JS

Chief Information Security Officer

James Scobey

A twenty-five-year cybersecurity executive operating at the intersection of federal financial regulators, commercial fintech, and cloud-native security architecture.

  • CISSP
  • MBA
  • M.Eng. Cybersecurity Policy & Compliance
  • Active TS/SCI
I

Executive Profile

James Scobey is a twenty-five-year cybersecurity executive whose CISO portfolio spans two federal financial regulators — the U.S. Securities and Exchange Commission and the Public Company Accounting Oversight Board — and a commercial and federal SaaS provider operating concurrently under SOC 2, ISO 27001/27017/27018, FedRAMP, StateRAMP, and DoD IL-5.

At the SEC he defined and executed the Commission's Zero Trust strategy under OMB M-22-09, modernized the Security Operations Center to address nation-state threats, and served as the primary security liaison to Commission leadership, Congressional staff, OIG, and GAO across a 10,000-user enterprise protecting market-critical infrastructure and non-public filing data.

At Keeper Security he ran continuous authorization across the exact multi-framework, multi-customer operating model that regulated fintech platforms now require as they extend services to commercial and federal clients. As current Chief Technology Officer of an SBA 8(a) federal services firm, he carries hands-on cloud-native security work — AWS GovCloud architecture, CMMC Level 2 program ownership, AI-enabled security automation — that gives him the engineering credibility to challenge solutions constructively rather than only oversee them.

He brings the regulator's perspective, the commercial fintech operating model, and the technical depth that today's most complex security mandates demand.

II

Strategic Fit

CSF 01

Strengthen and evolve the enterprise security strategy and operating model

Mature cybersecurity posture and operational resilience in a highly regulated cloud-native environment; scale the program with business growth, additional products, and an evolving threat landscape.

  1. SEC · 2022–2024 Directed the Commission's comprehensive information security program under FISMA, NIST 800-53, and federal cybersecurity directives across a 10,000-user enterprise protecting market-critical infrastructure and non-public filing data.
  2. Keeper Security · 2024–2025 Maintained continuous compliance and authorization concurrently across SOC 2, ISO 27001/27017/27018, FedRAMP, StateRAMP, and DoD IL-5 — the multi-framework operating model regulated fintech platforms require as they commercialize.
  3. PFPA · 2016–2017 Led the Pentagon Force Protection Agency through its first successful DISA Command Cyber Readiness Inspection through proactive infrastructure improvements and a new vulnerability remediation process.
  4. S2i2 · 2025–present Established a CUI enclave on AWS GovCloud (WorkSpaces, Managed AD, Duo MFA, PreVeil, CrowdStrike Falcon) and authored the CMMC Level 2 SSP with assessment-ready evidence across all 110 NIST 800-171 controls.
CSF 02

Build stronger executive, business, and stakeholder alignment around security

Elevate cybersecurity as a business enabler through proactive engagement with executive leadership, regulators, ownership stakeholders, and technology and business teams.

  1. SEC Served as the primary security liaison to Commission leadership, Congressional staff, and external oversight bodies (OIG, GAO) on cyber posture and incidents — direct analog to multi-stakeholder regulator and Board reporting models.
  2. PCAOB · 2025 Briefed the PCAOB Board and executive leadership on cybersecurity posture, emerging risk, and program maturity, with the SEC as the secondary oversight body.
  3. Keeper Security Managed relationships with external auditors, certification bodies, regulators, and federal customers — proven record of converting security posture into commercial trust and sales enablement.
  4. SEC Partnered with Enterprise Risk Management, Internal Audit, OIG, and GAO to identify, evaluate, and report organizational cyber risk within tolerance.
CSF 03

Advance cloud, AI, and modern security capabilities

Drive evolution of security architecture and controls across a fully cloud-based environment built on Zero Trust principles, including cloud security, identity, monitoring, automation, threat detection, and the use of AI to enhance security capabilities.

  1. SEC Defined and executed the Commission's Zero Trust strategy aligned to OMB M-22-09 and the CISA Zero Trust Maturity Model pillars across identity, devices, networks, applications, and data.
  2. S2i2 · Current Designing and operating AI-augmented security capabilities on AWS Bedrock, including automated log analysis, anomaly detection, and adverse-event identification across federal client environments. Production experience using generative AI inside the security function, not solely as a governance domain.
  3. SEC Led modernization of the Security Operations Center to address advanced persistent threats and nation-state actors, introducing new detection, automation, and response capabilities.
  4. SEC · 2018–2021 Founded and led the SEC Cloud Center of Excellence, establishing agency-wide cloud security strategy, reference architectures, and implementation standards.
  5. MITRE Architected a DevSecOps toolchain automating evaluation and deployment through CI/CD; integrated the MITRE ATT&CK framework into the cybersecurity lab; secured DISA Risk Management Executive Approval to Operate for a national security system.
CSF 04

Continue building and developing a high-performing security organization

Lead and mentor a strong Information Security organization while strengthening leadership depth, operational discipline, collaboration, and succession capability. Balance strategic thinking and executive presence with hands-on credibility.

  1. SEC Managed federal employees and contractors across cybersecurity engineering, operations, and policy and compliance functions; led talent strategy and team scaling across multiple disciplines.
  2. Keeper Security Built and mentored cross-functional security, compliance, SecOps, and DevSecOps teams; established executive-level security metrics and reporting cadence.
  3. Recognition MITRE Director's Award and Officer's Award for distinguished service across multi-organization national security engagements.
  4. Hands-on credibility CISSP #358739, AWS Certified Solutions Architect – Associate, AWS Certified Cloud Practitioner, VMware VCP; current operator of CrowdStrike Falcon, AWS WorkSpaces, and Microsoft Entra ID; DevSecOps engineer (not only manager) at MITRE on NBIS for DISA.
III

Career Track

  1. 2025 — present
    Chief Technology Officer & VP of Operations S2i2, Inc. · Oakton, Virginia
  2. 2025
    Chief Information Security Officer Public Company Accounting Oversight Board (PCAOB) · Washington, DC
  3. 2024 — 2025
    Chief Information Security Officer Keeper Security, Inc.
  4. 2022 — 2024
    Chief Information Security Officer U.S. Securities and Exchange Commission · Washington, DC
  5. 2022
    President & CEO SigmaCyber LLC
  6. 2021 — 2022
    Chief Technology Officer U.S. Securities and Exchange Commission · Washington, DC
  7. 2018 — 2021
    Assistant Director, Cybersecurity Operations U.S. Securities and Exchange Commission · Washington, DC
  8. 2017 — 2018
    Cyber Performance Systems Engineer The MITRE Corporation
  9. 2016 — 2017
    Chief Information Security Officer S2i2, Inc. · Pentagon Force Protection Agency
  10. 2006 — 2016
    Founder & Chief Technology Officer Federal Data Systems (FEDDATA)
  11. 1997 — 2006
    Earlier Career Director and engineering roles · USmax, By-Light, SMS Data Products, and others

Download full résumé →

IV

Credentials

Education

  • M.Eng., Cybersecurity Policy & Compliance George Washington University · 2020
  • Master of Business Administration University of Maryland Global Campus · 2014
  • B.S., Computer and Information Science University of Maryland Global Campus · 2012

Certifications

  • Certified Information Systems Security ProfessionalCISSP · #358739
  • AWS Certified Solutions Architect – Associate
  • AWS Certified Cloud Practitioner
  • VMware VCP – Network Virtualization and Desktop Mobility

Clearance

  • Active TS/SCI