My Profile Photo

Jason Lazerus

“Beware the quiet man. For while others speak, he watches. And while others act, he plans. And when they finally rest… he strikes.” - Anonymous

on Resume

Jason S. Lazerus

Experienced VP, Manager of Infrastructure & Security with a demonstrated track record of leading engineering teams and implementing highly functional and secure operating environments. Skilled in developing and executing infrastructure and support strategies for the entire infrastructure stack, as well as collaborating with business unit and technology constituents to select and implement software and services. Proficient in managing technical professionals to develop and implement strategic solutions and leading complex projects with multiple resources across the organization. Adept at developing and executing remediation plans for regulatory, audit, and risk-based technology reviews and leading response efforts for significant system and application outages or issues.

Employment

2021-Present Eastern Bank V.P. Infrastructure and Security Manager

  • Sets and executes infrastructure and support strategies. This includes the development of the strategy, architecture, and design for the entire infrastructure stack across the enterprise.
  • Responsible for the security design of all infrastructure implementations, subject matter expert to contribute to analysis and design of all technology systems at the Bank.
  • Works with business unit and technology constituents to lead the selection and implementation of software and services to provide a highly functional and secure operating environment.
  • Responsible for managing a staff of technical professionals to develop and implement strategic solutions. This includes the server, network, and security infrastructure teams.
  • Leads complex and inter-related projects collaborating with resources from multiple areas of the corporation, makes key strategic decisions on those projects, and ensures that those projects are completed on time and within budget (both monetary and Technology Division resource hours).
  • Develop and execute remediation plans for regulatory, audit, and risk-based technology reviews.
  • Maintains contracts with external vendors.
  • Monitors the reliability of systems and services.
  • Interfaces with business units to ensure needs and SLAs are met.
  • Lead response for significant system and application outages or issues.

2020-2021 Eastern Bank V.P. Security Operations Manager

Duties

Management
  • Manages high-performing cyber security professionals in Incident Response, Information Assurance, Security Engineering and Identity and Access Management.
  • Meets with auditors regularly to ensure compliance with regulations and internal policies.
  • Manages security budget.
  • Evaluates and purchases products and services to meet security goals.
  • Drives security initiatives, leads projects, and improves processes.
  • Meeting regularly with team members one-on-one to share and receive feedback and job-related tasks to improve on professional development.
  • Perform annual performance assessments for direct reports.
  • Defines training plans for direct reports.
  • Provides weekly status updates to management regarding projects/issues.
  • Meets with other teams to discuss technology related issues and for project planning.
  • Manages vendor relationships.
  • Manages hardware and virtual assets.
  • Identifies and escalates both isolated and systemic technology issues.
  • Tunes and configures security tools to maximize the effectiveness of time and detection of incidents.
  • Conducts periodic lunch and learn training sessions.
Technical
  • Manages SailPoint IDN Build Team. Current project ongoing to implement SailPoint IDN.
  • Manages Public Key Infrastructure.
  • Configures Azure SSO for SAML authentication.
  • Responds to cyber security incidents.
  • Writes scripts in PowerShell and Python to improve efficiency and manipulate data.
  • Creates Splunk queries, alerts and dashboards

2019-2020 Eastern Bank Information Assurance Manager

Duties

Management
  • Managed a team of three high-performing cyber security professionals.
  • Met with auditors regularly to ensure compliance with regulations and internal policies.
  • Evaluates and purchases products and services to meet security goals.
  • Drives security initiatives, leads projects, and improves processes.
  • Meeting regularly with team members one-on-one to share and receive feedback and job-related tasks to improve on professional development.
  • Perform annual performance assessments for direct reports.
  • Defines training plans for direct reports.
  • Provides weekly status updates to management regarding projects/issues.
  • Meets with other teams to discuss technology related issues and for project planning.

2017-2019 Eastern Bank Principal Information Assurance Analyst

2016-2017 Eastern Bank Sr. Information Assurance Analyst

Duties

Vulnerability Management
  • Oversees the vulnerability management program.
  • Collaborates with several teams and vendors to ensure remediation or mitigation is achieved.
  • Created automated methods for ticket creation and handling.
  • Creates and monitors CIS security baselines for all network devices.
  • Works with risk management to document exceptions.
Code Reviews
  • Performs SAST and DAST code scanning for all code developed for Eastern Bank internally and by third parties. (Java, JavaScript, PowerShell, Python, PHP, HTML)
  • Reviews findings to ensure no false positives are found and works with developers to mitigate true positives.
Incident Response
  • Coordinates incident response efforts.
  • Response to cyber security alerts generated by numerous sources.
  • Created automated workflows to enhance the response time to incidents.
  • Monitors SIEM and creates new alert methods as necessary.
Audit Coordination
  • Coordinates the collection of data for auditors.
  • Works with internal and external auditors to review and remediate audit findings.
Penetration Testing
  • Provides penetration testing on a regular basis.
  • Uses pentesting to validate certain vulnerabilities and to ensure security agents are functioning properly.
  • Coordinates third-party pentests as needed.
  • Works with system owners to remediate penetration test findings.
Digital Forensics
  • Created and manages the digital forensics program.
  • Captures hard drive and memory images during investigations.
  • Works with third parties as necessary to ensure investigations are completed in a forensically sound method.
Development
  • Writes scripts in PowerShell, Python and Java to gather and push data via numerous APIs.
  • Uses Gitlab and code collaborator to store, share and review code woth co-workers.
  • Uses CI/CD tool to automate script executions.
Business Intelligence
  • MajorDomo role for Domo business intelligence platform.
  • Works with multiple departments on bringing data into Domo.
  • Creates ETLs and SQL scripts to transform data as needed.
  • Supports users with their data from conception to production.
Project Management
  • Manages security related projects when bringing in new products and vendors.
  • Provides security advice and architecture design for all Technology projects.

2007-2016 Stony Brook University Information Security Officer

Duties

Vulnerability Management
  • Oversaw the vulnerability management programs.
  • Collaborated with several vendors to ensure remediation or mitigation is achieved.
  • Created and monitored CIS security baselines for all network devices.
Project Management
  • Managed security related projects when bringing in new products and vendors.
  • Provided security advice and architecture design for all technology projects.
Penetration Testing
  • Provided penetration testing on a regular basis.
  • Remediated findings with support of IT staff.
Incident Response
  • Responded to cyber security alerts generated by numerous sources.
  • Monitored SIEM and created new alert methods as necessary.
Firewall Management
  • Implemented new firewall infrastructure.
  • Created firewall rules as required.
  • Created site-to-site VPNs with vendors.
Security Engineering
  • Managed Checkpoint endpoint security system.
  • Ensured all devices were encrypted and compliant with host based security.
HIPAA Security
  • Served as the HIPAA Security Officer.
  • Performed regular audits to ensure systems were HIPAA compliant.
  • Provided annual HIPAA trajning to employees.
System Administration
  • Provided server and domain administrator roles.
  • Implementated and managed VMware environment.
  • Implementated and managed Hyper-V environment.
  • Performed server patching using Dell Kace.
  • Implemented Desktop Authority product for system configuration management.
  • Provided desktop support as needed.
Database Administration
  • Managed medical records SQL databases.
  • Managed R25 Scheduling Oracle database.
Risk Management
  • Created policies and procedures for cyber security and HIPAA regulations.
  • Performed risk assessments and documented risks.

2005-2007 Stony Brook Medicine Help Desk Technician

Duties

End User Support
  • Provided first line support to a large domain of over 10,000 users.
  • Fielded over 2,000 calls/month.
  • Managed broadcast e-mail moderation list.
  • Provided assistance to client support as needed.
Project Support - SSO
  • Worked with vendors to design the single sign-on system.
  • Performed tests to ensure applications opened properly.
  • Created a testing program for users and IT staff to ensure appropriate performance.
  • Created a deployment plan for go-live.
  • Worked with departments on troubleshooting.
Website Design
  • Redesigned Information Technology website to bring it up to date.
  • Customized HTML and CSS to adhere to corporate theme.
Application Administration
  • Upgraded and managed Unicenter Service Desk ticketing system.
  • Implemented and mananged ACD call recording system.

Education

2011-2014 American Public University System Master of Science in Information Technology with a concentration in Digital Forensics

2009-2011 American Public University System Bachelor of Science in Information Systems Security (Deans List)

Certifications

Projects

SailPoint IdentityNow Implementation 2021

Led the build team for the SailPoint IdentityNow implementation which included personally onboarding over 325 applications in two months. Configured and managed the SailPoint application. Created new sources inclusive delimited, AD connected, and API connected sources. Created testing plans and managed change controls. Created training plans for end users.

Change Control Form and Workflow 2019

Developed an approval form and workflow using Salesforce Lightning forms to improve an outdated change control process. Changes are entered into a form and a formula is calculated based on answers to user input in order to determine the impact of the change. The impact level determines the number of approvers needed for the change and all changes are tracked in Salesforce cases.

Cyber Alert Notification Workflow 2018

Developed an automated workflow to handle cyber alerts using Microsoft Flow. This flow parses data generated in SIEM alerts to identify users, validates with the user the action that generated the alert, then sends the user’s response to the security team for validation and finally, assists with the closing of the generated ticket.

Metrics Automation 2018

Automated the gathering, display, and analysis of cyber security and project management metrics. Data from over 30 sources were gathered using SQL, API’s, and spreadsheet exports. ETLs, filters and additional queries were used to combine data sources and charts were displayed using Domo.

Network Migration 2015

To create a more secure network, all network devices for Student Health Services were migrated from a public network to a private class c network. New high-availability firewalls were installed and appropriate rules were created.

Technical skills

  • Powershell
  • Python
  • Splunk
  • HTML and CSS
  • Bash
  • RegEx
  • Git / Collaborator
  • UNIX
  • Microsoft Azure
  • Cloudflare
  • Akamai

Areas of expertise

  • Vulnerability Management
  • Penetration Testing
  • Security Metrics
  • Incident Response
  • API Management
  • Risk Management

Awards

Above and Beyond 4th Quarter 2022 - Eastern Bank

Above and Beyond 1st Quarter 2022 - Eastern Bank

Above and Beyond 1st Quarter 2021 - Eastern Bank

Above and Beyond 4th Quarter 2020 - Eastern Bank

Above and Beyond 2nd Quarter 2018 – Eastern Bank

Above and Beyond 4th Quarter 2017 – Eastern Bank

Above and Beyond 4th Quarter 2016 – Eastern Bank

GIAC Advisory Board

President’s Volunteer Service Award – Lifetime Achievement

Volunteer Service

2005-2015 Port Jefferson EMS President and Chief of Department / Various Officer Positions

Duties

Operations Management
  • Managed 125 volunteers and employees.
  • Created policies and procedures.
  • Ensured staff availability to respond to alarms.
  • Performed Incident Command in numerous situations.
  • Coordinated response efforts during major emergencies.
  • Provided first response to fire and ems alarms.
  • Provided support to police during special situations.
  • Created and monitored key performace indicators to ensure efficient practices are in place and to find areas for improvement.
  • Provided planning for events.
Administration
  • Provided input on creation of new bylaws.
  • Chairman of the board of directors
  • Ran multiple monthly meetings.
  • Negotiated budget with multiple municipalities.
  • Implemented electronic medical records system.
Training
  • Created EMT training program for new recruits.
  • Provided trainings for driving, CPR, and CEVO.
  • Created continuing education program for EMS providers.

2001-2015 Port Jefferson EMS EMT / Critical Care Technician

Duties

  • Providing emergent care to patients in Suffolk County.
  • Communicating and coordinating care with physicians and nurses at various hospitals.
  • Ensuring vehicles met part 800 NYS DOH regulations.
  • Provided safe transport for patients and crews.

References

Available on request.