Jason Christopher

Over the past 20 years, Jason D. Christopher has worked across multiple industries in unique roles ranging from engineering to incident response and national security. Most notably, Jason was the federal technical lead for the NERC CIPv5 while at the Federal Energy Regulatory Commission, where he was involved in several rulemakings and policy statements. Jason was also the program lead for the U.S. Department of Energy Cybersecurity Capability Maturity Model (C2M2). He has served as a C-level executive, security researcher, and incident responder across his career. He previously held the role of Director of Cyber Risk for Dragos, Inc. Today, Jason is the Vice President of Cybersecurity and Digital Transformation for Research & Innovation at Energy Impact Partners (EIP), a $4 billion global investment firm custom-built to invest in the energy transition. Jason has been invited to speak before the U.S. Congress on several occasions. He teaches ICS456: Essentials for NERC Critical Infrastructure Protection and is co-author of ICS418: ICS Security Essentials for Managers.

More About Jason

Profile

When you walk into the classroom or log in to take one of Jason’s courses, you are joining an instructor who has both a wealth of experience and knowledge to share, as well as the striking ability to adapt to you, the student. Jason’s background in cybersecurity spans over 20 years and includes multiple roles in the industry, ranging from engineering to incident response and national security. This breadth of experience gives Jason a unique perspective about cybersecurity. On one end of the spectrum, Jason has developed solutions on a multi-million-dollar budget; on the other end, he has managed security programs with a team of zero and a few pennies. In other words, he has been in the same situations as his students and has worked through the same types of problems when it comes to managing cyber risk. This background enables Jason to speak his students’ language when it comes to industrial security, whether they are from IT, OT, or somewhere in between. He can look at problems from the student’s point of view, whether it in engineering, operations, security management, compliance, or any number of other areas.

“Jason's ability to explain the complex concepts and apply them to his real-world experiences and depth of knowledge was exemplary. His teaching skills are fantastic and his relaxed approach made the course content easy to follow and digestible.” – Jeff Jones, E-ISAC

Jason holds two engineering degrees: a computer engineering degree form Binghamton University in New York, and a master’s in electrical engineering and power systems from Cornell University. He is able connect the language of engineers and operators to cybersecurity through his practical experience and academic background. Prior to SANS, Jason was a lecturer in academia and facilitated cybersecurity workshops, experiences that made him want to teach and share his knowledge with others. Jason is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. His hope is that his students will learn not only best practices, but also learn from his past mistakes on the road that led to his successes. In Jason’s dynamic and challenging classes, you certainly won’t encounter “death by PowerPoint.” As recalled by one of his students, Ruth Ann Hofmann of Midcontinent Independent System Operator (MISO), Jason “…kept [the course] interesting and lively. I am spoiled now. I don't know many instructors anywhere like Jason who can keep the momentum going. Jason definitely sets the bar VERY high.”

Jason is not the type of person to sit back and wait for change to happen. A trailblazer by nature, he started his cybersecurity journey 20 year ago when there weren’t any degrees in ICS or OT security and organizations didn’t even know what they were. When working as an ICS engineer years ago he recalls asking the simple question, “Hey, who does security for this system?” When the response was resounding silence, Jason decided to do something about it, jumpstarting his career in OT security and stepping up to meet one of the greatest challenges of our generation: keeping critical infrastructure safe and secure.

“Water, power, food processing, manufacturing – our modern society hangs in the balance when one of these essential services is not available,” Jason explains. “Over the past few decades, attackers have begun targeting these systems and it is up to us to defend them.”

Jason invites his students to rise to the occasion and take the necessary steps to defend these power systems. On a given day, you might find him literally in the ditches with engineers figuring out the best way to secure their systems, and then on the next day he’s in a suit and tie briefing executives or testifying before the U.S. Congress on the threats faced by industrial organizations. Such was the case when he was the federal energy sector lead with the U.S. Department of Energy, where he played an instrumental role in creating the federal government’s National Institute of Standards and Technology (NIST) Cybersecurity Framework. Jason brought together leading industry experts and helped bridge conversations between them and the federal agencies – a difficult yet important task, especially when not everyone saw eye to eye. Jason spent several months meeting with engineers, discussing and highlighting their efforts to secure critical systems, and meeting with their boards and executives to understand the business risks and constraints. The outcome highlighted the technical and non-technical requirements needed to secure the nation’s critical infrastructure. This is just one of several examples in Jason’s career where he influenced national policy for the better by working with leaders to help them be part of the solution.

As an instructor, Jason understands the biggest challenges his students face. While other disciplines in traditional IT security specialize in selected skills and work in larger teams with larger budgets, Jason recognizes that ICS security is different. Jason encourages his student to embrace the discomfort of being really good at a lot of different skills. In turn, he helps students prioritize closing the large set of gaps they see in their organizations by enabling them to understand in what order to tackle the problems and the best methods to implement solutions. What Jason most enjoys about teaching is equipping more defenders with the knowledge and capability to keep our critical infrastructure safe and secure. Every skill you learn in his course can be applied the day you get back to your industrial sites.

Outside of the office and classroom, Jason is a contributor with the Technology Council, an active member of the Institute of Electrical and Electronic Engineers (IEEE), and a presenter at speaking engagements. He also enjoys traveling and live music, leaning into his creative side with photography and art, and challenging himself physically both in the gym and outdoors.

ADDITIONAL CONTRIBUTIONS BY JASON CHRISTOPHER:

AWARDS

2014 – Cybersecurity Award: Training and Awareness Service of the Year from the US Department of Energy

2019 – Cybersecurity Leader of the Year from the Energy Sector Security Consortium

PRESENTATIONS

2023 SANS Survey: Breaking IT-OT Silos with OT/ICS Visibility, 2023

My SANS ICS 2023, 2023

My SANS ICS 2022, 2022

Cyber42: Industrial Edition Game Day, July 2021

ARMOR for OT Security Leaders - SANS ICS Security Summit 2021, March 2021

DISC - SANS ICS Virtual Conference: ICS Security Crucible: Forging Programmatic Armor and Weapons, May 2020

Creating a Security Metrics Program: How to Measure Success, July 2019

Incentivizing ICS Security: The Case for Cyber Insurance, June 2017

Cyber Insurance: Linking the CISO to the CFO, March 2018

WHITE PAPERS

My IT/OT Visibility Survey, 2023

Industrial Cyber Risk Management: A Guideline for Operational Technology, 2021

Incentivizing Cyber Security: A Case for Cyber Insurance, 2017