CyberWire Daily - Michael Scott: A team of humble intellects. [Information security] [Career Notes]
Episode Date: May 29, 2022Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Micha...el explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of existence in the security community, and explains how that helps him keep up the fight. We thank Michael for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
Hello, my name is Mike Scott, and I'm a Chief Information Security Officer at Immune.
My first introduction was really in the Navy right after high school. Looking at different things from satellite imagery, working with Solaris, like Sparks
and things like that, really got my first introduction into working with PCs on a regular
basis but also the concepts of data protection and security as well.
Growing up in a small town, really not sure what I wanted to do when I grew up.
The Navy seemed like a good place to start and, you know, really was a fantastic few years for me to,
if nothing more, motivate me to get into the career I am now.
to get into the career I am now.
So after that, I got my first technology job right out of the Navy,
working for an internet service provider.
That really gave me an opportunity
to expand upon networking, network concepts,
early days of internet service,
you know, when AOL was still sending out disks.
And then that company, about a year and a half later, went bankrupt as AOL and some of the other
providers exploded. That's where I moved on to a small startup in Atlanta called Witness Systems.
At the time, there were, I think I was employee 25. Spent about 11 years with that company.
When I left, we were about 1,300 employees.
After that, I spent a little time at Arby's, the restaurant company, right before an acquisition of Wendy's.
I spent a good part of eight years there leading the security function for first Arby's, then Wendy's Arby's Group, and then finally Wendy's International.
And then from there, I left and spent a little time consulting at NCR, then moved on and spent
a couple of years at Optiv in the office of the CISO, where my primary role was supporting
as a non-billable resource. And then after there, I left and spent a little time at Spurian, a startup in
St. Petersburg, Florida, and then landed here at Immuta for the last year and a half.
When they brought me on board, of course, the first thing they wanted to do was achieve PCI
compliance. But moreover, you know, what we
started really looking at was the security of obviously restaurants and PCI and card data,
you know, high risk items, and looking how we can not only improve the security of the organization,
but also increase the operational uptime. I built that program from the ground up and focused on operational
stability as much as security and picking the right architecture and
simplifying a lot of things and at the end of the day what we found was we had
a very repeatable PCI program but also the security of the restaurants was
increased greatly.
Busy is an understatement.
I'd say probably a little bit of chaos right now, really, with our incredible growth and some of the customers that we're pulling on board at Immuta.
You know, some top, you know, probably Fortune 50 companies.
We launched our SaaS platform last year.
So cloud security has been a big focus.
SaaS platform last year. So cloud security has been a big focus. But there's never a stop in demands from the business and our customers, especially with the evolving privacy landscape.
So right now we're spending a lot of time building out our privacy program,
focusing on new certifications, ISO 27001 and 701, to really address the demands of our customers and give them that trust
in the platform. So a lot of time in cloud right now and some time in application security. Those
are probably the two things that are keeping us the most busy right now.
I consider myself a team member more than anything. I definitely say my employees and
former employees would say my style is very casual, But, you know, for me, I like to think of myself as a contributor on the team.
And my job is to obviously lead and create strategy and evolve the team.
But, you know, I like to get my hands on, like to support the team.
You know, at the end of the day, we're all there for one mission.
So I see myself, you know, on the same level.
So I see myself on the same level.
And I think that humble style is not only mine, but one of the things that drew me to
Immuta.
It really is just a collection of a lot of what we call humble intellects. I think that's what drew me in there was just really being able to focus on outcomes and
not titles and responsibilities and who you are, how long you've been in the industry.
Adversity is obviously, I'd say almost a cornerstone of being in the security community.
We're always creating work for other teams, creating complexity that is necessary in a lot of times.
But, you know, really first being able to understand what you're trying to accomplish, making sure the folks you're working with understand what you're trying to accomplish.
And if you move the needle forward just a little bit, I mean, I think you have to really recognize that accomplishment.
You know, sometimes in security and privacy, we may spend, you know, months or
even years trying to accomplish certain things. And that can be very demotivating to a lot of
folks, you know. And so I think keeping front of mind what you are doing, what you are accomplishing,
the things that you have done are so important. But also, you know, learning from others,
which I love what you guys are doing here, is learning from others, sometimes just how to pitch an idea. You know, at the end of the day,
I can look back and see some of my biggest accomplishments may have taken years to
accomplish in certain organizations, but they were still wonderful accomplishments. You know,
so I think adversity is part of it, but I think keeping focused and quite frankly, keeping good,
whether it's metrics or
just you know quarterly updates on what your program is doing and what you're accomplishing,
helping them, not losing the energy to keep that fight up.
It's a fantastic career to move into. Really understanding the business is incredibly
important. I've met a lot of technologists in my career and a lot of fantastic engineers. And what differentiates folks career-wise and how they progress to me is
understanding that the business needs to accomplish certain outcomes. And our job is to support those
and not be the department of no. We have to help the business understand the risks they're taking,
No, we have to help the business understand the risks they're taking, help them come up with a way for it to be a yes, most importantly, and be curious.
So I think that curiosity and understanding what you're doing and how it impacts the business are super critical to anyone.
Ultimately, I think I hope to be remembered as an enabler to the business and a fantastic mentor.
I hope when that time comes, whether it's to move on to another opportunity or maybe
win the lottery and retire, I also hope that someone from my team is taking the reins.
I think that is really the most important part for me, is people see that my contribution was more to the people than the program.
Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been
done. Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our
listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout. The only way to get 20% off is to go to joindeleteme.com
slash N2K and enter code N2K at checkout. That's joindeleteme.com slash N2K and enter code N2K at checkout.
That's joindelete me.com slash N2K, code N2K.