As Director of Information Security responsible for cybersecurity strategy, engagement and architecture at Starbucks, Shawn Harris leads a team of 10 security professionals comprised of principal level architects, security program and management professionals.
Since joining Starbucks in 2017, he has helped develop the company’s approach to security business engagement as the leader of the security architecture practice. Upon arrival, Harris worked with Andy Kirkland, CISO at Starbucks, to develop a risk-based consultation practice to better engage the business to achieve risk-based guidance. “The program has blossomed into a partnership with business leaders to move the business priorities forward while reducing risk. Using this pragmatic approach has led to increased engagement during ideation of new initiatives and support in turn of the cybersecurity strategy,” he says.
His consultations have also enabled business critical technologies such as Starbucks’ artificial intelligence systems and the “Stars for Everyone” loyalty programs. His ability to understand how to transform an organization's goals into strategy and educate leadership of the critical nature of their decisions is what has driven his success. Having worked within several verticals (including the executive branch of the federal government, entertainment, retail and financial services), Harris’ insights and pragmatic approach to security allows him to provide an innovative perspective that aligns with business priorities.
Currently, Harris volunteers as Co-Chair for the Cloud Security Alliance’s Cloud Controls Matrix Working Group and recently helped in the completion of Version 4.0 of the CCM. In this role, he managed a global team of volunteers. “When Version 4.0 is released, it will for the first time include implementation guidance to help customers better configure cloud controls,” he says. “I am most proud of this project, because I was able to help make a positive difference in the cloud security posture of multiple enterprises and organizations other than my own.”
Harris also is the Co-Chair of the Cloud and Virtualization track for the RSA Conference, as well as an advisory board member for the Black Cybersecurity Association, Cybersecurity Competency Group, and the Microsoft Cybersecurity Advisory Council. He also served on the NIST Cloud Computing Security working group, IETF JOSE working group, CAIQ and the Enterprise Architecture Working group.
He has held his Certified Information System Security Professional (CISSP) certification since 2001 and was instrumental in developing the initial Certified Cloud Security Professional (CCSP) exam for (ISC)².
Harris regularly mentors individuals through his work with the Cloud Security Alliance and the Black Cybersecurity Association. He has more than 25 years of information security experience and has previously worked in retail, entertainment, financial, legal and public sector organizations.