Vice President, Information Security, Leads a Dedicated Security Team
By Roy Urrico
Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security (infosec), cybersecurity and/or information governance to protect data and transactions at credit unions and other financial institutions, and fintechs serving the financial services industry.
Scott Merrick, vice president, information security, at St. Petersburg, Fla.-based Velera, never targeted information technology as a career but now oversees what he describes as “the info security operations, engineering and architecture functions that comprise 20 extremely talented security professionals.”
Getting Into Computers
Merrick originally hails from Kalamazoo, Mich., but moved to Florida at an early age. He graduated from Crystal River (Fla.) High School in 1991. “We had a computer lab there that had Macintosh Classic II computers. That was my favorite class by far in high school, and I would often try my hand at writing some programs after school hours.”
Later, Merrick attended St. Petersburg College and the University of South Florida. He graduated in 1996, while working full-time at a Walgreens Pharmacy. “It was very tough going to college and working full time but in the end, it was well worth it, as I have been blessed with a wonderful career,” said Merrick.
In 1997, Merrick recalled, “I worked as a sterilization technician at a medical sterilization plant built by Johnson & Johnson that specialized in sterilizing custom medical trays. The computers and machinery at the facility were proprietary and cutting edge for the time.”
Siemens created and supported the systems that controlled the sterilization process, but the company’s support was based out of Europe, making it difficult for them to dispatch a technician and fix systems at the Clearwater, Fla. facility in a timely manner. “Subsequently, I began helping Siemens remotely. I apparently did a great job, as my company (Maxxim Medical Inc.) asked if I was interested in a position in the IT department. I eagerly accepted and began as a night operator supporting Unisys mainframe and monitoring systems.” After a few months, the company moved Merrick to engineering to support Windows workstations, servers and some proprietary manufacturing systems that supported the medical tray supply chain.
Merrick remained in that role for a few years, before he changed jobs to run a large telecom department. “My manager at the time had a good friend who was the CEO of a startup wireless network security company and they needed a manager to run the IT department,” he told Finopotamus. “I interviewed for the position and landed the job. From that point in my career to present day, I have managed IT infrastructure and security departments and procured Microsoft, Cisco and Wireless Security certifications along the way. It has now been over 25 years – amazing how time flies.”
Current Information Security Role
Merrick joined Velera (then PSCU) in 2018 as manager of information security and has served as vice president since October 2023. “I have the tremendous benefit of working for a wonderful CISO (chief information security officer, David Bryant).”
Merrick credits Bryant for laying the groundwork for “a best-in-class cybersecurity program. His support and the unwavering dedication and support of each team member is the secret sauce of our cyber program’s continual success. I feel very blessed to be a part of such a wonderful team.”
Velera, according to Merrick, leverages best-in-class security tools and partners to secure data for more than 4,000 financial institutions against an ever-changing global threats landscape.
“As an organization, Velera regularly invests in its cybersecurity programs to enhance detection through leading-edge tools, innovative analytics and experienced talent,” Merrick said. He added, “We also frequently participate in industry cyber-forums and collaborate with industry partners and regulatory agencies to ensure successful compliance.”
Threats Causing Sleepless Nights
When Finopotamus asked, “What threats keep you up at night?” Merrick offered a three-pronged response:
Human error. “Understanding that people play an important role in the security of our company. Ensuring continuous technical and security awareness training, as well as always being mindful of security, is key to defending against bad actors and reducing risk.”
Hiring and maintaining strong talented cybersecurity personnel. “High turnover in cybersecurity introduces risk as it takes time to get new talent up to speed on our internal landscape, business processes and cyber tech stack. Company culture, training programs and benefit packages all play a vital role in attracting and retaining top talent.”
Addressing burnout. “I feel this slips under the radar too much in many organizations. Today, it is no longer enough to simply take your accrued PTO (personal time off); if you do not have a well-balanced, cross-trained, functional team, burnout can creep in rather quickly. This is very dangerous as security personnel can easily make mistakes that could jeopardize company or client data – it can give bad actors an easy win. Managing burnout is vital for a successful cybersecurity program.”
Top Cybersecurity Dangers to Credit Unions and Other Financial Institutions
“Bad guys” love to target credit unions and other financial institutions, cautioned Merrick. “A lot of what we are currently seeing is targeted phishing scams called ‘whaling’ and ransomware.” Whaling is a sophisticated phishing attack that targets prominent individuals in an organization to steal sensitive information.
“It is easy for bad actors to craft very convincing malicious emails to target and lure employees into entering credentials, wiring money or clicking on a link; once that happens, the victim’s data can be held hostage until a ransom is paid,” said Merrick. “It is vital to have a strong phishing awareness training program and security tech stack to reduce risk and combat the ever-changing threat landscape.”
Velera – formerly PSCU/Co-op Solutions – describes itself as the nation’s premier payments CUSO and an integrated financial technology solutions provider. It helps credit unions and other financial institutions make strategic, data-informed decisions on behalf of their members and customers. The company is composed of over 5,000 employees with an annual revenue of $1.3 billion.