When cybersecurity becomes a personal matter

Cybersecurity becomes almost a personal matter when you're working in a war zone and information superiority is a must.

Cybersecurity becomes almost a personal matter when you’re working in a war zone and information superiority is a must. My next guest spent 14 months in Afghanistan before the U.S. withdrawal. The retired Navy captain is now CEO of Coalfire, a cybersecurity company. Tom McAndrew joins the Federal Drive with Tom Temin.

Interview Transcript: 

Tom Temin  And you’ve kind of pivoted back and forth between industry and as a reservist who reserve became much less of a potential and more of a reality sound like.

Tom McAndrew Yeah, it was interesting. I think most people aren’t aware of the way that the world works. But a huge part of our military force are made of reservists National Guardsmen that have everyday jobs, and then answer the call to go our nation asked me and I have the great privilege of being a Navy reservists and being sent back out to the Middle East for about right about over 400 Day deployment, which was interesting to say the least. But it was great, great experience, and I’m happy to share it here.

Tom Temin Yeah, that’s more than a weekend or a couple of weeks, 400 days. And what did you do over there?

Tom McAndrew   very, actually, I was very lucky I, I got sent over there. And, you know, when you show up, the way it works is there’s requirements. But then there’s also the needs of what’s going on there. And at the time, when I showed up there, there’s a big need on unmanned systems and AI. So, as we worked with a lot of the partner nations that we had out there, they were very interested in unmanned capabilities and getting more information. And so, this, this idea came up of creating what we call what end up being Taskforce 59, which is the Navy’s first forward deployed unmanned task force that focused on unmanned systems and AI integration. And so, it was great to be kind of an entrepreneur and like working with startups and kind of doing a startup within the DOD was both fun, but also challenging as well.

Tom Temin And Task Force 59 was floating or flying.

Tom McAndrew  Yeah, it’s kind of interesting that the Navy that then you’re on the on the, on the shore, and I spent most of my time in, in Bahrain out there. But it’s a little bit of both I’ve been one of the issues with the, with the military is we tend to kind of have, you know, pilots fly airplanes and ship drivers that drive ships. And we have very different things when it comes to unmanned kind of an all-domain sort of area. And so, as you see now happening with Ukraine and other areas, that has evolved, so this is a it was kind of a first of its kind taskforce that we learned a lot of different things into it, and it’s still there, it’s still growing, it’s still making a big difference out there. So, it’s just great to be part of it.

Tom Temin  Now with the time you departed for the 400 days, were you the CEO of Coal fire at that time?

Tom McAndrew  Yeah, it was, it was interesting. I’m a CEO of a private equity backed company. And I remember getting the orders and not knowing what would happen right. In other, we have a lot of these rules that protect national guardsmen, reservists, which requires you to, you know, keep their job, make sure they would get promoted. But that doesn’t really work as well, when you’re the CEO, you can’t really delegate the strategy of the company for a year, you can’t do those areas. And so, I got lucky in one respect, because you get sent to wherever you need to go. And luckily, I was largely part of some short commands. So, I was able to kind of do my day job and then log on at night and do zoom calls. And, you know, and back then we still had COVID, going on from 2021 2022. So being more remote was less of an issue than maybe it would be today. It certainly had some challenges into it. And there’ll be times like we had the withdrawal from Afghanistan, that we supported, that there were certain periods where I just told the team Hey, I’m, I’m out for the next foreseeable future. I’ll come back online.

Tom Temin  Interesting. So yeah, I mean, you’re not at the level where you’re going to invoice, invoke necessarily detailed employee rights with the investors because you are the CEO. But I imagine you had to probably put in 18-hour days at the minimum, to at least minimally satisfy the overseer the back home duties while doing full time for the military.

Tom McAndrew  You’re the CEO and ultimately I mean, they’re both 24/7 365. So, what’s great is I had great military bosses that understood the unique skill sets that I brought in and provided some flexibility. And then same thing back with my company, right, and how to how to manage this. So, what we’re doing integrations and you know, support on that on the back end. And then on the military side, right, there’ll be ups and downs and things like that. So yeah, it was definitely it was a challenge. And I didn’t really know how it would work, but really kind of took it one day at a time. And just I think that’s one thing that maybe a lot of Americans really don’t understand is just how amazingly supportive and creative I think our military leaders are in taking the best that they can from Reservists National Guardsmen is out there. I mean, since 2001, there’s been over 800,000 people mobilized to support our needs, and we continue to stand by.

Tom Temin  We’re speaking with Tom McAndrew, He is CEO of Coalfire, and retired naval captain, is there a support group for people at the executive level, who gets called into long deployments and kind of share best practices for keeping your company alive and led even while you’re away?

Tom McAndrew  I wish there were maybe there are if I did, maybe I’m just by hang out. Now I can do it. I mean, most of all, it doesn’t happen a whole lot, right? I mean, just the burdens of both are difficult. And usually, people find other ways to kind of give back there is what’s called ESGR, which is the Employers Support of the Guard and Reserve. And they’re a great resource that provides support for any reservists or guardsmen as they deal with mobilization deploys. And their job is to provide resources, help out, help educate also employers of what they need to do by law, and also kind of what are some best practices like a good best practice that a lot of people have is when reservists are guarding, and they’ll do their two or four weeks that they’ll continue to pay them or do their differential pay or cover their health insurance. Because these little, these little nuances become a big deal. If you end up shifting your medical, you’ve got families and all those sorts of areas. So, the ESGR is one great support that’s really helped out as well. And then on the civilian side, larger organizations tend to have, you know, big veteran support groups, but smaller ones really don’t. And I’m lucky, we have, you know, we have over 100 veterans in our group. But when it comes to kind of reservists and guardsmen, it’s, it’s pretty, it’s pretty small. And I think most people don’t really realize the dual lives that a lot of people live.

Tom Temin  and working in the area that you mentioned, the Task Force 59, unmanned systems, these are all data and network driven types of operations. And so, you had a guessing, a pretty visceral understanding of the importance of keeping all of that secure. Did the learnings that you had in working with Task Force 59 maybe inform a little bit of the cybersecurity work that you do?

Tom McAndrew  My worlds have all kind of come together. Right, I was active duty in the Navy for five or six years. And then when I got out actually wanted to kind of completely detached from the DOD and I, you know, joined a small cybersecurity startup and work with banks and regulations. And today, the background of you know, security, cybersecurity business is regular business for organizations. And, you know, cyber warfare used to be something nobody knew about. But now it’s in the news every day. And you know, we leverage our commercial systems, right? We leverage a lot of commercial platforms, what’s out there in the industry. So, all that stuff is really kind of coming together. So, I’m lucky slash unlucky, to kind of have been in both in the civilian world in the military world, and then to see the importance of cybersecurity emerged, has been fantastic.

Tom Temin  And after five years in the Navy, you’re still pretty young, and you’re not a total career, 25, 35, 45 year type of person, do you feel that in going to business and being in leadership positions is maybe easier, having had a short military stint versus some of the many starred individuals that come out after 35 or 40 years, and find that business is a totally different environment with a whole wholly different command and control culture than they might have had for those 35 or 40 years in the military?

Tom McAndrew  Yeah, absolutely. I actually just had a conversation yesterday with a retired three-star Admiral. And, you know, when I was talking to him and said, you know, the difference is today, we live off of our iPhones, our emails, right, and we do all the prep, and in a lot of military environments, you can’t do that. So, we’re still very pen and paper, and we have a lot of kind of communication structure. And I was talking yesterday, it would just it would be so great if military leaders could get real, that commercial experience to see how we deal with risk and use technology and do things at a much faster, efficient pace. And it’s also for civilian leaders to get the military understanding of the authorities and the complexities and the real-world implications. So, it’s very difficult to do both. And it’s not a knock on one or the other. But if you know more than you can take a 30-year civilian and make him an Admiral and make them run something you can’t take a 30-year Admiral and drop them into this. So, it has much more to do with the people that I think that the training that they end up doing.

Tom Temin  Yeah, more than the technology. It’s the culture of business where even with subordinates, there’s a lot of collaboration, let’s say and the need to gain cooperation. Maybe that’s more pronounced than it is in the military.

Tom McAndrew  Yeah, absolutely. I would say that the leadership part is the one that I’m probably most thankful for the military. I mean, I graduated in 2000, from the Naval Academy and went to my first ship in 2001. And I had I think, 20 or 25 people, 22-year-olds don’t get 25 people that they’re responsible for many of them older than you, chiefs, and other senior leaders that call you, sir, but know, but you rely on them, and you build their trust onto it. And so, I’m very grateful to have that experience. And then, you know, 911 happened and I’m doing two deployments to the Middle East. And so that, you know, by the time I got out when I was 27, I, I had had a lot more, I think leadership experience than others, which really was helpful in a startup where startups and other cybersecurity in particular, we have a lot of really good techies that know the technology, but it’s around managing people and leadership and building strong teams. And we see that as a challenge in a lot of cybersecurity spaces.

Tom Temin  And having stepped aboard your first ship in 2001. In many ways, you are truly a child of the 911 generation.

Tom McAndrew  Yeah, I think we were the last class that went through. We go what’s called Surface Warfare Officer school. So, when we graduate, we’re going to Newport Rhode Island and you know, back then it was pre-911. So, we thought we’d joined the Navy see the world and be going floating around and doing all these port visits. And then our first trip was in Australia when I was in Australia when 911 happened. And it totally changed things so that the classes after us knew that when they were training, that they were likely to be using that. But we went through it, it was more of this theoretical training. And so that is one of the things I think I’m always amazed of the military is when something does happen. You have all this training; you go through that you may not really realize how you’re using it or how its leveraged. But the teams do a fantastic job of getting together supporting the mission.

Tom Temin  And just briefly, in your experience, now, your home, you’re CEO, you’re running Coalfire. Just what do you think are the top say three challenges you see in the federal government as it tries to get cyber secure with mixed results?

Tom McAndrew  Oh, only three times? I don’t know. There’s, there’s, there’s quite a bit, maybe I’ll kind of put it in a couple different broad groups. So maybe the first one is just cybersecurity policy. Right? There are so many different federal agencies, federal regulations that are happening, and we’re sick of it. Right, just when you’re the cybersecurity practitioner, a new rule from the SEC, a new rule from DHS a new rule from a state. So, one of our first challenges is we’ve got to centralize our policies and standards to make things easier for the consumers.

Tom Temin  And maybe have fewer of them.

Tom McAndrew  Fewer. Yeah, definitely. And then I mean, a good example right now is like SEC has a mandate that you have to disclose breaches within three days, but DHS has a draft rule that would require that in four days. And you know, states have different requirements. If we’re going to be some disclosure, if we agree what the right year what the timeframe is, so you’re not mapping those. So, policy will be number one, I think the second part is really the reaction to ransomware. And if you if, if you look at what’s happened within cybercrime, I mean, cybercrime is now going to be the amount of money that’s happening, it’s something in the realm of like $10 trillion, like it would be like the third or fourth largest country, if cybercrime was a country, so it’s huge. Ransomware is a huge part of that, that everybody is struggling with. And we really don’t have a good answer. Right now, if you go to the FBI, the FBI will tell you, we don’t recommend paying ransomware you don’t get the money back. But there’s no answer of what helped me solve the problem. It’s a commercial problem that you have to solve. So, I think as a nation, we’ve got to solve ransomware. And then maybe the third area to really talk about is that cybersecurity workforce and just making sure that we’re hiring and retaining the best it’s very difficult from the federal government side to do job postings to get people and what I find it’s not a Pay Issue. Everyone thinks it’s paid. And it’s government. It’s generally I mean, that’s a component but it’s generally the bureaucracy of hiring, retaining getting those people is really that so if we can streamline the way that we hire and retain the cybersecurity workforce, it would be a huge change.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories