Josh Jaffe is an information security professional with more than 20 years of experience in the security and technology industry. Prior to joining Dell as Vice President, Cyber Security and Business Unit Security Officer — where he is responsible for security over the organization’s customer, marketing, sales and other internal functions — Jaffe was Global Chief Information Security Officer (CISO) at Daimler Mobility AG. Throughout his career, he has also worked in various cybersecurity and intelligence roles at Emerson Electric Co., Deloitte and the U.S. government.
Beyond his career trajectory, Jaffe has made it a personal mission to help further cybersecurity on a global scale in many ways, including pursuing a Ph.D. at the University of Oxford as well as co-founding the nonprofit Global Center for Cybersecurity, where he serves as Board President.
Jaffe’s security career started when he was recruited by the Central Intelligence Agency (CIA). Working within intelligence, he eventually had a chance to “be on the offensive side of cybersecurity,” as he says. After more than a decade with the CIA, Jaffe moved to Deloitte, where he helped build the organization’s cybersecurity practice. Later in his career, as Global CISO for Daimler Mobility, Jaffe helped the organization build a mature security program focused on cyber engineering, defense, intelligence and risk governance.
“I helped build a team that I am really proud of,” he shares.
Though his career achievements are plentiful, Jaffe is most proud of watching other cybersecurity professionals achieve their own goals, awards or recognition — particularly those he has crossed paths with along the way. “It makes me so proud to look at people in the industry whose careers have intersected with mine and watch them go on to do great things,” he says.
Jaffe is passionate about cybersecurity in a way that transcends his career. He believes that people too often see themselves as victims of cybercrime, but very few see an opportunity to further their career by stepping into one of the most exciting and dynamic technology fields in the world. In an effort, in part, to help remove some of those boundaries and barriers that exist, Jaffe co-founded the Global Center for Cybersecurity @ Cortex (GCC) in partnership with Washington University and others.
The GCC aims to address and combat two of the industry’s biggest challenges: a critical lack of professional development opportunities in poor communities and barriers in the industry surrounding diversity. The nonprofit announced a global initiative to build, train and promote cybersecurity talent in underrepresented communities, such as the greater St. Louis, Missouri area where the organization is headquartered.
“This is one of the most exciting and meaningful projects to me, and I feel that we can take steps to address the challenges in a way that grows wealth and career opportunities in overlooked communities through training talent to help combat cybercrime,” Jaffe says. “There are gaps in a variety of forms within cybersecurity, including knowledge, talent, standards, sector practices, infrastructure and more, which ultimately pose a common threat to society as a whole.”
Jaffe hopes that the GCC can help solve enterprise security challenges, regardless of the size of the industry, company or team, by collaborating, developing and innovating together; it is the “together” part that he truly believes is the way enterprises and countries can protect themselves from future cybercrime.
“As a CISO, I have a front-row seat to a war against cybercriminals, in which we are losing faster and faster each year. It’s going in the wrong direction. We have to stop competing with each other to lose; we’ve got to invert the curve and perhaps eventually win by working together and changing the cybersecurity game,” Jaffe says.
He adds that cybersecurity as a concept has historically marginalized certain populations, through education, opportunities and even the language used within the field. “You hear about cyber warriors, cyber ninjas, etc., and that kind of talk excludes much of the population. We also unnecessarily look to hire ‘unicorns’ all the time. Often people think that cybersecurity is a field that most people can’t be a part of, when, in fact, the best cybersecurity leaders I know came from other degrees or non-security backgrounds,” he says. “As an industry, we need to invest in and develop a broad talent base.”
Another way Jaffe hopes to move the needle regarding skills gaps and cybersecurity posture is by his pursuit of continual learning and personal growth. He believes that education and learning can help the industry on a broad scale, and that’s one of the reasons he ended up at the University of Oxford, pursuing a doctoral degree. “A long series of events in my life’s story arc made this a place I was always excited to study at. They have one of the only social science-focused programs on technology and cybercrime, so it’s not in the department of computer science or engineering. It’s focused on human behavior, and for me, that’s critically important,” Jaffe says.
As an academic Ph.D. candidate at the University of Oxford, Jaffe hopes to gain insight into the equilibrium prices within cybercrime, which will allow researchers, governments and business leaders to better understand how to deter cybercrime.
“I generally think most people do things they are naturally incentivized to do socially and financially. I am focusing on using game theory to quantify the market dynamics that occur in the dark web. My goal is to model the exchange of value that happens there so we can understand how to make cybercrime a bad deal to those engaging in cybercrimes. Right now, it’s very cheap to engage in cybercrime and fairly lucrative in terms of the value you get. Those are adjustable things, and we don’t really understand the equilibrium prices in cybercrime just yet,” he explains.
Reflecting on his career path, Jaffe says that he believes being open to opportunities in life can truly shape your career in ways you can’t anticipate. “I once heard someone talk about being generally in the ‘yes’ position in life, and I’ve held on to that. Look for reasons to say yes. Throughout my career, I’ve had opportunities that I wasn’t expecting to come up; in some cases, they required a pay cut, but the challenge was exciting to me, and I looked for reasons to say yes. I think many of those decisions led me to one of the most interesting and dynamic fields in the world today,” he says.
Jaffe says he also encourages other students or professionals to be open to continual learning in any stage of their career. “Start learning now, and don’t stop until you die. There are no living things — as far as I know — that aren’t growing, so continual learning and growth are so important. I’m well into my career, and I am still learning and pursuing areas I am passionate about.”