The Safety Interviews: Mick Baccio, Splunk
Lots of people wrestle to pronounce the title of American politician Pete Buttigieg. When Mick Baccio, now world safety advisor at Splunk SURGe and Cisco Basis AI, went to work for him in a earlier life, it was helpfully spelled out in massive letters on the workplace wall. Buttigieg says it ‘Boot-edge-edge’, for those who had been questioning.
“I used to be like, oh that’s intelligent, thanks for that,” says Baccio. “I’m going to satisfy the person in a second, I ought to know this!”
A former US Navy Reserve intelligence officer who started his political profession because the mayor of South Bend in Indiana, Buttigieg served as secretary of transportation through the administration of US president Joe Biden, from 2021 to 2025.
Nonetheless, earlier than that, he had a tilt on the White Home himself, working a main marketing campaign that gained within the state of Iowa, earlier than he dropped out initially of March 2020 because the Democrats rallied behind Biden.
It was on this marketing campaign that Baccio met Buttigieg, and in dialog with Laptop Weekly, he displays on the expertise of bootstrapping cyber safety for a US presidential marketing campaign.
Baccio admits he was sceptical about taking the gig at first, having simply escaped Washington DC himself after serving as a menace intelligence skilled for the Government Workplace of the President underneath each Barack Obama and Donald Trump.
“I bought a name at some point. They stated, ‘Hey, do you wish to come be CISO [chief information security officer] for the Buttigieg marketing campaign?’ I stated ‘no’. I used to be like, ‘I’m good’,” he says.
“While you take a look at a political marketing campaign in the USA, win or lose, you’re going to be unemployed in November.”
Somebody will need to have stored on at him, as a result of the report exhibits he took the job, and although “president Buttigieg” didn’t take the job, Baccio has no regrets about his decisions.
“It’s probably the most enjoyable you’ll have,” he says. “The closest factor to a political marketing campaign, I believe, is a startup, however a marketing campaign is a most original organisation as a result of it’s a non-profit funded fully by donations and its sole goal is to elect your mascot.
“Now, I say mascot not in a imply method, however secretary Buttigieg was not concerned in day-to-day operations. He didn’t run issues within the marketing campaign – he was the marketing campaign. He’s not even the CEO, he’s who we’re – we’re Pete for America.”
In such a marketing campaign, the position of CISO takes on a essentially totally different side, says Baccio. To start out with, most marketing campaign staffers are volunteers, or of their first or second jobs after college. “Most of them don’t even know what a CISO is. I needed to clarify that so much, why I used to be there and what I used to be doing – educating of us the right way to ‘do the cybers’,” says Baccio.
Such a marketing campaign faces challenges that giant organisations with safety budgets and supportive boards don’t. For one factor, each greenback {that a} political marketing campaign spends on one thing like cyber safety, workplace furnishings, or espresso and doughnuts is a greenback it isn’t spending on successful votes, so Baccio rapidly discovered he needed to function lean and function cheaply.
However regardless of what tales of Russian espionage and interference in US election cycles would possibly lead you to imagine, the marketing campaign confronted a menace setting very like any odd enterprise.
“I believe one of the crucial under-appreciated menace vectors is simply plain outdated fraud and enterprise electronic mail compromise,” says Baccio.
“It is a $100bn a 12 months business, and we speak so much concerning the agentic AI [artificial intelligence] menace, polymorphic-enabled malware, APT [advanced persistent threat], blah blah blah – all people needs it to be that, however it’s typically fraud,” he provides.
“I by no means underestimate of us who’re simply attempting to do their job. In case your job is to course of invoices, it’s all you do all day, for those who get a PDF labelled ‘bill’ you’re going to open it. Fraud is a much bigger drawback than any APT or AI assault, however I don’t assume it’s attractive sufficient to get column inches.”
5 a day
Certainly, an often-neglected safety message, and one Splunk is eager to repeat, is the significance of consuming your cyber greens – that’s to say, nailing the fundamentals.
Having pushed round this block a number of occasions over time, Baccio thinks these greens account for not less than the underside third of the cyber meals pyramid.
“ you’re alleged to drink numerous water, you’re alleged to eat numerous inexperienced issues, and for those who don’t, your physique displays that,” says Baccio. “And you recognize you’re alleged to MFA [multifactor authenticate] all of the issues, you recognize you’re alleged to section your community, you recognize you’re alleged to patch your issues – and for those who don’t, your community will get popped.
“I’m not saying do all these items and also you’ll be okay, I’m saying do all these items and also you’ll be in a greater place.
“Hackers don’t hack the cloud, they log in. They’ve already purchased these credentials from an entry dealer. They’re not hacking something. But when I’ve phishing-resistant MFA obtainable to me, they may not have the ability to log in, the account takeover gained’t occur, and the remainder of the cyber assault modifications going ahead. So it’s these issues that I believe go an extended, great distance in the direction of elevating that general bar.”
Blue collar for the blue staff
Splunk SURGe was set as much as assist defenders sort out real-world issues that they face right this moment, with a mixture of actionable steerage, in-depth evaluation on cyber points and sensible options throughout fast-moving safety panics. Consider its output as a cyber buffet with glorious vegetarian choices.
SURGe had its genesis throughout one of many “headless rooster” moments, when unit founder Ryan Kovar was poring over varied Slack teams one night and noticed a number of chatter surrounding an obvious SolarWinds compromise – heralding the now legendary Sunburst/Solorigate incident.
Within the wake of this, Kovar realised there was an enormous hole in Splunk’s providing, in that the corporate had fairly good tech and processes when it got here to making use of information science to safety, however wasn’t so scorching at reducing via to the human aspect of issues.
In brief, it wasn’t being holistic sufficient.
That stated, Kovar – in his personal phrases – “wasn’t certain the world wanted one more safety vendor analysis staff”, so he shaped SURGe to be a sensible useful resource for customers, or “blue collar for the blue staff”.
Baccio was intimately concerned within the unit’s creation – Kovar credit him with developing with the “blue collar” line – and a number of other years down the road, he nonetheless spends a number of time serving to Splunk’s clients make sense of the safety panorama via blogs and different types of outreach, in addition to taking part in a daily collection, Espresso speak with SURGe.
He displays: “I’m actually fortunate that I used to be within the Buttigieg marketing campaign, that I used to be on the White Home previous to that, the Pentagon, HHS [the Department of Health and Human Services], the CDC [Centre for Disease Control], and I’m now capable of take all of that have and produce it into SURGe and say, ‘These are the safety issues I’ve seen in my profession – that is what I imagine individuals need’.”
Menace intel on the foundations of AI
Nonetheless, since July 2025, SURGe’s core mission has modified considerably, after it transitioned to work inside Cisco Basis AI, a brand new initiative by Splunk’s network-centric dad or mum that’s creating open-weight, security-specific AI fashions.
In April 2025, Basis AI launched Basis-sec-8b, an eight-billion-parameter massive language mannequin (LLM) expressly designed to allow safety groups to work quicker, act extra exactly and scale their operations with out compromise.
You would possibly moderately marvel what a menace intelligence unit is doing leaping into mattress with a bunch of LLM builders. Baccio himself declares he was shocked when it occurred, however now he thinks it might be the neatest transfer Cisco has made since buying Splunk.
He characterises it as bringing SURGe’s collective expertise as a steward of menace intelligence and a trusted advisor to clients to bear on a extremely technical discipline and construct AI instruments that truly assist safety groups.
The appearance of agentic AI previously 12 to 18 months helps drive this narrative ahead, says Baccio, and makes the promise of AI extra actual, not less than in comparison with the place it was a few years in the past.
“If I throw generalised AI at a cyber drawback, it’s not going to be nice. But when I constructed a really particular mannequin to do a really particular factor, then, yeah, that’s what I needed a 12 months in the past if you offered me this AI hype,” he says. “Agentic is concentrated on one process, and it’s going to do it rather well, however don’t ask it to do anything.”
He cites the work of his colleague Shannon Davis, a principal AI researcher at Basis AI, as a working example. Davis created a device known as PLoB – standing for post-logon behaviour – to assist detect intrusions instantaneously.
“To my level the place you don’t hack the cloud, you simply log in, after you may have executed so, PLoB detects all of the exercise that you just’re doing and can have the ability to say, ‘It is a malicious actor’ or ‘That is simply Mick from analysis’,” he says.
“With the ability to try this at machine pace is one thing we’re going to need to lean into extra if you take into consideration API calls, non-human identities, and all these items we’re introducing to the Rube Goldberg machine of the web.
“Studying how agentic is utilized turns into vital,” says Baccio as he seems to be forward. “We’ve some stuff happening within the background that I can’t communicate to, however we’re actively working collectively to brainstorm concepts and construct these items to assist transfer that Sisyphean safety rock additional up the hill. I’m enthusiastic about that. We’re going to assist to maintain somebody’s safety programme just a little safer.”
