Two people in black and white, a bearded man in sunglasses and a woman with long hair and glasses, appear on a blue background with the text, "No marketing fluff, just cyber stuff. Breaking Badness Podcast RSAC 2025 Edition featuring John Donovan.
Podcasts

Building Secure Campaigns and Better Humans: A Conversation with Mick Baccio

05/14/2025
iTunes SoundCloud Spotify RSS

In this episode of Breaking Badness, Kali Fencl sits down with Mick Baccio, Global Security Advisor at Splunk and former CISO for Pete Buttigieg’s 2020 presidential campaign. Mick shares his journey from aspiring Navy nuclear engineer to leading security in some of the highest-stakes environments, including the White House.

They explore how threat intelligence, storytelling, and mentorship shape the future of
cybersecurity. From his early days in government to his work on the Splunk SURGe team, Mick opens up about what it takes to build secure systems, stronger teams, and more empathetic leadership in cybersecurity.

From Colorblind Coder to CISO

Mick Baccio’s cybersecurity journey didn’t start in a SOC, but with a twist of fate. He joined the Navy intending to be a nuclear engineer, only to discover on enlistment day that he was colorblind. As he puts it:

“The day I joined the Navy is the day I found out I’m colorblind.”

That unexpected turn redirected him into computers and eventually into cybersecurity, where his operational expertise led him into threat intelligence and eventually to the White House.

Securing Democracy: The First Campaign CISO

Baccio made history by becoming the first-ever Chief Information Security Officer for a U.S. presidential campaign during Pete Buttigieg’s 2020 run. Reflecting on that experience, he described political campaigns as:

“A nonprofit corporation funded entirely by donations that has a goal to get someone elected.”

In that high-pressure environment, every dollar spent on security was a dollar not spent on outreach. But the campaign’s decision to bring on a dedicated CISO showed rare foresight after the cyber fallout from the 2016 election.

He also credited organizations like Defending Digital Campaigns for helping campaigns access secure tools and practices at minimal cost.

Cybersecurity is Human Work

Throughout the conversation, Mick returned to a core theme: cybersecurity is not just technical, it’s human. From sharing credit to lifting up peers, he emphasized the importance of being a “helper” in a field that often rewards paranoia more than positivity.

“If you look around and don’t see the helpers, there’s a good chance you’re one of them.”

He praised Kali’s talk at Schmoocon and offered her a literal popup flower card to acknowledge the work she does to bridge the gap between practitioners and content creators.

Surge, Storytelling, and the Power of Content Collaboration

Now part of Splunk’s Surge team, Mick collaborates with researchers like David Bianco (creator of the Pyramid of Pain) on threat hunting innovations like the PEAK framework. He also highlighted recent work involving PowerShell classification using Retrieval-Augmented Generation (RAG) AI models.

What makes Surge unique is its integration of research, empathy, and communication. As Baccio puts it:

“If you’re doing amazing research and you’re not letting people know about it, how will they use it to get better?”

That point landed strongly during the discussion of Kali’s own research into fake American Girl domains and how marketers and security practitioners can empower each other.

Community, Burnout, and Showing Up

Mick doesn’t shy away from discussing the darker parts of cybersecurity, including burnout and jadedness:

“You’re mostly rewarded for finding badness. That dopamine hit takes a toll.”

His advice for security professionals: show up, help others, and be willing to leave toxic environments. He shared his personal truisms, like:

“When no one has your back, it’s time to move your back.”

Resources Mentioned

Watch on YouTube

That’s about all we have for this week, you can find us on Mastodon and Twitter/X @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.

*A special thanks to John Roderick for our incredible podcast music!

Related Content

Two smiling hosts, a woman with glasses and a man with a beard, appear on a blue background. Text reads: "SWAGLESS IN SAN FRANCISCO: FROM MORPHING MEERKAT TO WINS," "BREAKING BADNESS PODCAST," and "RSAC 2025 EDITION.
Podcasts

Hacking the Stage: John Donovan on RSAC, BSides SF, and the Human Side of Cybersecurity

Listen Now
Three people, two men and one woman, are smiling in front of a blue gradient background. The text reads, "DNS: DOH OR DOHNT?" with a nod to DFIR foundations on the "Breaking Badness Podcast" logo in the top right corner.
Podcasts

Inside Morphing Meerkat and Proton66: How Cybercrime Is Getting Easier

Listen Now
Five people are shown in black and white at the bottom of a blue gradient background. Text reads "DFIRSIDE CHAT: PART 2," highlighting a DFIR discussion. The top right corner features the "Breaking Badness Podcast" logo.
Podcasts

DFIR Foundations: Real-World Lessons in Containment, Eradication, and Recovery

Listen Now
DomainTools Logo
Pricing Contact Login Support Request a Demo

© 2025 DomainTools

DomainTools® and DomainTools™ are owned by DomainTools, all rights reserved.

Privacy Policy    |    California Privacy Notice
Do Not Sell My Personal Information    |    Terms of Service    |    Sitemap