Jason Shafferman
Education:
Chief Information Security Officer (CISO) Certificate
Cybersecurity
Carnegie Mellon University - Heinz College of Information Systems and Public Policy
2022 : 2023
Bachelor's degree
Forensic Networking and Security
Roger Williams University
2009 : 2013
Experience:
2023 : Present
Brown & Brown Insurance
Business Information Security Officer (BISO)
• Orchestrated annual executive cyber security table-top exercises for proactive response planning and risk mitigation.
• Spearheaded information security oversight for a complex organization, leading transition to full cloud native infrastructure (AWS, Azure, M365, Gsuite) and ensuring optimal security posture.
• Drove strategic business partnerships with vendors whose products had integration potential with our XDR (Extended Detection and Response) platform, fostering collaborations to enhance our platform's capabilities and provide comprehensive solutions to our customer
• As a member of the Risk Committee, I advised the Executive Leadership Team on Information Security Risks and Mitigations, drove projects to reduce overall risk to the company
• Designed and built robust incident response program for new XDR Platform, improving cybersecurity incident response and mitigation capabilities.
• Enhanced a vulnerability management program to reduce risk in cloud environments.
• Provided expert recommendations on security tooling and led my team in the implementation of technology solutions across the organization.
• Managed day-to-day operations for critical security functions including Incident Response, Vulnerability Management, Insider Threat, Security Engineering, and Development.
• Aligned security response tooling with industry-leading NIST Cybersecurity Framework, ensuring compliance with best practices and standards.
• Provided expert audit support for FFIEC, SOX, and SOC2 compliance, demonstrating commitment to regulatory requirements.
• Defined, monitored, and reported to executive management KRI and KPIs for Information Security
• Responsible for overseeing (EDR, CSPM, DLP, CASB, Vulnerability Scanners, Proxies, IDS/IPS)
• Offered subject matter expertise to assess potential merger and acquisition targets, evaluating their relevance to our platform and potential customer base
2021 : 2023
Secureworks
Director Security Operations - CISO Department
• Responsible for up to two Matrixed Team Leads and fifteen direct reports reaching revenue, margin, and utilization targets on a weekly, monthly, quarterly and annual basis; and the forecasting, tracking and reporting.
• Provided management of daily operations for 30-50 open consulting projects at any time including high-profile incidents that garnered media attention, effectively mitigating risks and minimizing the impact on the organization.
• Provided expert guidance and strategic direction to executives and boards during and post-incident, offering comprehensive briefings and roadmaps that demonstrated a deep understanding of complex cybersecurity issues.
• Established a College Recruitment and Development program, achieving a remarkable 100% retention rate after 2.5 years and driving profitability within just 6 months.
• Managed a team of highly skilled incident responders, overseeing multiple concurrent complex projects and delivering successful outcomes in challenging environments.
• Served as the final escalation point for any customer concerns or complaints arising from consulting engagements; worked quickly and effectively to resolve the issue, and recover customer relationships
• Functioned as incident commander on major breaches involving the theft of intellectual property and large-scale ransomware. Directed multiple incident response (IR) responders, coordinated threat intelligence efforts, and managed remediation activities.
• Guided executives on strategic decisions related to recovery and risk mitigation in the aftermath of breaches.
2017 : 2021
SecureWorks
Senior Manager, Incident Response and Forensic Consulting
2017 : 2017
SecureWorks
Incident Response Team Lead
2015 : 2017
SecureWorks
Incident Response Senior Consultant
Company: Brown & Brown Insurance
Years of Experience: 12
Currently, Jason leads the Secureworks Security Operations team in the office of the CISO. His team is responsible for a wide range of security operations, including vulnerability management, incident detection and response, threat hunting, security automation, and insider threat. They secure a complex zero-trust network that focuses on protecting identities and devices, and take a risk-based approach to protecting the large multi-cloud organization.
One of Jason's key strengths is his ability to work closely with partners in IT to ensure a secure environment that enables business partners to have easy access to data and services. He understands the importance of balancing security with business needs, and he has a proven track record of developing security programs that support organizational objectives.
Prior to joining the CISO team in 2021, Jason served as a Senior Incident Response consulting manager, where he specialized in leading large-scale incident response and digital forensics engagements. He led multiple large-scale, multi-site breaches involving the destruction and theft of intellectual property, personally identifiable information, and ransomware. These cases often involved nation-state adversaries and required complex remediation planning to ensure proper removal of threat actors from networks.