Blog

banner-asset-med

Profile: Scott King, CISO, Encore Capital Group

Scott King Snip

READ SCOTT'S FULL PROFILE

Scott King has worked in information technology and security his entire career, giving him the ability to build up his responsibilities and experience as he progressed in leadership roles. His early jobs were more traditional IT focused roles, working in systems administration and network engineering. His first formal security role was supporting the United States Navy and the Marine Corps as an Information Security Engineer monitoring consoles, watching for malicious activity, and conducting other SOC analyst type duties. Scott explains, “This was back in the early days of information security, and security was somewhat undefined. A lot of the things that we did, we had to figure out how to do on our own. There wasn’t as much training or formal instruction manuals out there. We used our intuition and knowledge to figure out what we’re looking at and how to handle it.”

Along with a multitude of experience across different industries, Scott also has experience working on the vendor side of security, as a Cybersecurity Technical Consulting Lead and a Senior Director Cybersecurity Services for two larger security vendor organizations. He comments, “Because of these vendor side roles I have a really solid understanding of how the vendor process works, how customer success operates within a vendor organization, and how support functions operate within a vendor organization. I now understand that ecosystem at a granular level which really helps me work with the vendor community.” 

This widespread experience has enabled Scott to grow professionally, understand the business, and fine tune his communication skills. Throughout his career he has had opportunities to build, run, manage, operate, and lead security organizations. He has had exposure to how security works within sales, marketing and product management departments, along with many other business lines. 

Scott currently works as VP and CISO for Encore Capital Group, a publicly traded debt buying organization.  

FOCUSING ON CORE SECURITY PROGRAMS TO REDUCE RISK

Scott and his team work across the traditional security program areas, ensuring goals are met and projects are aligned with the business. He explains, “We focus on overall program management, in areas such as project management, activity and task management, as well as our governance, risk and compliance function which facilitates our reporting to our different boards. We also have a security operational element which focuses on things like incident response forensics and 24/7 monitoring around the operation of key security tools and controls that we run through the organization. And then an engineering architecture function where we do things like performing risk assessments of technology, evaluations and integrations with project work whether it’s an IT project or a business project. We work to help define what strategic architecture looks like in order to protect our organization as best we can using the technologies and capabilities that we’re bringing to the table from our operational capacity.”

Scott says there are also shared responsibilities with other business departments. They have a strong partnership with their IT, risk and audit teams, along with other business teams that help facilitate the security function. 

His focus for the next 12 to 18 months is addressing the ever-evolving threat landscape. He says, “The biggest focus areas for us is on our preventative capabilities and ensuring that our detective capabilities are working correctly in the way that we would need them to. And then ensuring our responsive capabilities are in place so if something should happen, we’re in a really solid position to help recover the business. These focus areas obviously have many legs to them, there’s various activities, projects, and efforts that we have underway to help bolster and improve our overall capabilities in those areas.”

LEARNING THE BUSINESS TO COMMUNICATE EFFECTIVELY 

To effectively communicate with executives, Scott relies on taking the time to learn the business. He explains, “What’s unique about a security leader is that they’re often given an opportunity to work in different industries throughout their career. And what I would advise is to spend the time to really learn what your business does, how it makes money, how it spends money, how it goes to market, what its core services and offerings are, how it interfaces with its customers, and how it interfaces with its vendors. And I don’t mean from a technology perspective, I mean from a core business service perspective.”

He continues, “Build relationships and build partnerships with the areas of the organization that are driving the business, because those partnerships and those relationships that you build are vital to your success. And through that collaboration and through that shared interest is where you will help your company be successful.”

To ensure these relationships are maintained and matured over time, Scott believes in knowing your audience and orientating security conversations around their goals and challenges.

Scott says by translating security into business risk, security leaders are able to effectively communicate and gain buy-in across the business. Scott recommends tying risk back to revenue or operational cost impact. He says, “Every business model has a run rate. They know how much money they’re generating based on operational workloads. And if you can tie back a specific availability concern or risk associated with data integrity or the confidentiality of integrity to a financial metric, you have an informed decision about how that risk stacks up against other risks the business might be impacted by.”

LEADING BY EXAMPLE

Supporting his team is paramount to Scott, and he says his goal is to enable them to be successful in their role. He provides guidance to help them both identify and overcome challenges from a holistic perspective. He comments, “I help connect the dots for people. If there’s something that we need IT or another part of the organization to work with us on, my job is to make sure we have that lane open for the team so they can do their jobs and they can be successful. And that not only can they be successful in their job now, but they can also position themselves for their future jobs.”

To continue to grow and learn as a leader, Scott is an avid reader to keep up with trends like AI and machine learning or understand the latest happenings in the technology world. It helps him stay in touch with the evolution of technology and security capabilities, and provides a deeper appreciation for what’s happening in the security industry. He explains, “And then the other thing that I’ve really found a lot of value in for myself is going through leadership development programs. These help me learn how to be more successful as both a manager and a leader. These help me think differently, develop stronger emotional intelligence, and be more of a level-headed person when addressing challenges.” 

    Subscribe

    Stay up to date with cyber security trends and more