Andrew Dannenberger

I work at the intersection of AI security standards, practical guidance, and organizational enablement — translating fast-moving AI risk into concrete controls that security teams, developers, and organizations can actually act on.

My current focus areas include the Model Context Protocol, LLM and agentic AI security, CIS Controls and Benchmarks, and building enablement programs that make safe AI adoption practical — not just policy. I am the Principal Co-author of the CIS Controls v8.1 Model Context Protocol (MCP) Companion Guide (April 2026), co-authored with Shreyans Mehta of Cequence, and a collaborator on the CIS Controls v8.1 AI/LLM Companion Guide and AI Agents Companion Guide.

Beyond standards authorship, I lead CIS AI Benchmarks Community work, am developing a CIS MCP Benchmark, run AI Office Hours and internal enablement programs, prototype AI tooling including a documentation-focused AI assistant, and advise on AI adoption and emerging risk — including MCP server integration for enterprise platforms.

I also bring hands-on technical product support experience across CIS SecureSuite products — including CLI-driven troubleshooting, Bash/Linux workflows, logs, configuration files, test environments, customer issue reproduction, and engineering handoffs. That practical, implementation-level grounding keeps my standards and enablement work tied to how systems actually behave in production.

My perspective is practitioner-first and implementation-aware. Good AI security guidance has to be specific enough to act on — not just a list of principles or a compliance checklist. That means understanding the protocols, the failure modes, and the organizational reality that security teams are operating in.

I've built AI chatbots, worked through MCP server concepts for a real enterprise platform, run enablement programs for beginner and advanced audiences, and co-authored a companion guide mapping MCP risk to all 18 CIS Controls. When I write or present about AI security, I'm drawing on direct experience — not just research.

I also care about enablement as a security function. Organizations that don't have structured AI adoption programs end up with shadow AI: staff using unapproved tools and unmanaged workflows. Building practical, accessible guidance that makes the safe path the easy path is as much a security concern as writing controls documentation.

Before transitioning into cybersecurity, I spent nearly a decade leading international adult education and training programs. At Raytheon Intelligence and Information Services, I served as Site Lead and Principal Training & Development Specialist based in Kabul, Afghanistan — leading English Language Training at the Afghan Presidential Palace and NATO Resolute Support Headquarters, coordinating with the Afghan National Security Council and U.S. Department of Defense stakeholders, and managing up to 27 instructors in an operationally demanding environment. I held a U.S. Secret security clearance (inactive).

Prior to that I delivered training programs across the United States, Taiwan, Hungary, and refugee resettlement contexts, including military and NATO-related audiences.

That experience — translating complex material for diverse adult learners, adapting to fast-changing environments, and making technical guidance accessible to people who need to act on it — directly informs how I write standards documentation, run enablement programs, and communicate AI security risk today.