Michael Schnabel
Vice President and Interim CIO
University of Texas Health Science Center - San Antonio
Since 2013, Michael Schnabel has served as Assistant Vice President of Infrastructure & Operations and CISO at the University of Texas Health Science Center at San Antonio. He has executed a continuous improvement lifecycle strategy encompassing projects in cyber resiliency, zero trust infrastructure, cyber threat protection automation, incident response, vulnerability management, data protection, cloud security, emerging technology, endpoint security, and identity management.
A defining characteristic of Michael's higher education roles is his passion for creating IT-shared governance structures built on collaboration among administration, faculty, staff, and students.
With a diverse career spanning 35 years in various technology roles, Michael has more than 25 years of experience in technology leadership, infrastructure services, network operations, cybersecurity, and cloud architecture across higher education, healthcare, financial services, and oil and gas sectors.
He has held senior positions at City of Hope National Medical Center, Union Oil, and Washington Mutual, where he led efforts to build hyper scale infrastructure and data center environments, mature IT operations, and establish cyber operations and governance programs.
Michael holds multiple certifications in information assurance, including CISSP, CISM, CRISC, CCSP, and ITIL.
Outside of the office, Michael is an avid bicyclist, blending his passion for fitness with his professional drive for excellence.
Learn more about the Houston CISO community here.
Give us a brief overview of the path that led to your current role.
Through my early career, I progressed through architecture roles in key projects spanning data center infrastructure engineering, local and wide area network architecture, call center telecom builds, and mainframe rationalization. This early experience provided me with a foundational understanding of engineering principles, control frameworks, and how to execute diverse change initiatives. Importantly, these responsibilities directly highlight the importance of balancing people and process collaboration with technology enablement.
Balancing a diverse technology background with the opportunity to lead the development of governance and operations control programs has allowed me to step into senior roles as CIO of a regional bank, serve on governance and board committees, and is represented in the multi-faceted teams and functions I lead today around UT Health's technology, cyber and information security functions.
What is one of your guiding leadership principles?
Firmly believe in the value of diverse voices leading as a key contributor to team resiliency, problem solving and operational strength. As a leader, I focus my core responsibility in ensuring my teams, peers and colleagues around me are in the right position, with the right tools and support to succeed and flourish. That starts by building a community mindset so that everyone in that orbit feels connected to the mission and actively engaged on success.
What is the greatest challenge CISOs face today, and how are you addressing it?
Focusing on the academic healthcare environment, a key challenge is balancing technology enablement with the culture of open collaboration and innovation. This setting blurs the definition of insider threats and can disrupt objectives centered on comprehensive security governance, protection, and resiliency.
Addressing this challenge requires continuous dialogue and collaboration to scope agile security controls and practices around novel, outcome-driven objectives. Adapting security controls and governance is informed through the creation of peer advocate communities of practice (research, clinical, faculty, and student), allowing us to connect outcomes with success stories.
What is the key to success for someone just starting out as a CISO?
Be an active listener and endlessly curious. Accept the responsibility to be the center of difficult conversations and be transparent with a measured approach that is succinct and confident in decision making.
This approach is particularly sensitive for the success of a security team where InfoSec can commonly be seen as a barrier or create friction to operational enablement and innovation.
How do you measure success as a leader?
Starts with the people and their accomplishments individually and collectively as a team. Establishing a framework that allows team members to be successful, and teams are structured so that individuals at the lowest level in the organization are engaged and empowered for continuously improving their processes, challenged to solve problems and serve as a collaboration foundation across their peers and the user communities they support. This is measured through continuous improvement metrics, feedback on engagement, retention, and career path progression.
From an operations perspective, I measure success on how our initiatives directly impact – improve, govern and enable – our strategies and missions.This outcome-driven approach is continuously measured to ensure we are maturing on a constant/consistent basis, directly aligned to stakeholder satisfaction and engagement, and direct examples of our ability to adapt to and drive change within my organization.
What is the value of being a member of the Evanta community?
The opportunity to serve the security community and collaborate on diverse challenges, novel approaches, and unique environments.
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.