Jason Shafferman

Business Information Security Officer | Information Security Leader | Risk Manager

Marlborough, MA, United States

Details

Education: Chief Information Security Officer (CISO) Certificate

Cybersecurity

Carnegie Mellon University - Heinz College of Information Systems and Public Policy

2022 : 2023

Bachelor's degree

Forensic Networking and Security

Roger Williams University

2009 : 2013

Experience: 2023 : Present

Brown & Brown Insurance

Business Information Security Officer (BISO)

• Orchestrated annual executive cyber security table-top exercises for proactive response planning and risk mitigation.

• Spearheaded information security oversight for a complex organization, leading transition to full cloud native infrastructure (AWS, Azure, M365, Gsuite) and ensuring optimal security posture.

• Drove strategic business partnerships with vendors whose products had integration potential with our XDR (Extended Detection and Response) platform, fostering collaborations to enhance our platform's capabilities and provide comprehensive solutions to our customer

• As a member of the Risk Committee, I advised the Executive Leadership Team on Information Security Risks and Mitigations, drove projects to reduce overall risk to the company

• Designed and built robust incident response program for new XDR Platform, improving cybersecurity incident response and mitigation capabilities.

• Enhanced a vulnerability management program to reduce risk in cloud environments.

• Provided expert recommendations on security tooling and led my team in the implementation of technology solutions across the organization.

• Managed day-to-day operations for critical security functions including Incident Response, Vulnerability Management, Insider Threat, Security Engineering, and Development.

• Aligned security response tooling with industry-leading NIST Cybersecurity Framework, ensuring compliance with best practices and standards.

• Provided expert audit support for FFIEC, SOX, and SOC2 compliance, demonstrating commitment to regulatory requirements.

• Defined, monitored, and reported to executive management KRI and KPIs for Information Security

• Responsible for overseeing (EDR, CSPM, DLP, CASB, Vulnerability Scanners, Proxies, IDS/IPS)

• Offered subject matter expertise to assess potential merger and acquisition targets, evaluating their relevance to our platform and potential customer base

2021 : 2023

Secureworks

Director Security Operations - CISO Department

• Responsible for up to two Matrixed Team Leads and fifteen direct reports reaching revenue, margin, and utilization targets on a weekly, monthly, quarterly and annual basis; and the forecasting, tracking and reporting.

• Provided management of daily operations for 30-50 open consulting projects at any time including high-profile incidents that garnered media attention, effectively mitigating risks and minimizing the impact on the organization.

• Provided expert guidance and strategic direction to executives and boards during and post-incident, offering comprehensive briefings and roadmaps that demonstrated a deep understanding of complex cybersecurity issues.

• Established a College Recruitment and Development program, achieving a remarkable 100% retention rate after 2.5 years and driving profitability within just 6 months.

• Managed a team of highly skilled incident responders, overseeing multiple concurrent complex projects and delivering successful outcomes in challenging environments.

• Served as the final escalation point for any customer concerns or complaints arising from consulting engagements; worked quickly and effectively to resolve the issue, and recover customer relationships

• Functioned as incident commander on major breaches involving the theft of intellectual property and large-scale ransomware. Directed multiple incident response (IR) responders, coordinated threat intelligence efforts, and managed remediation activities.

• Guided executives on strategic decisions related to recovery and risk mitigation in the aftermath of breaches.

2017 : 2021

SecureWorks

Senior Manager, Incident Response and Forensic Consulting

2017 : 2017

SecureWorks

Incident Response Team Lead

2015 : 2017

SecureWorks

Incident Response Senior Consultant

Company: Brown & Brown Insurance

Years of Experience: 12

Skills Computer Forensics, Computer Security, Consulting, Customer Service, Cybersecurity, cyber security, Cybersecurity Incident Response, Cyber Threat Hunting (CTH), Digital Forensics, Forensic Analysis, FTK, Incident Handling, Incident Management, Incident Response, Information Security, Information Security Management, Leadership, Log Analysis, Malware Behavioral Analysis, Microsoft Office, Network Forensics, Networking, Network Security, Sans SIFT, Security, Security Awareness, Security Incident & Event Management, Security Incident Response, Security Roadmap, Targeted Threat Response, Team Leadership, Teamwork, Troubleshooting, Volatility, Vulnerability, Windows, X-Ways

About Jason is an accomplished cybersecurity professional with over a decade of experience in the industry. He has a proven track record of leadership in incident response, vulnerability management, digital forensics, and nation-state threat groups. Throughout his career, Jason has demonstrated his expertise in developing and implementing comprehensive security programs that protect organizations from a wide range of cyber threats.

Currently, Jason leads the Secureworks Security Operations team in the office of the CISO. His team is responsible for a wide range of security operations, including vulnerability management, incident detection and response, threat hunting, security automation, and insider threat. They secure a complex zero-trust network that focuses on protecting identities and devices, and take a risk-based approach to protecting the large multi-cloud organization.

One of Jason's key strengths is his ability to work closely with partners in IT to ensure a secure environment that enables business partners to have easy access to data and services. He understands the importance of balancing security with business needs, and he has a proven track record of developing security programs that support organizational objectives.

Prior to joining the CISO team in 2021, Jason served as a Senior Incident Response consulting manager, where he specialized in leading large-scale incident response and digital forensics engagements. He led multiple large-scale, multi-site breaches involving the destruction and theft of intellectual property, personally identifiable information, and ransomware. These cases often involved nation-state adversaries and required complex remediation planning to ensure proper removal of threat actors from networks.