Michael Scott: A team of humble intellects. [Information security] [Career Notes] - CyberWire Daily

Episode Overview

Podcast: CyberWire Daily
Host: N2K Networks
Guest: Michael Scott, Chief Information Security Officer (CISO)
Episode Title: Michael Scott: A team of humble intellects. [Information security] [Career Notes]
Release Date: January 4, 2026

This episode features Michael Scott, CISO at Immuta, reflecting on his career through information security, leadership philosophy, the importance of business alignment, and prevailing challenges in the cybersecurity landscape. Listeners gain insights into Scott’s path from early Navy experiences to leading security at major enterprises, and hear his advice for newcomers and seasoned professionals in cybersecurity alike.

Key Discussion Points & Insights

1. Early Foundations and Career Beginnings

[00:26 – 02:18]

Michael Scott describes his introduction to technology and security in the Navy, where he handled satellite imagery and early concepts of data protection.
Early jobs included working for an Internet service provider post-Navy, “when AOL was still sending out disks,” giving him a deeper understanding of networking.
First major startup role: Witness Systems, where he helped grow the company from 25 to 1300+ employees over 11 years.

Quote:
"Growing up in a small town, really not sure what I wanted to do when I grew up, the Navy seemed like a good place to start and... motivated me to get into the career I am now."
— Michael Scott, [00:41]

2. Building Security Programs in Diverse Industries

[02:19 – 04:17]

Leadership at Arby’s Restaurant Co., then Wendy’s after an acquisition, where he developed security operations focused on card data compliance (PCI).
Emphasis on balancing security with operational stability: “Picking the right architecture and simplifying a lot of things” led to both repeatable compliance and improved restaurant security.

Quote:
"At the end of the day, what we found was we had very repeatable PCI program, but also the security of the restaurants was increased greatly."
— Michael Scott, [03:38]

3. Current Role & Focus at Immuta

[04:18 – 05:36]

Joined Immuta during a hyper-growth phase, serving top Fortune 50 companies.
Launched a SaaS platform, with cloud and application security as main priorities.
Work includes expanding privacy programs and seeking certifications like ISO 27001 and ISO 27701 to align with evolving customer privacy demands.

Quote:
"Busy is an understatement, I'd say probably a little bit of chaos right now... We launched our SaaS platform last year. So cloud security has been a big focus..."
— Michael Scott, [04:43]

4. Leadership Philosophy: Humility, Teamwork, and Outcomes

[05:37 – 06:59]

Describes himself as a “team member” and hands-on leader, emphasizing humble intellects over hierarchy.
Values outcome-driven cultures that focus on success rather than job titles or seniority.

Quote:
"I consider myself a team member more than anything... My job is to obviously lead and create strategy and evolve the team, but I like to get my hands on, I like to support the team."
— Michael Scott, [05:51]

5. Navigating Adversity & Celebrating Progress

[07:00 – 07:47]

Acknowledges adversity as “almost a cornerstone of being in the security community.” Progress often takes months or years, which can be demotivating.
Emphasizes the importance of recognizing small wins, staying focused, and keeping energy up through regular progress updates.

Quote:
"Sometimes in security and privacy, we may spend months or even years trying to accomplish certain things. That can be very demotivating to a lot of folks... you have to really recognize that accomplishment."
— Michael Scott, [07:11]

6. Advice for Aspiring Security Professionals

[07:48 – 08:03]

Business understanding separates exceptional engineers from leaders: “Our job is to support [business outcomes], not be the department of no.”
Advocates for curiosity and enabling business objectives over maintaining barriers.

Quote:
"What differentiates folks career-wise and how they progress, to me, is understanding that the business needs to accomplish certain outcomes, and our job is to support those, not be the department of no."
— Michael Scott, [07:59]

7. Legacy and Mentorship

[08:04 – 08:17]

Hopes to be remembered as a mentor and enabler rather than solely for implementing programs.
Values seeing his team members succeed and take over leadership roles.

Quote:
"I hope to be remembered as an enabler to the business and a fantastic mentor... that my contribution was more to the people than the program."
— Michael Scott, [08:10]

Notable Quotes & Memorable Moments

On leadership style: "I like to think of myself as a contributor on the team... focusing on outcomes and not titles." [05:51]
On career progress: "Adversity is obviously, I'd say, almost a cornerstone of being in the security community." [07:00]
On business alignment: "Be curious. I think that curiosity and understanding what you’re doing and how it impacts the business are super critical." [07:59]

Timestamps for Key Segments

| Segment | Timestamp | |--------------------------------------------|-----------| | Early career and Navy experience | 00:26–02:18| | Startup growth at Witness Systems | 02:19–03:00| | Leading security at Arby’s/Wendy’s | 03:01–04:17| | Role at Immuta and focus on SaaS, cloud | 04:18–05:36| | Leadership style and team philosophy | 05:37–06:59| | Coping with adversity in infosec | 07:00–07:47| | Advice for career growth | 07:48–08:03| | Closing thoughts on legacy and mentorship | 08:04–08:17|

Summary Takeaways

Michael Scott’s journey embodies humility, adaptability, and business-centric cybersecurity. His approach stresses teamwork, measurable achievement, and personal growth as key to sustaining both personal satisfaction and organizational resilience in a rapidly changing security environment. For professionals in cybersecurity, Scott underscores curiosity, business fluency, and the power of shared outcomes over individual titles or egos.

Transcript

A (0:02)

You're listening to the Cyberwire Network powered by N2K. You're about to make a trade. Which U do you listen to? Is it get optioning those options.

B (0:16)

Or.

A (0:17)

Let'S do a little research. Learn more@finra.org TradeSmart.

B (0:26)

Hello, my name is Mike Scott and I'm a chief information security officer at. My first introduction was really in the Navy right after high school looking at different things from satellite imagery, working with Solaris like Sparx and things like that. Really got my first introduction into, you know, working with PCs on a regular basis, but also the concepts of data protection and security as well. Growing up in a small town, really not sure what I wanted to do when I, when I grew up, the Navy seemed like a good place to start and you know, really was a fantastic few years for me to, if nothing more, motivate me to get into the career I am now. So after that I got my first technology job right out of the Navy working for an Internet service provider. That really gave me an opportunity to expand upon networking network concepts. Early days of Internet service, you know, when AOL was still sending out disks. And then that company about a year and a half later went bankrupt as AOL and some of the other providers exploded. That's where I moved on to a small startup in Atlanta called Witness Systems. At the time there were, I think I was employee 25, spent about 11 years with that company. When I left we were about 1300 employees. After that I spent a little time at Arby's Restaurant Co. Right before an acquisition of Wendy's. I spent a good part of eight years there leading the security function for first Arby's, then Wendy's, Arby's Group and then finally Wendy's International. And then from there I left and spent a little time consulting at ncr, then moved on and spent a couple of years at Optiv in the office of the CISO where my primary role was supporting as a non billable resource. And then after there left and spent a little time at Sparion Startup in St. Petersburg, Florida and then landed here at Immuta for the last year and a half. When they brought me on board, of course the first thing they wanted to do was achieve PCI compliance. But moreover, what we started really looking at was the security of obviously restaurants and PCI and card data, high risk items and looking how we could not only improve the security of the organization but also increase the operational uptime. I built that program from the ground up and focused on operational stability as much as Security and picking the right architecture and simplifying a lot of things. And at the end of the day, what we found was we had very repeatable PCI program, but also the security of the restaurants was increased greatly. Busy is an understatement, I'd say probably a little bit of chaos right now, really, with our incredible growth and some of the customers that we're pulling on board at Immuta, some top probably Fortune 50 companies. We launched our SaaS platform last year. So cloud security has been a big focus, but there's never a stop in demands from the business and our customers, especially with the evolving privacy landscape. So right now, we're spending a lot of time building out our privacy program, focusing on new certifications, ISO 2, 7001 and 701- to really address the demands of our customers and give them that trust in the platform. So a lot of time in cloud right now and sometime in application security, those are probably the two things that are keeping us the most busy right now. I consider myself a team member more than anything. You know, I definitely say my employees and former employees would say my style is very casual, but for me, I like to think of myself as a contributor on the team. My job is to obviously lead and create strategy and evolve the team, but I like to get my hands on, I like to support the team. At the end of the day, we're all there for one mission. So I see myself on the same level. And I think that humble style is not only mine, but one of the things that drew me to it really is just a collection of a lot of we call humble intellects. But I think that's what drew me in there was just really being able to focus on outcomes and not titles and responsibilities and who you are, how long you've been in the industry. Adversity is obviously, I'd say, almost a cornerstone of being in the security community. We're always creating work for other teams, creating complexity that is necessary in a lot of times. But, you know, really first being able to understand what you're trying to accomplish, making sure the folks you're working with understand what you're trying to accomplish. And if you move the needle forward just a little bit, I mean, I think you have to really recognize that accomplishment. You know, sometimes in insecurity and privacy, we may spend months or even years trying to accomplish certain things. And that can be very demotivating to a lot of folks. And so I think keeping front of mind, what you are doing, what you are accomplishing, the things that you have done are so important, but also learning from others, which I love. What you guys are doing here is learning from others sometimes just how to pitch an idea. You know, at the end of the day I could look back and see some of my biggest accomplishments may have taken years to accomplish at certain organizations, but they were still wonderful accomplishments. So I think adversity is part of it, but I think keeping focused and quite frankly keeping good, whether it's metrics or just quarterly updates on what your program is doing and what you're accomplishing, helping that, not losing the energy to keep that fight up. It's a fantastic career to move into. Really understanding the business is incredibly important. I've met a lot of technologists in my career and a lot of fantastic engineers. And what differentiates folks career wise and how they progress to me is understanding that the business needs to accomplish certain outcomes. And our job is to support those, not be the department of no. You know, we have to help the business understand the risks they're taking. Help them come up with a way for it to be a yes, most importantly and be curious. So I think that curiosity and understanding what you're doing and how it impacts the business are super critical to anyone. Ultimately, I think I hope to be remembered as an enabler to the business and a fantastic mentor. I hope when that time comes, whether it's to move on to another opportunity or maybe win the lottery and retire, I also hope that someone from my team is taking the reins. I think that is really the most important part for me is people see that my contribution was more to the people than the program.