Jason Lam

Jason holds a leadership role at a large global financial company. In this role, he’s accountable for global direction and management of cyber security defense and response. He has nearly two decades of experience in the information security industry, progressing from hands-on research work to securing large-scale enterprise environments. Over the years, Jason has performed and led intrusion detection, penetration testing, defense improvement programs and incident response in large enterprise environments. Jason is a co-author and instructor for SEC522: Application Security: Securing Web Apps, APIs, and Microservices as well as sole author of LDR520: Cloud Security for Leaders.

More About Jason


Early on in his career, Jason was working for an Internet Service Provider that experienced a major security incident. As a curious and eager technical team member, he volunteered to help with the aftermath of the incident. That sparked his interest in learning and perfecting the practice of securing infrastructure and data. Jason’s goal is to use his own painful experience as a learning platform for others to save them from the same fate as that ISP.

Coming from a technical background responsible for the most methodical hands-on penetration testing work to coding security solutions for complex, mission critical enterprise applications, Jason has the right technical know-how and war stories to offer students. These days, Jason holds C-level responsibilities to protect thousands of applications in a large enterprise where it’s not just technical skills but a combination of business understanding, strategy, and execution that help to guard against very advanced attackers.

Jason has delivered a lot of large-scale global programs in his career, though one in particular stands out. He led a sizable team to build a large-scale capability that included process and technology to handle proactive and reactive threat monitoring and responses in a highly regulated industry, across 30+ countries, with a very tight timeline while having to build out both on-prem and cloud technology stacks. It felt like moving mountains, but the process taught Jason many valuable lessons that have benefited the rest of his career. He gained crucial knowledge such as integrating continuous improvement loop into the regular day-to-day operations and leveraging lean principles to optimize the processes and metrics.

Security in applications and cloud environments are two of Jason’s favorite topics, as innovations in these areas are constant. The security models and threats across these tend to change quickly while the baseline security principles remain the same. While Jason lives and breathes the technical aspects of defending these components, being in the trenches on a day-to-day basis, he also regularly falls back on the security principles and the fundamental purpose of supporting the business cause. The fine balance between those aspects of protection requirements is where Jason has a very unique perspective and is able to provide students with the best practices and the best decision-making processes on security tactics and strategy to defend themselves.

Jason’s journey with SANS began in 2002 as a progression from student to grader and advisory board member, and eventually author and instructor. Over the years, Jason has authored a sizeable amount of material for SANS in the DevSecOps space, and now Cloud Security and Management, as well. He loves teaching for SANS since it is the largest security training provider in the world, affording Jason the opportunity to leverage his global experience and share his passion and stories of wisdom with a large, diverse group of students across all industries.

Jason believes students are not there as listeners, but as active knowledge seekers and collaborators in the classroom journey. His students should understand that defending applications, especially those in the Cloud, are challenging as defenders have to get it right 100% of the time and the bad guys only have to get it right once. Jason strives to level the playing field for his students by covering a wide range of crucial security topics in a structured manner along with supportive hands-on practice labs. This combination allows students to deeply understand the concepts and put them into practice immediately when they get back to work.

Jason finds the work in the security industry very meaningful with a heavy responsibility to protect the important information for millions of individuals in the world. This is great motivation for Jason to challenge himself to always stay on the cutting edge of world-class security practices. 

In his spare time, Jason loves cooking to take his mind away from security work, though he likens the two with both having specific ingredients that require certain skills to maneuver and blend it into something fabulous.

Listen in on Jason's webcast 'Guidance on Leading the Cloud Security Journey':


Jason's Contributions