CISO Sandy Dunn breaks down her blueprint for AI-ready defense—pairing MITRE ATT&CK v18 with MITRE ATLAS to move from policy to behavior-based detections. We hit practical AI governance, her early focus on defending and understanding AI, and how OWASP GenAI tools turn checklists into action.
Segment Resources: Article: https://www.linkedin.com/pulse/attck-v18-atlas-blueprint-ai-ready-defense-sandy-dunn-mafoc AI Cheat Sheet: https://www.linkedin.com/feed/update/urn:li:activity:7388688396166238208/ OWASP LLM Governance Checklist: https://genai.owasp.org/resource/llm-applications-cybersecurity-and-governance-checklist-english/ OWASP Threat Defense COMPASS: https://genai.owasp.org/resource/owasp-genai-security-project-threat-defense-compass-1-0/
Sandy Dunn is a CISO with over two decades of experience spanning manufacturing, healthcare, and high-growth startups. As CISO at SPLX.AI, she leads the security strategy for the company’s automated and continuous AI Security and Red Teaming platform built to defend Conversational and Agentic AI systems at scale.
Sandy is a core contributor to the OWASP GenAI Project and serves as the creator and project lead for both the OWASP GenAI Cybersecurity & Governance Checklist and the OWASP GenAI Threat Defense COMPASS
In addition to her industry leadership, Sandy is an Adjunct Professor at Boise State University, where she teaches cybersecurity courses and mentors the next generation of security professionals. Her expertise spans enterprise security architecture, AI risk governance, red teaming methodologies, and the integration of AI-specific threat modeling into modern security programs.
