Modern CISO Network: Board Book

Michael Scott is a highly accomplished security and privacy professional with a proven track record in developing strategic plans to protect enterprise information assets, mitigate risks, control cyber incidents, and achieve and maintain compliance with multiple compliance regimes, including PCI-DSS, HIPAA, SOX, SOC2, ISO 27001, and ISO 27701. Scott has extensive experience addressing the security challenges of the hospitality, retail, and software development industries. In addition to his full-time roles in those industries, Michael has served as a consultant to other executives across multiple industries over the past several years. As a practitioner, he has led the development of four security programs from the ground up, including team buildout, policy development, security architecture, risk assessment and action plans, compliance simplification, and incident response. Some notable accomplishments in these programs include creating a franchise security program capable of supporting 70,000 devices across thousands of independent locations, delivering fully integrated role-based identity and access management programs, automating vulnerability management, full security integration into the software development lifecycle for a mobile application, and two commercial software as a service (SaaS) platforms, and building highly successful teams using both internal and external resources to deliver optimal results to the business.

In his most recent role at Immuta, Michael built the information security and governance function from the ground up. Over the past two years, the program has matured considerably and has been certified under SOC 2 Type 2 and ISO 27001/27701. Key accomplishments from this role include delivering a full shift-left application security program and launching the Immuta SaaS platform, a cloud data security, and access control solution. Michael’s technical skills, business acumen, and collaborative style have helped him transform security programs by building partnerships with key technical teams and business leaders, creating security champions who proactively seek continual improvement.