Former U.S. Fed CIO: ‘Don’t Waste a (Cybersecurity) Crisis’

UNIVERSAL CITY, Calif. — When Tony Scott, former CIO for both Microsoft and The Walt Disney Co., was asked to take on the same role for the federal government — toward the tail end of President Obama’s second term — he was beyond skeptical.

Lame duck presidency, politically charged environment, little in the way of guaranteed job stability … Scott had a lot of reasons to avoid the job offer of being just the third federal CIO in U.S. history, he said May 25, speaking at the HITS: Spring 2017 event.

But, after reluctantly accepting the gig, Scott quickly discovered something wonderful: IT is a rare corner of Washington, D.C. where there’s zero red vs. blue political nonsense.

“IT isn’t a political tug of war in Washington,” he said. “There’s universal agreement, that IT in the federal government is broken, and it needs to be fixed.”

And he made the most of his new position: just months after taking on the CIO role in early 2015, the United States Office of Personnel Management (OPM) announced it had been the victim of a cyberattack, targeting the records of millions of people. That data breach — perhaps the largest in U.S. government history — led Scott to adopt a mentality, one media and entertainment CIOs can adopt: “Don’t waste a crisis,” he said.

More than a decade earlier, every CIO for federal agencies had been tasked with having two-factor authentication adopted in their departments. Before the OPM breach, a mere 40% had actually done so. Less than two months after the breach, Scott and his team got two-factor authentication installed in more than 80% of federal departments. How?

“I decided the best way was public embarrassment,” Scott said. He made CIOs from every department accountable, creating a weekly, public score card, tracking the progress of cybersecurity prevention work in every federal agency. “They all figured out that they didn’t want to be on the bottom of that list,” he said.

Accountability is one aspect of cybersecurity the media and entertainment sector can take away from Scott’s government experience, but another is to make sure M&E CIOs don’t take their foot off the brake when it comes to requesting funding for IT departments, he said.

“We’re under another set of changes in IT, and it’s because of the cybersecurity crisis we’re feeling today,” Scott said. “Convince your board of directors: when we spend money in this space, we get results that are meaningful.

“We won’t prevent every crisis, but we can reduce the impact.”

HITS: Spring is the largest gathering of the L.A. entertainment community’s most senior IT executives and technologists. More than 500 people attended HITS: Spring on May 25 at the Sheraton Universal Hotel in Los Angeles. Produced by the Media & Entertainment Services Alliance (MESA), in partnership with the Hollywood IT Society (HITS), the Content Delivery & Security Association (CDSA), and the Smart Content Council, HITS: Spring is presented by Entertainment Partners, with sponsorship by Box, TiVo, Avanade, Amazon Web Services, Expert System, IBM, MarkLogic, MediaSilo, Microsoft Azure, Composite Apps, Deluxe, EIDR, HGST, SAS, Sohonet, Sony DADC NMS, Zaszou IT Consulting and Ooyala.

For more information visit