When you walk into the classroom or log in to take one of Jason’s courses, you are joining an instructor who has both a wealth of experience and knowledge to share, as well as the striking ability to adapt to you, the student. Jason’s background in cybersecurity spans over 20 years and includes multiple roles in the industry, ranging from engineering to incident response and national security. This breadth of experience gives Jason a unique perspective about cybersecurity. On one end of the spectrum, Jason has developed solutions on a multi-million-dollar budget; on the other end, he has managed security programs with a team of zero and a few pennies. In other words, he has been in the same situations as his students and has worked through the same types of problems when it comes to managing cyber risk. This background enables Jason to speak his students’ language when it comes to industrial security, whether they are from IT, OT, or somewhere in between. He can look at problems from the student’s point of view, whether it in engineering, operations, security management, compliance, or any number of other areas.
“Jason's ability to explain the complex concepts and apply them to his real-world experiences and depth of knowledge was exemplary. His teaching skills are fantastic and his relaxed approach made the course content easy to follow and digestible.” – Jeff Jones, E-ISAC
Jason holds two engineering degrees: a computer engineering degree form Binghamton University in New York, and a master’s in electrical engineering and power systems from Cornell University. He is able connect the language of engineers and operators to cybersecurity through his practical experience and academic background. Prior to SANS, Jason was a lecturer in academia and facilitated cybersecurity workshops, experiences that made him want to teach and share his knowledge with others. His hope is that his students will learn not only best practices, but also learn from his past mistakes on the road that led to his successes. In Jason’s dynamic and challenging classes, you certainly won’t encounter “death by PowerPoint.” As recalled by one of his students, Ruth Ann Hofmann of Midcontinent Independent System Operator (MISO), Jason “…kept [the course] interesting and lively. I am spoiled now. I don't know many instructors anywhere like Jason who can keep the momentum going. Jason definitely sets the bar VERY high.”
Jason is not the type of person to sit back and wait for change to happen. A trailblazer by nature, he started his cybersecurity journey 20 year ago when there weren’t any degrees in ICS or OT security and organizations didn’t even know what they were. When working as an ICS engineer years ago he recalls asking the simple question, “Hey, who does security for this system?” When the response was resounding silence, Jason decided to do something about it, jumpstarting his career in OT security and stepping up to meet one of the greatest challenges of our generation: keeping critical infrastructure safe and secure.
“Water, power, food processing, manufacturing – our modern society hangs in the balance when one of these essential services is not available,” Jason explains. “Over the past few decades, attackers have begun targeting these systems and it is up to us to defend them.”
Jason invites his students to rise to the occasion and take the necessary steps to defend these power systems. On a given day, you might find him literally in the ditches with engineers figuring out the best way to secure their systems, and then on the next day he’s in a suit and tie briefing executives or testifying before the U.S. Congress on the threats faced by industrial organizations. Such was the case when he was the federal energy sector lead with the U.S. Department of Energy, where he played an instrumental role in creating the federal government’s National Institute of Standards and Technology (NIST) Cybersecurity Framework. Jason brought together leading industry experts and helped bridge conversations between them and the federal agencies – a difficult yet important task, especially when not everyone saw eye to eye. Jason spent several months meeting with engineers, discussing and highlighting their efforts to secure critical systems, and meeting with their boards and executives to understand the business risks and constraints. The outcome highlighted the technical and non-technical requirements needed to secure the nation’s critical infrastructure. This is just one of several examples in Jason’s career where he influenced national policy for the better by working with leaders to help them be part of the solution.
As an instructor, Jason understands the biggest challenges his students face. While other disciplines in traditional IT security specialize in selected skills and work in larger teams with larger budgets, Jason recognizes that ICS security is different. Jason encourages his student to embrace the discomfort of being really good at a lot of different skills. In turn, he helps students prioritize closing the large set of gaps they see in their organizations by enabling them to understand in what order to tackle the problems and the best methods to implement solutions. What Jason most enjoys about teaching is equipping more defenders with the knowledge and capability to keep our critical infrastructure safe and secure. Every skill you learn in his course can be applied the day you get back to your industrial sites.
Outside of the office and classroom, Jason is a contributor with the Technology Council, an active member of the Institute of Electrical and Electronic Engineers (IEEE), and a presenter at speaking engagements. He also enjoys traveling and live music, leaning into his creative side with photography and art, and challenging himself physically both in the gym and outdoors.
ADDITIONAL CONTRIBUTIONS BY JASON CHRISTOPHER:
2014 – Cybersecurity Award: Training and Awareness Service of the Year from the US Department of Energy
2019 – Cybersecurity Leader of the Year from the Energy Sector Security Consortium
Cyber42: Industrial Edition Game Day, July 2021
Cyber Insurance: Linking the CISO to the CFO, March 2018