Public to private: How Mick Baccio landed at Cisco’s new security project

Mick Baccio joined the military hoping to become a nuclear engineer—but quickly discovered he was color-blind.

“Red wire, green wire—okay, it’s important,” Baccio told IT Brew with a laugh at Splunk’s .conf25 in Boston this September.

Baccio isn’t the type to sit still. He quickly pivoted to computers and cybersecurity, working for the Navy as a data processing tech. After a decade in the private sector as a consultant and analyst for companies like Secureworks and Lockheed Martin, Baccio returned to the public sector, focusing on network defense and threat intelligence.

District of AI. In the federal government, Baccio worked for the Department of Health and Human Services, the Centers for Disease Control and Prevention, and the Federal Drug Administration before joining the White House under President Barack Obama as branch chief of threat intelligence, a role he stayed in through the early years of the first President Donald Trump administration, leaving in 2018. In 2019, Baccio became the first CISO for a presidential campaign in US history with democratic hopeful Pete Buttigieg.

Baccio left the campaign in January 2020, just a month and change before Buttigieg dropped out of the race, and joined Splunk as global security advisor.

“I had grown up using Splunk—every place that you do network defense, you’re probably gonna be familiar with Splunk as a security tool,” Baccio told IT Brew.

Going through changes. He was with Splunk through its purchase by Cisco in March 2024 and transitioned to the parent company’s Foundation AI subsidiary in July. Foundation AI came out of a purchase Cisco made in September 2024 of security firm Robust Intelligence, which was combined with existing research teams to create Foundation.

“Cisco took a cybersecurity research team and paired it up with Robust Intelligence, and now we are Foundation,” Baccio said. “We’re under the Cisco umbrella, not directly the Splunk umbrella.”

The security model debuted at this year’s RSAC Conference in San Francisco, where agentic AI dominated discussion. Foundation AI team members introduced an open-source reasoning model at the conference and called for more integration and coordination—a theme that IT Brew heard a lot about at .conf25.

“Generative security is a team sport,” Kamal Hathi, SVP and GM of the Splunk business unit, told IT Brew. “Everybody realizes that we’ll keep each other safe.”

Path forward. Foundation is currently working on agentic AI and security. The process involves a lot of trial and error and listening to stakeholders about what they want. Baccio and his team have found that SOCs and incident response teams have certain tasks an agent can complete in minutes. Narrowing down the requests and responsibilities of the agents helps to avoid generalization, which can ask too much of the technology.

Chaining the models together, via agentic AI protocols, will allow for more uninterrupted tasks. But that’s not to say there won’t be humans in the loop—oversight remains important.

“We’re building very specific models for very specific tasks, and at the end of it there’s going to be a person that has to review that to make sure, ‘Hey, this is the output I’m expecting, just to verify everything,’” Baccio said. “I don’t think you’re ever going to see the lack of a person in that loop somewhere.”