Greg Schaffer:
Hi, I’m Greg Schaffer. Welcome to The Virtual CISO Moment. Michael Scheidell joins us today. He is the CISO for Security Privateers and also Managing Director for TeamOne.Support. Michael, thank you so much for joining us today, and it’s great to talk to you again.
Michael Scheidell:
Good morning, Greg. Good to talk to you again.
Greg Schaffer:
So I know some of your background and past, but if you could step through, you’ve got a very interesting background and past, and we’d like to hear some of it, share with our listeners and viewers, and bring us all the way up to what you’re doing today.
Michael Scheidell:
Original interest was in real-time robotics, factory automation, started trying to figure out how you’re going to teach a robot to learn. I taught an SDS 940 mainframe how to play tic-tac-toe by learning from its mistakes. Come to find out that AI nowadays is specifically blocked from learning by its mistakes.
In ’71 I got out of mainframes, wasn’t interested. IBM offered me a job in ’82. I was stupid and thought, “Gee, if IBM wants to hire me, I must be pretty smart.” But I wanted business for myself. I started a company, Florida Data Nation—helped write software for faster toll booth systems, consulted with United Defense on the M1A1 Abrams electronic gun sight. That was a $2.8 billion boondoggle until they realized it could wipe out Iraqi tanks in 110 hours.
Greg Schaffer:
As one who was in the original Gulf War, I appreciate your service.
Michael Scheidell:
I got to play in the sand.
From robotics, I shifted. By 1994, the US Geodetic Survey Service found I was porting POSIX software to a real-time OS. They were worried about the 60,000 people on the Internet accessing seismic data, so they paid me to do work. I sold that company in 1998.
I wanted to consult and developed something I called the Hacker Trap—basically malware without payloads used to test customers’ networks. This grew into SECNAP. We did DoD work, inline IPS, FreeBSD kernel code. At one point, our device sat on Hillary Clinton’s bathroom floor for three months until she plugged it in—it filtered all email in and out of her server.
I had left the company by then, but still. Later, the board wanted to send our source code to China, and I decided to leave for good.
By 2012 I wanted to return to consulting—go in, fix problems, make money, take vacations.
Greg Schaffer:
Wait. Is that the way it’s supposed to work? Go in, fix problems, make money, then take vacations? Because I’ve got the first two down. I’m not doing well on the last one.
Michael Scheidell:
Well, one Sunday morning at 5:30 a.m. a big client called from Amsterdam because no one answered the SOC after three rings. We ran 24/7. That was it for me.
I launched Security Privateers—initially to do privacy and security consulting. Learned quickly you can’t have privacy without security, but you can have security without privacy.
Then three years ago, one of our clients needed a DoD contract. Their IT provider’s CEO couldn’t pass a background check. Around that time, I was volunteering with GREY TEAM, a veterans’ treatment nonprofit. I decided to found Team One Support—hiring veterans, giving them real-world IT training through managed IT services. Certifications don’t prepare you for 30 Windows machines rebooting before a Monday morning meeting. Real work does.
Greg Schaffer:
That’s such an awesome point. Certifications, boot camps, even college don’t prepare you for real-world business environments when things break. Trial by fire is the only way. What’s the reaction of someone green, especially introverted, when people start yelling at them?
Michael Scheidell:
I was that guy once—shy, didn’t want to talk on the phone, smashed phones instead of hanging them up. What changed me was being forced to speak at conventions, and later serving as a church elder. Suddenly I was talking to 600 people. It broke me out of my shell.
Some veterans can’t work 8-hour shifts—they need flexibility for VA visits or just can’t sit still. So I structure it like Security Privateers: part-timers come in, solve tickets, log off. I’ve got one guy with insomnia who works at 3 a.m.
Greg Schaffer:
That’s really the key to breaking out of your shell. In InfoSec, it’s a business concern—you have to understand the business and communicate both ways.
Michael Scheidell:
If Bill Gates had just been a geek, we’d be running Unix.
Greg Schaffer:
(laughs) Maybe he should have been.
Michael Scheidell:
AI is interesting. Ask it why it can’t learn from mistakes—it says safeguards prevent it from learning the wrong things. But that’s how people learn. Meanwhile, how many times a day does a computer make you prove you’re not a robot? We’re training AI, not the other way around.
Greg Schaffer:
I’m always polite with AI. When they take over, I want them to remember me kindly.
So let’s switch gears. What are the biggest challenges when you serve SMBs?
Michael Scheidell:
They pay me for advice. Whether they follow it is up to them. “Commercially reasonable” is the phrase. A six-person company may not afford full dev/QA/prod separation, but they still face real risks.
CISOs need to talk in business terms, not TCP vs UDP. Talk EBITDA. If you can’t tie security to revenue or cost savings, you’ll fail.
Greg Schaffer:
Exactly. Many corporate CISOs think they can be vCISOs, but they don’t understand business. And none of the SMBs have the enterprise tools they’re used to.
Michael Scheidell:
If you want to start your own business, have two years of living and business expenses ready. And know this: it’s stupidly hard.
Greg Schaffer:
Yes. It isn’t easy. And understanding SMB stresses is critical. That leads to my next question—how do you decompress?
Michael Scheidell:
I build things. I’ve got a 2,200-gallon tilapia pond, solar powering our office, I cut firewood, I walk on the beach. When raising $7.5M for Security Privateers, VCs wanted me to say I wanted to be rich. But I just wanted time to learn and build.
Greg Schaffer:
That’s key—get outside, learn, build. For me, it’s mountain biking. Even messy projects teach you.
Michael Scheidell:
Exactly. You can’t learn from success. Only from mistakes.
Greg Schaffer:
So what are your future plans?
Michael Scheidell:
Maybe retire in five years. But really, I’ve already “retired” three times. What I want is to focus on veterans. They pledged their lives for strangers. I want to help them adjust to being civilians again, to become that “third person” they need to be.
Greg Schaffer:
That reminds me—when I came back from Desert Storm, there was a line of Vietnam veterans welcoming us. They said, “Thank you,” but what they meant was, “Now we’re home, too.” That still chokes me up.
Michael Scheidell:
Since 9/11, 9,000 died in combat. A quarter million died from suicide. Veterans need us.
Greg Schaffer:
Exactly. Security is about people, not just bits and bytes. That’s why I love talking with you, Michael.
Michael Scheidell:
Anytime. Try to cut this down to 30 minutes. I dare you.
Greg Schaffer:
(laughs) I knew this would go long. Thanks again, Michael. And everybody—stay secure.