Jason Shafferman
Marlboro,MA
Summary
Jason is a global cybersecurity executive with more than 15 years of experience and currently serves as Global Chief Information Security Officer for Kaleris, a cloud based supply chain execution and visibility platform trusted by hundreds of the world’s largest organizations to orchestrate yard, terminal, rail and vessel operations.
In this role he built the security function from the ground up, rolled out zero trust identity and conditional access controls across a multi tenant SaaS environment, and led security and privacy due diligence for multiple strategic acquisitions, guiding smooth post merger integrations. Under his leadership Kaleris secured its inaugural SOC 2 Type II and ISO 27001 certifications, strengthening customer trust and accelerating enterprise sales.
Previously, Jason served as Business Information Security Officer for Bridge Specialty Group at Brown & Brown and earlier led Secureworks security operations, directing detection and response, threat hunting, automation, vulnerability management and multi cloud security across complex environments.
Known for a collaborative style that aligns security with business objectives, he partners with IT and executive leaders to enable secure frictionless access to data and services and holds a 2023 Executive CISO certificate from Carnegie Mellon University.Carnegie Mellon University.
Overview
13
13
years of professional experience
1
1
Certification
Work History
Chief Information Security Officer
Kaleris
03.2024 - Current
- Established and scaled the global information-security program from inception, defining policy, architecture, and operations for a multi-tenant SaaS platform supporting mission-critical supply-chain workflows.
- Led security and privacy due diligence for multiple strategic acquisitions, identifying risk gaps and integrating each new entity into the Kaleris security baseline within 90 days of close.
- Directed implementation of enterprise Identity & Access Management and conditional-access controls across Azure AD, Entra, and legacy SSO, enabling zero-trust enforcement company-wide.
- Guided the organization through inaugural SOC 2 Type II and ISO 27001 certifications across all acquired product lines, achieving clean audit opinions and accelerating deal cycles.
- Stood up a unified Governance, Risk & Compliance (GRC) and Privacy program, automating policy management, vendor risk, and data-protection impact assessments to meet global regulatory demands.
- Deployed modern security tooling (EDR, CSPM, DLP, SIEM/XDR) and instituted 24 × 7 incident-response processes, sharply reducing mean time to detect and respond to threats.
- Briefed the Board and executive leadership on security posture, KRIs, and investment priorities, translating technical risk into strategic business insights.
- Cultivated a culture of security by launching a global security-champions network and delivering recurring executive cyber-crisis tabletop exercises.
Business Information Security Officer (BISO)
Brown And Brown Insurance
10.2023 - 03.2024
- Information Security Leader for the wholesale brokerage division, overseeing and implementing security initiatives.
- Directed division-wide security-governance efforts—aligning NYDFS and other regulatory mandates to enterprise risk appetite—and used the NIST CSF to close identified control gaps and uplift posture.
- Acted as a bridge between the division and central security teams, ensuring effective communication and meeting the needs of both.
Director, Security Operations
Secureworks
03.2021 - 09.2023
- Orchestrated annual executive cyber security table-top exercises for proactive response planning and risk mitigation.
- Spearheaded the move to a fully cloud-native stack (AWS, Azure, M365, G-Suite) and launched a green-field vulnerability-management program that sharply reduced cloud-asset risk.
- As a member of the Risk Committee, I advised the Executive Leadership Team on Information Security Risks and Mitigations, drove projects to reduce overall risk to the company
- Designed and built robust incident response program for new XDR Platform, improving cybersecurity incident response and mitigation capabilities.
- Provided expert recommendations on security tooling and led my team in the implementation of technology solutions across the organization, ensuring seamless integration and effective deployment for enhanced security measures.
- Managed day-to-day operations for critical security functions including Incident Response, Vulnerability Management, Insider Threat, Security Engineering, and Development.
- Aligned security response tooling with industry-leading NIST Cybersecurity Framework, ensuring compliance with best practices and standards.
- Provided expert audit support for FFIEC, SOX, and SOC2 compliance, demonstrating commitment to regulatory requirements.
- Defined, monitored, and reported to executive management KRI and KPIs for Information Security
- Responsible for overseeing (EDR, CSPM, DLP, CASB, Vulnerability Scanners, Proxies, IDS/IPS)
- Implemented robust conditional access policy to ensure access to sensitive services and information was within the businesses risk tolerance level.
- Offered subject matter expertise to assess potential merger and acquisition targets, evaluating their relevance to our platform and potential customer base. Provided insights and recommendations to support informed decision-making in pursuing strategic partnerships and acquisitions.
- Forged strategic vendor alliances and partnered with product management to enrich the Secureworks XDR platform, expanding third-party integrations and accelerating roadmap delivery based on customer feedback.
Senior Manager, Incident Response Consulting
Secureworks
01.2017 - 02.2021
- Responsible for up to two Matrixed Team Leads and fifteen (1) direct reports reaching revenue, margin, and utilization targets on a weekly, monthly, quarterly and annual basis; and the forecasting, tracking and reporting.
- Provided management of daily operations for 30-50 open consulting projects at any time including high-profile incidents that garnered media attention, effectively mitigating risks and minimizing the impact on the organization.
- Provided expert guidance and strategic direction to executives and boards during and post-incident, offering comprehensive briefings and roadmaps that demonstrated a deep understanding of complex cybersecurity issues.
- Established a College Recruitment and Development program, achieving a remarkable 100% retention rate after 2.5 years and driving profitability within just 6 months.
- Managed a team of highly skilled incident responders, overseeing multiple concurrent complex projects and delivering successful outcomes in challenging environments.
- Served as the final escalation point for any customer concerns or complaints arising from consulting engagements; worked quickly and effectively to resolve the issue, and recover customer relationships
- Served as incident commander on marquee breaches, coordinating multi-disciplinary teams and briefing boards on recovery and risk-mitigation strategy.
Senior Incident Response Consultant
Secureworks
06.2015 - 01.2017
- Assisted in the development of a Security Operations Center (SOC) for a Fortune 50 customer, providing recommendations on processes, staffing, and training to establish an effective security monitoring and response capability.
- Provided critical feedback from the team to developers regarding internal software, ensuring that tooling met the unique needs and requirements of the cybersecurity team.
- Demonstrated a commitment to client satisfaction by actively partnering with clients to build a stronger future security state post-incident, leveraging expertise and experience to deliver exceptional results and foster lasting relationships.
- Performed targeted and advanced threat containment and eradication in enterprise networks exceeding 100,000 endpoints.
- Led engagements requiring cross-functional internal teams, such as research, threat intelligence, and reverse engineers, to deliver seamless updates and service to clients.
- Conducted dynamic malware analysis for quick results during active engagements.
- Designed and executed complex functional exercises simulating common breaches, including malware, lateral movement, and data exfiltration.
- Provided initial triage and scope work efforts for clients calling in emergency situations.
Provided mentorship and developmental training to interns and entry-level employees, promoting their growth into capable, project-leading consultants. - Successfully managed over 100 projects, exceeding $1.1M in total, several of which involved significant high-profile press coverage.
- Maintained daily technical updates with multiple clients concurrently, ensuring timely communication and client satisfaction.
Incident Response Consultant
Secureworks
06.2013 - 06.2015
Incident Response Intern
Secureworks
09.2012 - 05.2013
Education
CISO Executive Certification - Information Security
Carnegie Mellon University
Pittsburgh, PA06.2023
Bachelor of Science - Network Security and Digital Forensics
Roger Williams University
Bristol, RI05.2013
Certification
- GIAC Cyber Threat Intelligence (GCTI)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Reverse Engineering Malware (GREM)
Advisory Boards
- Elastio Advisory Board (Current)
- JupiterOne Customer Advisory Board (Previous)
Timeline
Chief Information Security Officer
Kaleris
03.2024 - Current
Business Information Security Officer (BISO)
Brown And Brown Insurance
10.2023 - 03.2024
Director, Security Operations
Secureworks
03.2021 - 09.2023
Senior Manager, Incident Response Consulting
Secureworks
01.2017 - 02.2021
Senior Incident Response Consultant
Secureworks
06.2015 - 01.2017
Incident Response Consultant
Secureworks
06.2013 - 06.2015
Incident Response Intern
Secureworks
09.2012 - 05.2013
CISO Executive Certification - Information Security
Carnegie Mellon University
Bachelor of Science - Network Security and Digital Forensics
Roger Williams University
Similar Profiles
Easwar RajaEaswar Raja
Software Engineer at KalerisSoftware Engineer at Kaleris
Thirumal KThirumal K
Product Support Engineer at KalerisProduct Support Engineer at Kaleris
Dinethri MegasooriyaDinethri Megasooriya
Senior java developer at KALERISSenior java developer at KALERIS
Flor MonroeFlor Monroe
Employment Specialist at South Middlesex Opportunity CouncilEmployment Specialist at South Middlesex Opportunity Council
Margaret KuzmiczMargaret Kuzmicz
Chief Inovation Officer at SecureWonChief Inovation Officer at SecureWon