INterview with Tom McAndrew, Coalfire CEO

Monday April 23, 2018 0 comments Tags: Tom McAndrew, Coalfire


Tom McAndrew is chief executive officer for Coalfire. He is recognized as one of the world’s leading cybersecurity experts in both the commercial and government sectors. McAndrew joined Coalfire in 2006, and since that time has held key leadership roles spanning sales, operations, service delivery, and technical testing, most recently serving as the company’s COO.mcandrew-mug-copy

Prior to joining Coalfire, McAndrew worked in information security and weapons systems for the Navy. He has worked for the Space and Naval Warfare Command, Office of Naval Intelligence, National Reconnaissance Office, Office of Naval Research, and has made deployments in support of overseas combat operations.  

McAndrew is a graduate of the United States Naval Academy, holds an MBA from the University of Washington, a Master of Science degree in Information Technology from the University of Maryland, and a Master’s certificate in Space Systems from the Naval Post-Graduate School.

Q: What challenges do your customers face as they integrate new, innovative technologies into their security defenses?

A: Sorting through the noise and hype of the many thousands of ‘innovative’ solutions out there, and focusing on the true fundamentals of building an effective cybersecurity program can be difficult for many companies. I think one of the biggest challenges for customers is keeping up with the rapid pace of innovation in the cybersecurity industry. I just returned from the RSA Conference, where there were more than 40,000 cyber security professionals all looking for new tools and ways to defend their organizations. The hot buzzwords today are Artificial Intelligence (AI), blockchain, military-grade encryption, and machine learning. While there are some exciting things happening in those areas, it is mostly hype and not appropriate for a typical organization today.

As someone who has been in this industry for a long time, cybersecurity professionals are doing customers a disservice by constantly providing the next innovative solution rather than focusing on the fundamentals. It is very difficult for an organization to design and efficiently maintain an effective cybersecurity program. This is where we can help them -- by making cybersecurity solutions simpler and integrating them with the organization’s existing infrastructure. 

Q: How do you help customers comply with a rapidly changing regulatory environment to meet and exceed changing regulations while staying focused on the more comprehensive goal of fortifying security defenses?

A: The regulatory landscape is constantly expanding. Just a few years ago there were less than a dozen major regulatory frameworks and best practices that applied to most of our customers. Today, many have upwards of 80 -- more if they have international customers. The European Union’s General Data Protection Regulation (GDPR) is a currently a hot topic as it goes into effect May 25th, and meeting it will be a heavy lift for affected organizations.

Despite all these regulations, the fact is, compliance alone still doesn’t equal security. No framework is comprehensive against every threat -- so organizations still must have a strong security plan, while also meeting a rolling schedule of multiple compliance requirements. They also have businesses to run beyond cybersecurity! One of the ways we help organizations with this challenge is by helping them map their regulatory requirements to their business/security initiatives and 5-year strategic plan. We offer a Coordinated Assessment Plan (CAP) service, which combines multiple regulations into a single service while focusing on overall risk, reducing the “audit fatigue” many organizations face as they scale.

Q: In today’s security landscape, breaches have become more commonplace.  How do you help your customers secure their businesses and respond to a data breach?

A: Not only have cyberattacks increased (doubling in volume over last year, by several study estimates), they have increased in sophistication. I believe it’s not a matter of ‘if,’ but ‘when’ companies will suffer a breach, and many have been breached already and don’t even know it, despite their investment in tools and solutions. The best answer is to be prepared with a strong security posture and Incident Reponses Planning to both defend against and then respond to a cyber incident. Our cyber engineering teams work alongside our customers to redesign their security architecture; penetration testing teams test for weaknesses in the security defenses; and we can provide Incident Response Planning to help organizations contain, eradicate, and recover from an incident (and then learn from their breach to improve their people, process, and technology). Organizations should be practicing Incident Response Planning on a continuous basis, not just once a year.

We have also seen significant growth in our Cyber Risk Services, which includes conducting “table top” tests with the Board of Directors. We walk a company’s board through a hypothetical security incident—they quickly learn how complicated it is, and that regulatory issues affect the entire business, from marketing to sales, operations, procurement, and partnerships. 

Q: What are some of the major changes or developing security trends on the horizon and how will that impact Coalfire’s offerings?

A: One of the biggest changes is in automation: We cannot win the cyber battle if we have manual processes going against machines that literally work at the speed of light. Global Ransomware is enabled by automation, and it has evolved from less than $325M in 2015 to over $5 billion in 2017. On the defensive side of the equation, automated systems are doing far more than pointing out risks; they are being given more autonomy to make self-defense decisions with little or no human intervention. 

In order to stay ahead, we are making significant investments to enable our consultants with technology. We do this through our CoalfireONE platform, which will automate the workflow of tracking vulnerabilities all the way through producing reports for customers. Our Labs group is developing innovative tools to automate formerly manual processes of penetration testing for better accuracy and efficiency. While many organizations are focusing on selling products, we focus on providing customers with smart people backed with technology -- what I believe customers will need in the foreseeable future.

Our technology enablement strategy will also include more application security technology, incident response planning, risk identification, risk quantification, identity and access management, report automation, and shifting from one-time engagements to continuous monitoring and defense.

Q: What are key initiatives you are undertaking as CEO of Coalfire?

A: Make Coalfire the Best Place to Work -- Cybersecurity is a hot market for talent. We are focused on attracting, developing, and retaining the best security minds in the industry. We are proud of the recent awards we received as a Top Workplace in Colorado and top Veteran Friendly employer, but we are never satisfied and will work to keep improving our culture.

Solve the World’s Hardest Cybersecurity Problems -- We are constantly developing new services. Doing fun work with the best companies in the world is tremendously exciting. Attracting and maintaining our customers, helping them solve their cybersecurity challenges and making an impact is key. 

Build a Scalable Platform for Technology -- We are integrating our entire company operations into the CoalfireONE platform, from HR to marketing, sales, and accounting. CoalfireONE will enable us to give our employees a single location to gain customer and company visibility while allowing us to easily integrate new, strategic technologies.

Acquire Best of Breed Services -- We are actively evaluating organic and inorganic growth opportunities, constantly looking to augmenting our services while maintaining a focus on a one cohesive culture.