The Security Years · 2020–2024
API security. Cloud security. Enterprise scale.
At AWS I led the Enterprise Support Security Improvement Program — scaling the team that assessed cloud security posture for large customers and delivering remediation guidance. I managed TAM teams supporting Fortune 25 customers generating more than $400M and drove a publicly traded customer's DevSecOps transformation and Cloud Center of Excellence adoption.
A byproduct of looking closely at infrastructure: I identified over $1M per month in cloud cost optimization. FinOps wasn't the job. It came with the territory.
From AWS I moved to Noname Security, working directly with the largest enterprise customers — driving post-sales API Security Program adoption, clearing technical blockers, and coaching DevSecOps teams through API security incidents. I helped organizations figure out what they actually had, what was exposed, and what to do about it.
Amazon Web Services
Noname Security
2020–2024
$400M ARR supported
$1M/mo in cost optimization identified
Back in the Field · 2019–2020
Consulting. Again.
When AFI wrapped in 2019, I picked the consulting practice back up — security, cloud, and media work. That included designing and deploying cloud media asset management solutions for major film brands, architecting secure network infrastructure, and transforming cybersecurity practices for media management organizations.
That led to Vector USA, where I was started in January 2020 as the lead Cybersecurity and Cloud Solutions Architect. But the pandemic had different plans for us. So I managed a wireless project on giant robots, and as a result I discovered a new line of business. I initiated and scaled a private LTE solution from scratch, generating $300M in sales pipeline in six weeks. That effort landed a Nokia sales award. I also designed cloud and campus network security and managed wireless solutions for OT and SCADA environments — critical infrastructure work that most security practitioners never get near.
The pandemic accelerated everything. AWS came next.
Scott Bly Consulting
Vector USA
2019–2020
$300M pipeline in six weeks
The American Film Institute · 2016–2019
What running it actually looks like.
Most of my career I've been on the vendor or consultant side — designing security programs for other people's organizations. AFI was the exception. For three years I ran the technology program for one of the most recognized institutions in the film world. Not advising, not auditing. Accountable.
I rebuilt the IT department from the ground up: overhauled policies, roadmap and budget, cut response times from weeks to minutes, implemented patch management and disaster recovery, and managed full-time staff. I led the Technology Steering Committee, the Cyber program, and the Incident Response Team — and reported to the C-suite on all of it.
On the infrastructure side: modernized the network with a 100gb core and 80gb distribution layer, increased WAN speed 13x with redundant carrier failover, maintained four-nines uptime across a campus environment. Migrated legacy on-prem SQL and ASP workloads to Azure, moved collaboration to Office 365 and Azure AD with centralized identity management and SSO. Secured the digital asset management platform, implemented DRaaS, and ran a digital transformation program that slashed web hosting costs 80%. Compliance: PCI, GDPR, FERPA — not as a checkbox exercise, but through genuine risk management and audit readiness.
And if you didn't know, AFI is a 50-year-old non-profit media organization, film festival, and the top film school in the world... unless you went to USC Film like I did, in which case you might consider it number two... but that's an argument for another day.
American Film Institute
2016–2019
80% web cost reduction
13x WAN speed increase
4-nines uptime
The Entrepreneurial Years · 2000–2016
Solo first. Then a partnership. Then a sale.
But this all started in 2000 as solo consulting work — security, infrastructure, media, legal & medical clients. That practice grew into a partnership and became IT Freeway, a tech and security consulting business that I ran for ten years before selling in 2016.
During those years I architected content security solutions that passed rigorous MPAA and Disney/Marvel security audits, designed PCI and HIPAA-compliant networks for hospitals, medical offices, and veterinary clinics, responded to ransomware and malware incidents, and provided outsourced CISO services to clients across a range of industries.
What I haven't mentioned yet: for most of those sixteen years, I was also making things. Not after hours. Simultaneously.
Scott Bly Consulting
IT Freeway
2000–2016
The parallel track · 2000–2015
The other fifteen years.
Circa the IT Freeway years.
While I was running security engagements and managing infrastructure, I was also writing, directing, and making music.
In 1998 I wrote, directed, and produced a short film called Waiting Game. It won an award. I was very serious about it at the time, which is probably why it worked.
In the mid-2000s I released a concept album under the band name The Abstract Sound. It was called Music for Space Travel. This will become relevant again later in this page.
In 2014, Scholastic published my children's novel Smasher. Real publisher. Real bookstores. Real kids who apparently read it.
The security work and the creative work weren't sequential. They ran at the same time for about fifteen years. Same instinct — building things, finding what doesn't fit, making it better. Just expressed differently depending on what needed building.
