Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

On Point: Q&A With Sam Kinch

Currently a Federal Field CTO at Tanium, Sam Kinch has over 20 years of federal cybersecurity experience, having served as an analyst in the intelligence community, offensive cyber operations leader at U.S. Cyber Command, and executive advisor on National Guard cyber operations.
Cybersecurity expert Sam Kinch discusses the impact artificial intelligence has on cyber operations. Credit: Igor.nazlo-stock.adobe.com generated with AI
Cybersecurity expert Sam Kinch discusses the impact artificial intelligence has on cyber operations. Credit: Igor.nazlo-stock.adobe.com generated with AI

What are the implications of artificial intelligence (AI) for defensive and offensive cyber operations?
The ongoing conflict in Ukraine demonstrates how AI fundamentally changes cyber warfare. We’re witnessing adversaries deploy specialized AI systems designed specifically for malicious purposes. Underground markets now trade fine-tuned machine learning models engineered for cyber operations, enabling threat actors to scale attacks beyond traditional capabilities.

Speed determines victory in cyber operations. Today’s AI-driven threats operate autonomously, learning and adapting in real time to evade defensive measures. This demands a fundamental shift: future defensive operations must achieve autonomous response capabilities while maintaining human oversight. We need defensive AI systems that operate independently with commander oversight when strategic judgment is required.

The platform-based approach I advocate has become mission-critical. Isolated security tools cannot defend against adversaries wielding purpose-built AI weapons systems.

Do we need AI to fight AI in the cyber realm? 
Absolutely. When adversaries deploy autonomous agents capable of real-time adaptation, human-speed responses become obsolete.

But this requires what I call a “vendor-in-depth” approach using multi-agent systems where collaborative, integrated AI-powered solutions work together. If one technology misses a cyber attack, another catches it. The DOD Information Network is “a critical weapons system,” as noted by Lt. Gen. Paul Stanton, and we need enterprise-level AI platforms that provide unified visibility with distributed response capabilities.

We’re hearing from this administration the importance of being more offensive in the cyber realm. What advice can you offer?
Offensive cyber operations require precise intelligence and clear legal authority. My advice: establish an unshakable defensive foundation before projecting offensive capabilities.

The U.S. government has traditionally treated defensive cybersecurity and IT operations as separate functions—this separation is a critical vulnerability. We must execute IT operations while incorporating a true “weapons system” approach, ensuring foundational cyber hygiene, autonomous patching and continuous compliance.

Defense teams need AI-enabled platforms with real-time visibility across endpoints and networks. These autonomous capabilities must operate continuously with complete human oversight—commanders need the ability to see everything, control everything and intervene instantly when strategic judgment is required. Only from this defensive foundation can we safely project offensive cyber power.

What is your take on the Joint Cyber Defense Collaborative (JCDC) AI playbook and other recent government initiatives?
The JCDC AI playbook represents crucial progress in public-private collaboration, but success hinges on trust.

The playbook’s strength lies in its operational focus and comprehensive voluntary information-sharing checklist.

However, we must address information-sharing latency.

Traditional Department of Homeland Security (DHS) processing timelines—often weeks or months—don’t align with AI-speed threats. The next iteration should streamline intelligence-sharing protocols between DHS, Cyber Command and FBI while maintaining verification standards. We need real-time collaboration mechanisms that match the threat landscape’s velocity.

What news can we expect from Tanium in the coming months?
Tanium continues advancing toward true autonomous endpoint management—developing AI-driven capabilities that detect, remediate and learn from each interaction.

A major highlight is our integration of AI agents directly into operational workflows. These agents identify root causes, remove underutilized software and democratize expertise.

I’m particularly excited about Tanium Converge this fall, where we’ll unveil these capabilities alongside breakthrough autonomous operations features. These advances embody the platform approach I advocate—creating foundational cybersecurity hygiene required to defend against malicious actors operating at AI speed.

The next generation requires platforms that enable centralized control with decentralized execution, AI-infused speeds and human “over-the-loop” oversight—exactly what our federal customers need to maintain battlefield awareness in cyberspace.

Comments

The content of this field is kept private and will not be shown publicly.
About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Enjoying SIGNAL?
SIGNAL Magazine is available through subscription or as part of your membership in AFCEA.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA