My Profile Photo

Jason Lazerus


“Beware the quiet man. For while others speak, he watches. And while others act, he plans. And when they finally rest… he strikes.” - Anonymous


Jason S. Lazerus

I am the Security Operations Manager for a large financial institution in the greater Boston area. I’m recognized as an expert in vulnerability management, working with auditors, and solving complicated issues. I’m also responsible for protecting customer and employee data from compromise by assuring that policies and procedures are followed, vulnerabilities are mitigated, defense-in-depth measures are in place, and incidents and threats are handled.

Employment

2020-Present Eastern Bank Security Operations Manager

Duties

Management
  • Manages two teams with 10 high-performing cyber security professionals.
  • Meets with auditors regularly to ensure compliance with regulations and internal policies.
  • Manages multi-million dollar security budget.
  • Evaluates and purchases products and services to meet security goals.
  • Drives security initiatives, leads projects, and improves processes.
  • Meeting regularly with team members one-on-one to share and receive feedback and job-related tasks to improve on professional development.
  • Perform annual performance assessments for direct reports.
  • Defines training plans for direct reports.
  • Provides weekly status updates to management regarding projects/issues.
  • Meets with other teams to discuss technology related issues and for project planning.
  • Manages vendor relationships.
  • Manages hardware and virtual assets.
  • Identifies and escalates both isolated and systemic technology issues.
  • Tunes and configures security tools to maximize the effectiveness of time and detection of incidents.
  • Conducts periodic lunch and learn training sessions.

2019-2020 Eastern Bank Information Assurance Manager

Duties

Management
  • Managed a team of three high-performing cyber security professionals.
  • Met with auditors regularly to ensure compliance with regulations and internal policies.
  • Evaluates and purchases products and services to meet security goals.
  • Drives security initiatives, leads projects, and improves processes.
  • Meeting regularly with team members one-on-one to share and receive feedback and job-related tasks to improve on professional development.
  • Perform annual performance assessments for direct reports.
  • Defines training plans for direct reports.
  • Provides weekly status updates to management regarding projects/issues.
  • Meets with other teams to discuss technology related issues and for project planning.

2017-2019 Eastern Bank Principal Information Assurance Analyst

2016-2017 Eastern Bank Sr. Information Assurance Analyst

Duties

Vulnerability Management
  • Oversees the vulnerability management program.
  • Collaborates with several teams and vendors to ensure remediation or mitigation is achieved.
  • Created automated methods for ticket creation and handling.
  • Creates and monitors CIS security baselines for all network devices.
  • Works with risk management to document exceptions.
Code Reviews
  • Performs SAST and DAST code scanning for all code developed for Eastern Bank internally and by third parties. (Java, JavaScript, PowerShell, Python, PHP, HTML)
  • Reviews findings to ensure no false positives are found and works with developers to mitigate true positives.
Incident Response
  • Coordinates incident response efforts.
  • Response to cyber security alerts generated by numerous sources.
  • Created automated workflows to enhance the response time to incidents.
  • Monitors SIEM and creates new alert methods as necessary.
Audit Coordination
  • Coordinates the collection of data for auditors.
  • Works with internal and external auditors to review and remediate audit findings.
Penetration Testing
  • Provides penetration testing on a regular basis.
  • Uses pentesting to validate certain vulnerabilities and to ensure security agents are functioning properly.
  • Coordinates third-party pentests as needed.
  • Works with system owners to remediate penetration test findings.
Digital Forensics
  • Created and manages the digital forensics program.
  • Captures hard drive and memory images during investigations.
  • Works with third parties as necessary to ensure investigations are completed in a forensically sound method.
Development
  • Writes scripts in PowerShell, Python and Java to gather and push data via numerous APIs.
  • Uses Gitlab and code collaborator to store, share and review code woth co-workers.
  • Uses CI/CD tool to automate script executions.
Business Intelligence
  • MajorDomo role for Domo business intelligence platform.
  • Works with multiple departments on bringing data into Domo.
  • Creates ETLs and SQL scripts to transform data as needed.
  • Supports users with their data from conception to production.
Project Management
  • Manages security related projects when bringing in new products and vendors.
  • Provides security advice and architecture design for all Technology projects.

2007-2016 Stony Brook University Information Security Officer

Duties

Vulnerability Management
  • Oversaw the vulnerability management programs.
  • Collaborated with several vendors to ensure remediation or mitigation is achieved.
  • Created and monitored CIS security baselines for all network devices.
Project Management
  • Managed security related projects when bringing in new products and vendors.
  • Provided security advice and architecture design for all technology projects.
Penetration Testing
  • Provided penetration testing on a regular basis.
  • Remediated findings with support of IT staff.
Incident Response
  • Responded to cyber security alerts generated by numerous sources.
  • Monitored SIEM and created new alert methods as necessary.
Firewall Management
  • Implemented new firewall infrastructure.
  • Created firewall rules as required.
  • Created site-to-site VPNs with vendors.
Security Engineering
  • Managed Checkpoint endpoint security system.
  • Ensured all devices were encrypted and compliant with host based security.
HIPAA Security
  • Served as the HIPAA Security Officer.
  • Performed regular audits to ensure systems were HIPAA compliant.
  • Provided annual HIPAA trajning to employees.
System Administration
  • Provided server and domain administrator roles.
  • Implementated and managed VMware environment.
  • Implementated and managed Hyper-V environment.
  • Performed server patching using Dell Kace.
  • Implemented Desktop Authority product for system configuration management.
  • Provided desktop support as needed.
Database Administration
  • Managed medical records SQL databases.
  • Managed R25 Scheduling Oracle database.
Risk Management
  • Created policies and procedures for cyber security and HIPAA regulations.
  • Performed risk assessments and documented risks.

2005-2007 Stony Brook Medicine Help Desk Technician

Duties

End User Support
  • Provided first line support to a large domain of over 10,000 users.
  • Fielded over 2,000 calls/month.
  • Managed broadcast e-mail moderation list.
  • Provided assistance to client support as needed.
Project Support - SSO
  • Worked with vendors to design the single sign-on system.
  • Performed tests to ensure applications opened properly.
  • Created a testing program for users and IT staff to ensure appropriate performance.
  • Created a deployment plan for go-live.
  • Worked with departments on troubleshooting.
Website Design
  • Redesigned Information Technology website to bring it up to date.
  • Customized HTML and CSS to adhere to corporate theme.
Application Administration
  • Upgraded and managed Unicenter Service Desk ticketing system.
  • Implemented and mananged ACD call recording system.

Education

2011-2014 American Public University System Master of Science in Information Technology with a concentration in Digital Forensics

2009-2011 American Public University System Bachelor of Science in Information Systems Security (Deans List)

Certifications

Projects

Change Control Form and Workflow 2019

Developed an approval form and workflow using Salesforce Lightning forms to improve an outdated change control process. Changes are entered into a form and a formula is calculated based on answers to user input in order to determine the impact of the change. The impact level determines the number of approvers needed for the change and all changes are tracked in Salesforce cases.

Cyber Alert Notification Workflow 2018

Developed an automated workflow to handle cyber alerts using Microsoft Flow. This flow parses data generated in SIEM alerts to identify users, validates with the user the action that generated the alert, then sends the user’s response to the security team for validation and finally, assists with the closing of the generated ticket.

Metrics Automation 2018

Automated the gathering, display, and analysis of cyber security and project management metrics. Data from over 30 sources were gathered using SQL, API’s, and spreadsheet exports. ETLs, filters and additional queries were used to combine data sources and charts were displayed using Domo.

Network Migration 2015

To create a more secure network, all network devices for Student Health Services were migrated from a public network to a private class c network. New high-availability firewalls were installed and appropriate rules were created.

Technical skills

  • Powershell
  • Python
  • Splunk
  • HTML and CSS
  • Bash
  • RegEx
  • Git / Collaborator
  • UNIX
  • Microsoft Azure
  • Cloudflare
  • Akamai

Areas of expertise

  • Vulnerability Management
  • Penetration Testing
  • Security Metrics
  • Incident Response
  • API Management
  • Risk Management

Awards

Above and Beyond 2nd Quarter 2018 – Eastern Bank

Above and Beyond 4th Quarter 2017 – Eastern Bank

Above and Beyond 4th Quarter 2016 – Eastern Bank

GIAC Advisory Board

President’s Volunteer Service Award – Lifetime Achievement

Volunteer Service

2005-2015 Port Jefferson EMS President and Chief of Department / Various Officer Positions

Duties

Operations Management
  • Managed 125 volunteers and employees.
  • Created policies and procedures.
  • Ensured staff availability to respond to alarms.
  • Performed Incident Command in numerous situations.
  • Coordinated response efforts during major emergencies.
  • Provided first response to fire and ems alarms.
  • Provided support to police during special situations.
  • Created and monitored key performace indicators to ensure efficient practices are in place and to find areas for improvement.
  • Provided planning for events.
Administration
  • Provided input on creation of new bylaws.
  • Chairman of the board of directors
  • Ran multiple monthly meetings.
  • Negotiated budget with multiple municipalities.
  • Implemented electronic medical records system.
Training
  • Created EMT training program for new recruits.
  • Provided trainings for driving, CPR, and CEVO.
  • Created continuing education program for EMS providers.

2001-2015 Port Jefferson EMS EMT / Critical Care Technician

Duties

  • Providing emergent care to patients in Suffolk County.
  • Communicating and coordinating care with physicians and nurses at various hospitals.
  • Ensuring vehicles met part 800 NYS DOH regulations.
  • Provided safe transport for patients and crews.

References

Available on request.