Our Chief Product Officer, William MacMillan, discussed with Politico’s Dana Nickel the importance of the CISA 2015 cybersecurity law and its treatment in the continuing resolution that ended the latest government shutdown.
MacMillan discussed the importance of retroactive protections for companies and critical infrastructure operators that continued to share cyber threat data during the shutdown. You can learn more about the conversation and the topic on Politico’s cybersecurity newsletter.
Andesite’s Chief Product Officer, William MacMillan, wrote an article for Security Management magazine about the lessons on change management that he learned as the CIA CISO.
“Organizational change management is inherently anxiety provoking. Focus that change management effort on cybersecurity and you’ve made a stressful, complicated task even more fraught…When you avoid the typical traps, build alignment, and act with conviction and consistency, success is possible. That was the situation I found myself in at the U.S. Central Intelligence Agency (CIA) in the early 2020s. These are the lessons drawn from that daunting but ultimately successful effort. “
“In many organizations, business leaders feel that cybersecurity is a drag on their productivity, and cybersecurity practitioners think that business leaders “don’t get it.” It doesn’t have to be this way. There are principles that can help leaders achieve alignment between cybersecurity and the organizational mission.
“A fundamental principle that should guide alignment is that cybersecurity risk and operational risk are indivisible. If this principle is violated, alignment is impossible.”
Carbaugh, a former CIA operative who was also part of the first U.S. team deployed to Afghanistan following the 9/11 attacks, was interviewed during Black Hat to talk about his perspective on some of the industry’s biggest challenges: rising AI-driven threats and a shrinking pool of skilled defenders.
Reflecting about his background, he explained, “I spent so much of my time focused on counterterror direct kinetic physical threats to the United States…But you realize playing out in the background all along are those cyber threats, that are persistent, that are coming every minute of the day.”
“The community here in Las Vegas has felt the impact of these attacks across a broad array of targets,” Carbaugh said. “It does highlight the importance of the conference, bringing together people to solve challenges, we’re all feeling it, this pressure.”
Our Chief Product Officer, William MacMillan, and Lucas Moody, SVP & CISO at Alteryx, joined the crew at HatchPad’s The Pair Program to discuss a pressing issue: SOC analysts burnout.
The conversation focused on how to reverse the skyrocketing burnout in SOC teams, and how AI can support rather than replace analysts. They emphasized the role of curiosity and creativity in modern cybersecurity and why junior analysts are essential to ensure a sustainable future for cyber defense.
MacMillan shared insights about the shift towards an AI-driven decision-layer built to empower analysts and what is next for Human-AI collaboration in cybersecurity.
GovCast interviewed Andesite Chief Product Officer William MacMillan to talk about the role of Human-AI collaboration in national security.
Artificial intelligence powers many cybersecurity applications, and government agencies are increasingly using AI to augment systems in national security and intelligence capacities. The complexities of AI implementation require careful architectural considerations and robust governance frameworks to ensure safe execution.
William MacMillan, former CISO at CIA and current chief product officer at Andesite AI, noted how AI holds tremendous potential to enhance efficiency and accuracy, particularly through “human in the loop” systems that manage vast amounts of data.
MacMillan also talks about the critical role of leadership in establishing international AI standards and the necessity of user training and human-AI collaboration for effective implementation.
By Dave Brown, Head of Security and Compliance at Andesite
Building software that is secure by design is at the heart of what we at Andesite are passionate about – it’s the core of our mission and what we pursue as a security vendor. That’s why we proudly signed the CISA Secure by Design Pledge. From foundation to general availability, and since then, we have diligently worked through the Pledge goals to build security and compliance within our product.
We have developed an internal auditing process with over 450 continuous monitoring controls that constantly validate our work against the Pledge, and we’re proud to openly share that in our Trust Center. That is one of many measures we take to ensure built-in security, compliance, and privacy controls for our customers’ and their customers’ data and networks.
We are fully committed to implementing multi-factor authentication (MFA). Our Shared Security Responsibilities Matrix outlines that all customers must use their identity provider (IdP) with MFA as part of our commitment to security by default. We integrate with all major identity providers and require that 100% of our customers link their platform instance to their IdP and MFA. We also collaborate with our customers to facilitate the integration of their IdP and MFA during the onboarding process.
The customer is responsible for addressing default passwords, as we require them to use their identity provider and multi-factor authentication for administrator and user access to our platform. Our primary goal is to help reduce their risk by ensuring that they maintain user access through their chosen identity provider and meet multi-factor authentication requirements.
We have made tremendous progress by implementing tools to address vulnerabilities in our systems at three stages. This includes Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST). These tools enable us to identify vulnerabilities throughout our development, staging, and production phases.
Additionally, twice a year we undergo penetration testing and artificial intelligence assessments to ensure our AI systems’ strong security, compliance, and trustworthiness. We have also partnered with a security company specialized in attack resistance management, continuous assessment, and process enhancement for our Bug Bounty program.
Looking ahead, we are committed to developing a vulnerability notification program for our customers, which will include information on Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) as part of our comprehensive application security (AppSec) strategy.
As our Shared Security Responsibility Matrix outlines, we are responsible for security patching. We conduct quarterly Approved Scan Vendor (ASV) scans and assessments to prepare for the Payment Card Industry Data Security Standard (PCI DSS). Customers who self-manage our product are responsible for all security patches on those systems.
Customer notifications are an essential part of our Incident Response Plan. For confirmed or suspected security incidents, we will collaborate with our customers in good faith to provide the necessary logging to support incident response efforts and meet any regulatory requirements to which the customer must adhere. Customers are fully responsible for evidence of intrusion, logging, or user access, and for providing their IdP with the credentials required for access to their Andesite single-tenant instance.
Andesite’s Chief Product Officer William MacMillan writes about how “despite massive investment in tools and technologies, many SOCs still find themselves overwhelmed by the very chaos they aim to control.”
“Analysts are drowning in data, jumping between disconnected tools, and trying to make sense of endless alerts. The result? An epidemic of burnout among the talented security professionals who are critical to keeping organizations safe.
“This has become particularly acute for state and local government security teams that must protect critical infrastructure and sensitive citizen data with typically smaller budgets and staff than their federal or private-sector counterparts.
“Despite this challenge, today we’re seeing states significantly increase cybersecurity investments, with initiatives like the proposed $88 million Cyber Command in Texas and New York’s enhanced cybersecurity funding for its Joint Security Operations Center.
“The root cause lies in a fundamental misconception about security operations. For decades, we’ve tried to impose rigid structure on inherently unstructured problems. Various products promised to bring order through centralization and automation. Instead, they often added layers of complexity, transforming threat hunting from finding a needle in a haystack to finding the right needle in a stack of needles.
On Dark Reading, Andesite’s Chief Product Officer William MacMillan writes about how for too long, cybersecurity analysts have been treated as mere cogs in a machine and it’s time to change that and revolutionize security operations.
“In the battle against cyber threats, we’re losing our most vital asset: our people. While the industry fixates on the latest tools and technologies, security analysts are burning out, crushed under the weight of an impossible mission. This isn’t just a talent shortage, but an existential crisis threatening the future of cybersecurity defense. Until we prioritize supporting the humans at the heart of cyber operations, no tool or technology will be enough to keep us secure.
“Security operations centers (SOCs), the heart of cybersecurity, have become pressure cookers of burnout and frustration. The numbers tell a dire story: More than half of SOC analysts have considered leaving the field, and with them goes the institutional knowledge and expertise that take years to develop. Each departure is a victory for malicious actors, who know that even the most sophisticated tools are only as effective as the humans behind them.
Andesite’s Chief Product Officer William MacMillan argues on SC Media that so far the attempts to automate the Security Operations Center (SOC) have failed.
Almost 20 years since the rise of the SIEM, and 10 years after SOAR platforms first hit the market, SOCs are still struggling. Analysts are drowning in an “everywhere data” environment, struggling to interpret, prioritize, and respond to seemingly never-ending indicators as close as possible to the speed of threat. Many companies run more than 100 different security tools, forcing analysts to bounce between screens and portals, each with its own query language, while trying to piece together a cohesive investigative narrative. SOC leaders face mounting pressure to deliver on metrics and prove ROI on their growing security budgets.
A massive system outage disrupted systems around the world, grounding flights, disrupting health care, transport and logistics, banking services and critical infrastructure.
The issue hit computers running Microsoft Windows operating system and CrowdStrike software.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” the company said in a release.
“We’re working around the clock and providing ongoing updates and support. Additionally, CrowdStrike has helped us develop a scalable solution that will help Microsoft’s Azure infrastructure accelerate a fix for CrowdStrike’s faulty update,” Microsoft said in a blog post authored by David Weston, vice president, Enterprise and OS Security.
The outage was only limited to computers running Microsoft’s operating system.
Machines running Mac and Linux system software have not been affected, according to CrowdStrike.