Invest In Your People with Michael Irwin

Apex Executive Insights

By Michael Irwin, CISO, Odyssey Logistics

What is your favorite quote and why?

“Culture eats strategy for breakfast.” Over the years, this one has always stuck with me because even the best plans fall apart without the right people behind them.

When I look back over my career, the wins I’m most proud of didn’t come from some perfect strategy deck. They came from teams that trusted each other and took real ownership of the work. When people feel like they’re protecting something that matters, they show up differently. They collaborate more. They do their best work.

No strategy document can create that.

Strategy defines direction. Culture determines whether you ever reach it.

What lessons or advice have helped you get to where you are today?

A few principles have guided me.

Stay curious. The moment you assume you’ve mastered technology is the moment you fall behind. The most effective leaders are the ones who stay curious and keep learning rather than defending what they already know.

Anchor decisions in business outcomes. Technical elegance has value, but alignment with growth, resilience, and customer trust matters more.

Invest in your people before your tools. Great teams will solve problems that great software alone never could.

I also learned to say, “Yes — and here’s how we do it responsibly,” instead of defaulting to “no.”

Lastly, I’ve had to work on letting go of perfectionism. Knowing when something is good enough and deciding to move forward often creates more value than chasing the “ideal” solution.

What is the biggest challenge for a CISO today?

Speed.

Companies are moving fast with cloud adoption, AI, automation and new digital products — and the threat landscape is evolving just as quickly.

The challenge isn’t choosing innovation over security. It’s helping the organization move quickly without creating risk it can’t manage.

At the same time, you have to keep your team sharp on technologies that are still emerging. With AI, for example, we’re securing systems that are still being defined. That demands a forward posture — anticipating secondary effects and unintended consequences before they emerge.

How has the role of the CISO changed over your career?

The core job has not changed. You are still protecting the business. But the respect for the role has grown a lot. Security used to be treated as a technical function tucked away from real business conversations. Now it is a business risk function, and CISOs are expected to speak the language of the boardroom.

Part of what drove that shift is reality. Organizations have spent more and more on security while still dealing with breaches. That pushed the role toward outcomes over controls. The industry moved away from a “protect the castle” mindset toward zero trust, and the CISO role adapted with it.

How are you preparing your IT team for automation, AI, and skills shortages? 

We’re focused on embracing this paradigm shift of how people spend their time.

Automation should handle the more repetitive work so our teams can focus on areas that require judgment, creativity and strategy. We invest heavily in ongoing learning — certifications, cloud training and AI literacy — so people stay current as the landscape evolves.

We’re also shifting talent from operator roles into engineering and architecture roles. The teams of the future will do so much more than just run systems. They’ll design and continuously improve them.

How do you balance cutting-edge technology with legacy systems?  

Most organizations operate in layered environments shaped by years of growth, acquisition and operational demands — not a clean slate. And we’re no different.

Legacy systems do not go away overnight, so we segment and isolate them, modernize deliberately and apply controls proportionate to exposure. The goal is to modernize without disrupting the business.

Additionally, AI has created the opportunity to quickly modernize underlying code basis and make rapid transformational changes to legacy systems. But every decision has to balance desired outcomes against operational constraints. Large, overnight migrations are rarely the right answer.

What challenges exist when scaling infrastructure? 

In logistics, a lot of growth comes through acquisitions and global expansion. That means consistently integrating disparate networks and platforms that were never originally designed to work together.

Standardizing globally while managing cost and maintaining security is genuinely complex. We address it through common architecture standards, cloud adoption, network modernization and automation wherever practical.

How do you prepare for ransomware threats? 

We prepare in layers.

Prevention starts with the fundamentals: multi-factor authentication, network segmentation, active vulnerability management, strong RBAC, least privilege and disciplined account auditing. The basics still move the needle more than most organizations realize.

Furthermore, if we agree that humans are the biggest risk factor, our focus needs to reflect that — robust training, clear policy communication and reasonable user controls.

Detection requires 24/7 monitoring and actionable threat intelligence. And when something does happen, we rely on tested response and communication plans. Immutable backups and solid disaster recovery ensure we can recover without paying a ransom.

The goal can’t be solely prevention — it has to be resilience.

How do you balance innovation with risk management in system design? 

We start with the business objective and work backward.

Every technology decision should support growth, improve resilience, manage risk and stand the test of time. Architecture governance keeps innovation aligned with strategy. This doesn’t mean slowing down, instead it’s about making sure we build solutions we can actually work for the business long term

What are the most pressing cybersecurity challenges in 2026? 

Three areas stand out:

First, AI-driven attacks and deep-fake enabled social engineering. The barrier to creating convincing phishing or impersonation attempts has dropped significantly.

Second, supply chain and third-party risk. As organizations rely on more vendors and partners, exposure inevitably expands.

Third, the talent gap. The shortage isn’t improving, even as threats grow more complex. Emerging technologies can also amplify syndrome inside teams. We need to set practical expectations and create environments where people can learn and grow confidently. We need to check our expectations against what is practical and encourage our teams to learn and grow within our organizations.

What important leadership or business lessons have you learned? 

Early on, I thought being a leader meant having all the answers. I know now it means creating clarity when things are uncertain, clearing the path so your team can get work done, and giving honest feedback even when it is uncomfortable.

The other big lesson is about making decisions. Sitting on a decision too long is often worse than making the wrong one. You make the call, watch what happens, and adjust. Leadership is really about serving the people around you, not the other way around.

How do you balance innovation with robust security? 

Security has to be part of the design from the start, not something added at the end. We embed security into architecture reviews and development pipelines, apply zero trust principles, and make risk-based decisions rather than blanket restrictions. When security is done right, it actually speeds things up because teams do not have to go back and fix things later.

How do you keep IT teams agile during transformation? 

We keep delivery cycles short, encourage teams to work across functions, and push decision-making down to the people closest to the work. We measure outcomes, not just activity. Transformation stalls when teams are stuck waiting for approvals or trying to get everything perfect before shipping. Moving and adjusting is better than standing still.

How do you evaluate emerging technologies like AI and IoT? 

We look at business value first, then security and privacy impact, operational complexity, cost, and regulatory considerations. We move quickly on pilots, get something in front of real users, measure what happens, and scale what works. Risk of AI is largely related to the data you are feeding it – as an organization we should encourage experimentation in a low-risk, non-sensitive data way wherever possible. In the innovation space, you should lean yes unless the reasons are strong enough not to. The worst thing you can do with a new technology is spend a year evaluating it on paper while your competitors are already using it.

About Michael Irwin, CISO, Odyssey Logistics

Michael Irwin is a senior technology and cybersecurity leader with over 16 years of experience guiding organizations through complex transformation across logistics, media, and private-equity-backed environments. He specializes in aligning security, infrastructure, and operations to deliver measurable business outcomes while reducing risk.

As Chief Information Security Officer and Vice President of Technology Operations at Odyssey Logistics, Michael led the most comprehensive technology and cybersecurity transformation in the company’s history. He unified fragmented environments, modernized infrastructure, and established enterprise-wide governance and security programs that strengthen resilience and operational stability.

Michael is widely respected for his people-first leadership style, building strong cultures rooted in trust, accountability, and development. His teams consistently deliver against aggressive roadmaps while maintaining exceptional engagement and retention.

Beyond his executive roles, Michael is an active speaker, writer, and mentor in the cybersecurity community, participating in executive forums and professional organizations. Based in Charlotte, he is committed to local talent development, cybersecurity advocacy, and community involvement. He is also a dedicated family man and a youth soccer coach.

LinkedIn: https://www.linkedin.com/in/michaeljamesirwin/

Share