the data realities it was architected for are outdated. Today’s SOC needs vastly exceed basic log storage. Continuing to use a single, simplified architecture leads to prohibitively high costs, which forces the inevitable trade-off between access to broader insights vs. the costs of managing that data.
Delayed migration to better systems due to cost and change management fears causes further trade-offs between storage methods, query latency, and volume. This requires the architecture to be tailored to various use cases — for example, low-latency BI dashboards or high-latency bulk data science analysis. Many CISOs choose what data to stream into systems based on cost, which may increase risk. However, without the ability to quantify that risk, they are essentially flying blind.
The bottom line: while the SIEM may still be the best solution for collecting, organizing, and using some data, especially medium scale event logs, it falls short of what’s needed for SecOps today.
Building a Layered Architecture
The difficulty separating bodies of security analysis work leads to an indiscriminate single data store model. To overcome scalability and cost issues, we have to separate data architecture from the tools and analytics using the data, which tend to be closely coupled.
Modern tech stacks separate the data warehouse and analytical layer to consider who or what analyzes the data — machines, algorithms, or humans. Large organizations are adopting a layered approach, with architecture that federates data across the organization.
Another way to think about this is as a “satellite” model, combining small and large systems with many “satellites” of data orbiting around them. Different data can be filtered into different solutions, depending on what type of analysis you’re performing.
For example, if triaging a single alert in near real time, you need immediate access to a small amount of data across multiple tools all at once. When looking for attacks spanning a long timeframe, you could sacrifice some analysis speed for data completeness. Perhaps you want to correlate logs from today with emails, asset inventory, or other data points to answer complex “who” questions. This can’t be easily done in one system and may require additional ways to relate all of the data. Yet another challenge might be evaluating alert and resolution patterns to understand how to optimize detection.
Supporting all of these functions well requires a layered architecture that lends itself to each kind of analysis. You’ll also want to optimize schemas, aggregations, and other variables as you scale. A modern approach to data architecture includes all of these systems as well as whatever solution connects them, allowing more granular management of data movement and access. This is how organizations can solve for storage costs without trading off query latency or data volumes.
A Modular Approach
The shift to a more modular framework is a natural progression. With data coming from so many different places, it makes sense to use multiple specialized systems. However, it’s not an easy transition. Even at the largest, most sophisticated companies, designing such complex, multi-layered data systems is demanding — creating a significant security challenge.
Companies that package a single data platform and sell it as a product lack the flexibility to meet different needs. Solutions that excel at simple data analysis on a massive scale may work well for easy tasks but are less adept at advanced analysis at reasonable scale and cost. Some products are optimized for horizontal scaling by adding more machines, while others may be fundamentally superior in efficiently storing and processing data but have poor accessibility.
Compounding this complexity is a growing need to analyze data at, or closer to, the edge, in real time, without waiting for log ingestion. Some solutions address this by determining which data is and isn’t worth capturing. By doing more work at the point of data creation, you can bring less data into the central systems for analysis.
The Path Forward: Modern Data Architecture, A Proactive Approach
Cybersecurity has so far been bad at asking better questions of data, resorting to primitive and use-case-dependent analytics like simple rule matching, probably due to the difficulty of making advanced analytics repeatable for scaling SOC operations. To overcome critical challenges, we must focus on how to use data for better protection and response while also shifting from a reactive stance to being more proactive and protective — both of which start with better data architecture.
Adopting a modern, modular approach to data architecture with a single security-centric decision layer on top empowers analysts to manage and access data more efficiently and effectively, without prohibitive costs or scalability issues.
About Alex Thaman
Over a 20+ year career, Alex has been an engineering leader at Microsoft, Unity Software, and Scale AI. At Microsoft, Alex worked on compiler technologies before transitioning to AI. He helped develop Xbox Kinect, Hololens, and Microsoft’s Speech platform. As Chief Architect and Manager for Computer Vision at Unity Software, he developed and led an engineering and product team that worked to simplify the creation of synthetic data to train and test computer vision models. Alex holds a BS with a double major in Computer Science and Math from Purdue University.
Andesite Partners with Second Front Systems to Deliver the Human-AI SOC to U.S. Department of War
The partnership fulfills a cornerstone of Andesite’s mission to protect those who protect others.
MCLEAN, Va., Feb. 10, 2025 — The Department of War and allied government agencies now can deploy advanced Human-Artificial Intelligence (AI) Security Operations Center (SOC) technologies after a new partnership between Andesite AI (Andesite) and Second Front Systems (2F).
Andesite’s Human-AI SOC will be available through 2F Game Warden, Second Front’s DevSecOps platform built to accelerate authorization and deployment across U.S. and allied government environments. The partnership gives government users a faster, authorized way to deploy Andesite’s best-in-class AI security capabilities into real-world operations.
“Andesite was founded by leaders who spent decades operating in environments where trust and security are non-negotiable,” said Brian Carbaugh, Co-Founder and CEO at Andesite. “That experience inspired us to build solutions that support and empower those who protect others. We are honored to partner with Second Front to strengthen AI security capabilities across the public sector.”
Andesite’s bona fides were further bolstered recently as the company secured a strategic investment from IQT, the not-for-profit strategic investor for the U.S. national security community and America’s allies.
“Andesite offers a unique capability built by a diverse team of national security, cybersecurity, AI, and data experts,” said Grant Whiting, Partner, Investments at IQT. “Their solution can help improve national security and keep America one step ahead of its adversaries.”
Andesite’s Human-AI SOC technology empowers cybersecurity and national security teams with actionable insights that matter most to their organization’s risk profile. It accelerates time to detect, investigate, and respond while connecting data silos and reducing inefficiencies across data sources, tools, and platforms in the security ecosystem.
“AI doesn’t win missions—deployed AI does,” said Mamie Cruse, Chief Mission Officer at Second Front. “This partnership reflects our commitment to delivering advanced AI capabilities to government operators through secure, compliant, and mission-ready deployment paths.”
From inception, Andesite has built a security, trust and safety program that permeates all of its practices. Andesite’s Safe AI Architecture™ protects customer data, applications, and networks with end-to-end encryption, no extract, transform, and load (ETL) requirements, and the assurance that their AI is not trained with customers’ data.
Andesite has achieved FedRAMP High In-Process and recently completed its SOC 2 Type II audit, HITRUST e1, and ISO 27001, 27701, and 42001 certifications.
To learn more about Andesite and schedule a demo, visit andesite.ai.
About Andesite Andesite’s Human-AI SOC empowers cybersecurity teams with the actionable insights they need to make critical decisions, assess threats, and determine risk levels. It enables them to conduct and automate investigations and enrichment, manage high-volume alerts and process threat intelligence reports in minutes. Andesite’s AI technology connects silos and reduces inefficiencies across data sources, tools and platforms in their security ecosystem, helping SOC teams to accelerate time to detect, investigate and respond. Before Andesite, the company leaders and founders spent decades protecting our nation and some of the largest enterprises on the planet against sophisticated adversaries. Andesite embodies their sense of mission and commitment to develop security products that empower those who work protecting others.
About Second Front Systems Second Front Systems (2F) is a public-benefit software company powering software for the free world. We eliminate the friction that slows innovation, enabling faster, more secure development and deployment of software across government and regulated networks. Built by national security veterans and backed by top-tier venture capital, our platform is trusted by the world’s leading organizations to cut deployment timelines from years to weeks. We move fast, solve hard problems, and deliver trusted capabilities where they’re needed most. Our work strengthens global security and gives the United States and its allies a lasting competitive advantage. Learn more at secondfront.com.
To gain perspective on the effects of AI in cyber defense, we have partnered with 451 Research by S&P Global Market Intelligence to publish a Business Impact Brief analyzing the state of the Security Operations Center (SOC) and the impact of AI on its evolution.
The brief is based on the 451 Research Voice of the Enterprise: Information Security survey, which tracks security professionals across industries since 2020. The survey found that on average, security teams are unable to investigate 45% of the alerts they receive each day. For 18% of the organizations, 75% of the alerts received go uninvestigated.
The brief analyzes the challenges security teams are facing in the AI-driven threat landscape and assesses the potential business impact of AI SOC solutions across a range of factors, including threat detection, agent-driven remediation, and newly accessible use cases. It also includes predictions for how both attacks and responses will evolve in the near future and how AI will help to transform the role of SOC analysts.
The 451 Research Voice of the Enterprise: Information Security survey has found out that SOC teams are unable to investigate 45% of the security analytics alerts they receive each day.
Adversaries are using AI to accelerate and rapidly scale attacks, creating significant challenges for security operations teams. As cyber threats proliferate and take a multitude of forms, the volume of data has left many teams experiencing alert fatigue, which poses a major security risk.
SOC analysts need the ability to quickly review and assess unstructured data from a variety of sources, without moving or reshaping it. Many security teams are seeking to establish a robust data foundation, or data fabric, which allows analysts to identify, triage, and prioritize the most high-risk threats before they inflict damage.
According to 451 Research, deploying advanced AI-powered systems and data solutions in the SOC is essential to create a single, governed source of truth. Ensuring universal data access enables analysts to automate mundane, repetitive tasks and use their experience, expertise, and contextual awareness to keep the organization safe.
Andesite Achieves FedRAMP High “In Process” Designation
Andesite is one step closer to being FedRAMP Authorized and is now available in the federal marketplace
MCLEAN, Va., Jan. 23, 2025 – Andesite, the Human-AI SOC company, today announced that it has achieved the Federal Risk and Authorization Management Program (FedRAMP) High Impact Level “In Process” designation, officially joining the FedRAMP Marketplace. This milestone reflects Andesite’s commitment to working with federal agencies to secure mission-critical assets and drive cyber resilience to better serve American citizens.
The “In Process” designation requires formal sponsorship by a federal agency and a thorough assessment conducted by an accredited third-party organization. Andesite is working toward full FedRAMP Authorized status, the highest security and compliance standard for civilian and federal agencies.
“Founded by former intelligence and military leaders, Andesite is rooted in a deep commitment to protecting those who protect others,” said Dave Brown, CISO & CIO at Andesite. “We are honored to bring Andesite’s security solutions to the federal marketplace, empowering those on the frontlines with the insights they need to secure critical infrastructure. We thank our partners who have helped us achieve this significant milestone and look forward to achieving full FedRAMP authorization.”
Andesite’s Human-AI SOC is designed to support cybersecurity teams with actionable insights that matter to their organization’s risk profile. The product automates investigation and enrichment, manages high-volume alerts and threat intelligence, and accelerates time to detect, investigate, and respond, while keeping humans responsible for decisions and outcomes.
Andesite is secure and compliant by design. From inception, the company has built a security, trust and safety program that permeates all of its practices. Security is at the core of Andesite’s Human-AI SOC product. Their Safe AI Architecture™ protects customers’ data, applications, and networks with end-to-end encryption, no extract, transform, and load (ETL) requirements, and assurance that their AI is not trained on customers’ data.
This recognition from FedRAMP builds on Andesite’s industry-leading security and compliance achievements. It recently achieved HITRUST, SOC 2 Type II, and ISO 27001, 27701, and 42001 certifications. Together, these assessments reflect a consistent approach to security and responsible AI governance across the company’s technology and operations.
To learn more about Andesite and schedule a demo, visit andesite.ai.
About Andesite
Andesite’s Human-AI SOC empowers cybersecurity teams with the actionable insights they need to make critical decisions, assess threats, and determine risk levels. It enables them to conduct and automate investigations and enrichment, manage high-volume alerts and process threat intelligence reports in minutes. Andesite’s AI technology connects silos and reduces inefficiencies across data sources, tools and platforms in their security ecosystem, helping SOC teams to accelerate time to detect, investigate and respond. Before Andesite, the company leaders and founders spent decades protecting our nation and some of the largest enterprises on the planet against sophisticated adversaries. Andesite embodies their sense of mission and commitment to develop security products that empower those who work protecting others.
What’s Next for AI-Powered Cybersecurity – Insights From Andesite Leaders and Advisors
While AI-powered cybersecurity redefines our field and the broader landscape is impacted by geopolitical conflicts and world events, the industry needs to revisit strategies and rules of engagement.
At Andesite, we are dedicated to arming cybersecurity teams with actionable insights that put humans at the helm, enabling them to make critical decisions, and build a sustainable advantage based on prevention rather than reaction. To help you stay one step ahead, we gathered Andesite’s leaders and advisors to get their insights on where security technology for the enterprise market is going.
“Investigation timelines for SOC teams that embrace AI SOC tech will accelerate dramatically, shifting the focus from investigation speed to investigation quality.”
— William MacMillan, Chief Product Officer, Andesite
To prepare for what’s next and empower your team to assess risk and make critical decisions, tap into strategic insights from seasoned security experts who’ve served global organizations including the CIA, Microsoft, JP Morgan Chase, CrowdStrike, and AWS.
Expert insights from security leaders:
William MacMillan Chief Product Officer, Andesite
Greg Rattray Chief Strategy and Risk Officer, Andesite
Andesite, The Human-AI SOC Company, Achieves HITRUST e1 and AI Security Certifications Demonstrating Commitment to Cybersecurity and Information Protection
Andesite’s Secure and Compliant by Design Framework Continues to Meet the Highest Standards for Security, Privacy and AI Governance.
MCLEAN, Va., Jan. 13, 2026 – Andesite, the Human-AI SOC Company, today announced that its Human-AI Security Operations Center (SOC) has earned certified status from HITRUST for cybersecurity and information protection.
The HITRUST Certification demonstrates that Andesite has met requirements defined by leading cybersecurity and regulatory frameworks, confirming that strong controls are in place to protect sensitive data and manage risk effectively.
The certification also includes the HITRUST AI Security Certification, which validates that the organization’s AI systems are safeguarded against AI-specific threats such as data poisoning, model inversion, and prompt injection.
“Security and regulatory compliance by design is purposely built into Andesite’s foundation,” said Dave Brown, CISO & CIO at Andesite. “Achieving HITRUST Certification reflects the rigor behind how we build and operate at Andesite. It demonstrates that our approach to security, risk management, and information protection is grounded in independently validated controls and designed for organizations with serious security requirements.”
Built on the HITRUST Assurance Program, this achievement reflects independent third-party testing, centralized quality assurance, and certification backed by HITRUST’s Cyber Threat-Adaptive engine. These elements ensure continuous alignment with the latest threat intelligence and evolving standards across NIST, ISO, and OWASP.
“Earning HITRUST Certification demonstrates Andesite’s commitment to managing information risk and protecting sensitive data through a rigorous, proven assurance process,” said Gregory Webb, CEO of HITRUST. “This achievement reflects the organization’s proactive approach to cybersecurity and trust.”
From inception, Andesite has built a security, trust and safety program that permeates all of its practices. Security is at the core of Andesite’s Human-AI SOC product. Their Safe AI Architecture™ protects customer’s data, applications, and network with end-to-end encryption, no extract, transform, and load (ETL) requirements, and the assurance that their AI is not trained with customers’ data.
Andesite recently completed its SOC 2 Type II audit and ISO 27001, 27701, and 42001 certifications. The company is one of the world’s earliest adopters of all three ISO certifications.
To learn more about Andesite and schedule a demo, visit andesite.ai.
About Andesite
Andesite’s Human-AI SOC empowers cybersecurity teams with the actionable insights they need to make critical decisions, assess threats, and determine risk levels. It enables them to conduct and automate investigations and enrichment, manage high-volume alerts and process threat intelligence reports in minutes. Andesite’s AI technology connects silos and reduces inefficiencies across data sources, tools and platforms in their security ecosystem, helping SOC teams to accelerate time to detect, investigate and respond. Before Andesite, the company leaders and founders spent decades protecting our nation and some of the largest enterprises on the planet against sophisticated adversaries. Andesite embodies their sense of mission and commitment to develop security products that empower those who work protecting others.
As we head into the holidays, we want to thank the cyber leaders and teams doing the hard work of defending critical assets every day.
We’re grateful for this community—and excited for the conversations, dinners, and thought-leadership moments ahead as we continue building a more resilient future, with humans at the helm.
Andesite CEO Brian Carbaugh talks about SecOps and leadership on CyberBytes: The Podcast
Our CEO Brian Carbaugh met with Aspiron’s Oliver Legg to discuss his career from CIA Chief of Staff to Bionic AI SOC startup founder. They talked about how a career in intelligence shaped Brian’s approach to leadership, risk, and company-building, the principles and special sauce that make Andesite unique in the category.
The conversation delves on how Andesite is taking a contrarian stance on AI in the SOC by putting analysts, not automation, at the center, and how the “replace the analyst” narrative gets it wrong.
They talk about how crowded the AI SOC field has become and look at differentiators beyond the hype. Brian explains why he chose a company-builder and foundry model over traditional venture funding and why Andesite has invested on security and compliance from day one.
Introducing the Andesite AI SOC Buyer’s Guide 2026
Cybersecurity today is a veritable minefield, with bad actors moving faster than ever and threats becoming increasingly sophisticated, numerous, and far-ranging. The attack surface is constantly growing, and so is the sheer volume of threats encountered across the network each day. Keeping up with threat detection, investigation, and response in this environment can overwhelm even the most experienced security teams, armed with top-rated tools.
Enter the AI SOC.
With AI transforming the way we work across virtually every sector, applying machine speed and accuracy to the Security Operations Center (SOC) has the potential to revolutionize the way security organizations identify, triage, and respond to threats. Enterprises everywhere are recognizing this potential—and as a result, the emerging AI SOC market is crowded. With new players entering the field all the time, this space is evolving almost as quickly as the cybersecurity landscape itself.
Taken at face value, many of these AI SOC solutions appear comparable, often offering the same set of core features and all promising to deliver outstanding results. However, if you’re looking to arm your security team with the best possible system to reduce risk and stay ahead of threats, you need a more granular idea of what to look for in an AI SOC vendor—and which factors will set the right solution apart from the ever-expanding crowd. The goal should be to give your SOC a tool that allows them to be proactive about threat detection and prevention, rather than always playing catch up.
Help Decision-Makers Sift Through the Noise
With so many products to choose from, even seasoned CISOs and other decision-makers may find it difficult to know where to invest to address the pain points their organization is facing today while also building a future-focused cyber defense. What’s the smartest approach to figure out which vendor is best suited to your organization’s unique needs, and whether or not an off-the-shelf solution might be the best option? Even knowing where to start can be a challenge.
To help you find the right AI SOC for your team, we’ve put together a buyer’s guide, designed to help CISOs and security teams determine how various AI vendors stack up—and land on the best possible solution. By laying out a clear set of questions to ask, with in-depth insights about the various answers you might encounter, this guide gives you a better understanding of the key factors and functions to consider so you can decide how well they will fit with your needs, goals, and current configuration.
For example, some AI solutions are fully autonomous, meaning the machine does everything, while others keep humans in the loop. What’s the difference in both how they operate and what kind of results they deliver? What are the advantages of each? How about potential drawbacks? Get the guide and we’ll walk you through it.
Other topics we cover include product adaptability, timeliness and actionability of insights, and how products process threat intelligence, including unstructured data and other enrichment sources. As experts in cybersecurity, passionate technologists, and experienced product builders, we’re sharing our unique perspective with the goal of empowering the teams who protect others from sophisticated attackers and adversaries. Use it to elevate your security team and reduce risk exposure by investing in the right AI vendor.
Give your security organization a clear, step-by-step process for assessing and comparing AI SOC vendors, including a handy checklist to pull it all together and help you make the right choice. Download the The AI SOC Buyer’s Guide 2026 and use it to identify the best AI SOC solution for your unique needs, not just for today but far into the future.
