Early on in his career, Jason was working for an Internet Service Provider that experienced a major security incident. As a curious and eager technical team member, he volunteered to help with the aftermath of the incident. That sparked his interest in learning and perfecting the practice of securing infrastructure and data. Jason’s goal is to use his own painful experience as a learning platform for others to save them from the same fate as that ISP.
Coming from a technical background responsible for the most methodical hands-on penetration testing work to coding security solutions for complex, mission critical enterprise applications, Jason has the right technical know-how and war stories to offer students. These days, Jason holds C-level responsibilities to protect thousands of applications in a large enterprise where it’s not just technical skills but a combination of business understanding, strategy, and execution that help to guard against very advanced attackers.
Jason has delivered a lot of large-scale global programs in his career, though one in particular stands out. He led a sizable team to build a large-scale capability that included process and technology to handle proactive and reactive threat monitoring and responses in a highly regulated industry, across 30+ countries, with a very tight timeline while having to build out both on-prem and cloud technology stacks. It felt like moving mountains, but the process taught Jason many valuable lessons that have benefited the rest of his career. He gained crucial knowledge such as integrating continuous improvement loop into the regular day-to-day operations and leveraging lean principles to optimize the processes and metrics.
Security in applications and cloud environments are two of Jason’s favorite topics, as innovations in these areas are constant. The security models and threats across these tend to change quickly while the baseline security principles remain the same. While Jason lives and breathes the technical aspects of defending these components, being in the trenches on a day-to-day basis, he also regularly falls back on the security principles and the fundamental purpose of supporting the business cause. The fine balance between those aspects of protection requirements is where Jason has a very unique perspective and is able to provide students with the best practices and the best decision-making processes on security tactics and strategy to defend themselves.
Jason’s journey with SANS began in 2002 as a progression from student to grader and advisory board member, and eventually author and instructor. Over the years, Jason has authored a sizeable amount of material for SANS in the DevSecOps space, and now Cloud Security and Management, as well. He loves teaching for SANS since it is the largest security training provider in the world, affording Jason the opportunity to leverage his global experience and share his passion and stories of wisdom with a large, diverse group of students across all industries.
Jason believes students are not there as listeners, but as active knowledge seekers and collaborators in the classroom journey. His students should understand that defending applications, especially those in the Cloud, are challenging as defenders have to get it right 100% of the time and the bad guys only have to get it right once. Jason strives to level the playing field for his students by covering a wide range of crucial security topics in a structured manner along with supportive hands-on practice labs. This combination allows students to deeply understand the concepts and put them into practice immediately when they get back to work.
Jason finds the work in the security industry very meaningful with a heavy responsibility to protect the important information for millions of individuals in the world. This is great motivation for Jason to challenge himself to always stay on the cutting edge of world-class security practices.
In his spare time, Jason loves cooking to take his mind away from security work, though he likens the two with both having specific ingredients that require certain skills to maneuver and blend it into something fabulous.
Listen in Jason's webcast on Leading the Cloud Transformation: Building the Roadmap:
ADDITIONAL CONTRIBUTIONS BY JASON LAM:
Cyber42 Game Day: MGT520 version, Oct 2021
Attack and Defend: The Dangers of Modern Distributed Applications, June 2021
Security Observability, June 2021
Cloud Security Management Practices You Might Have Neglected, June 2021
Attack & Defend: Protecting Modern Distributed Applications and Components, RSA 2021, May 2021
Management View of How Cloud Security Services Help Your Organization Leapfrog on Security - SANS@MIC, Jan 2021
Leading the Cloud Transformation - Building the Roadmap, June 2016
What you Need To Know About The Critical Citrix Gateway (Netscaler) Vulnerability CVE-2019-19781, Dec 2019
You Can Rest Easy When Protecting REST APIs, July 2019
Web Application Defense – Use Headers to Make Pentester’s Job Difficult, May 2019