Carl Scaffidi
CISO
Vystar Credit Union
Carl Scaffidi is the global CISO of InComm Payments, an innovative payment solutions FinTech company, responsible for developing and executing strategy, governance, risk, compliance and resilience to build and lead a comprehensive Security program.
With over twenty years of IT and security experience, Carl’s previous roles have included CISO of Baker Donelson, Global Architecture Lead for EY Cyber Defense and Threat & Vulnerability Management while previously working as an Information Security Consultant for PwC and Accenture.
Carl is a former collegiate football student-athlete at New Mexico State University and holds a bachelor's degree in Electrical and Computer Engineering Technology with a minor in Security Technology.
Learn more about leaders in the Atlanta CISO community here.
Give us a brief overview of the path that led to your current role.
I have always been interested in technology and security and might be one of the odd people who knew what they wanted to do before college, went to college for it and directly into the career field. I didn't originally have a plan to be a CISO, but as I continued to grow in my knowledge and experience, the path developed itself.
From the first part of my career in consulting, I saw many different environments and approaches, with different levels of success and failure and have been able to use that knowledge to build and adapt security programs. Prior to my current role at InComm, I built a program at Baker Donelson from scratch and was very comfortable and happy, but the opportunity to grow the program at InComm was too good to pass up.
What is one of your guiding leadership principles?
Security is a team game; it is about relationships and must be integrated and cross functional with engagement in every department in the organization. Not everyone will be an “A” player, but everyone will play as a team and fill the role needed to make the security program better.
With disruption being a key theme of the past few years, where do you see your role as a CISO going in the next 1-2 years?
In the next several years, I see the role growing into a greater level of business enablement. As many threats evolve — and the development of protection capabilities — businesses are looking for partnerships that they can trust. Being able to trust a company that your data, communications and interactions are going to be secure is a huge advantage and can help that company grow.
What advice would you give to someone just starting out in the role as a CISO?
Have relationships with everyone and encourage security to have a face and make it a smiling one.
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.