485 Lexington Avenue, 10th Floor
New York, NY 10017
Jason Straight is a Senior Managing Director and Chief Privacy Officer at Ankura, based in New York. Jason is a leader in the cybersecurity and privacy consulting practice and oversees Ankura’s internal data privacy program. He has extensive experience managing complex cybersecurity investigations and data breach events in a wide variety of industries involving a range of threat actors including malicious insiders, organized criminal operations, and state sponsored groups. In addition, Jason has overseen and led large data risk and privacy compliance consulting matters for global companies facing regulatory challenges arising from the General Data Protection Regulation, the California Consumer Privacy Act, HIPAA, federal and state financial services regulations and other frameworks. Jason also founded and led a Gartner-recognized managed detection and response business providing continuous network security monitoring and threat detection to companies in the financial services, healthcare, manufacturing, legal, and technology sectors. Jason has also served as the Chief Privacy Officer for an international technology services firm.
Jason’s professional experience includes:
- Insider Threat – Engaged by outside legal counsel to lead a six-month intensive investigation into a blackmail scheme targeting a publicly traded manufacturing customer. Collaborated closely with law enforcement to assist with efforts to identify the attacker and neutralize the threat.
- Data Protection Officer – Led team that served as external data protection officer for a large international technology firm with dozens of global offices subject to the General Data Protection Regulation. Efforts included the implementation of a privacy program management platform, sensitive data and business process mapping, security controls review, data subject request responses, data breach notification to data protection regulators, and other tasks.
- Third-Party Risk – Oversaw team engaged to deploy technology and implement a third-party cybersecurity risk management program for a major US insurance company.
- Targeted Attack Simulation – Led team engaged by large pharmaceutical company to conduct technical and executive-level attack simulations to identify process gaps and prepare key stakeholders to make the challenging decisions required by an actual cybersecurity incident. Prepared report of findings to be shared with board of directors
- GDPR Readiness – Engaged by a major international publishing company to build from scratch a defensible data protection program in preparation for the General Data Protection Regulation. Team mapped processing activities and sensitive data, reviewed, and/or drafted policies and procedures, secured data protection agreements with third parties for more than 50 offices and businesses in under four months.
- Anti-Counterfeiting Action – Oversaw team of forensic professionals engaged by outside legal counsel to participate in a law-enforcement led raid of multiple facilities linked to the counterfeiting of pharmaceutical products. Team imaged hard drives, collected media and conducted analysis to deliver to counsel and law enforcement.
- Data Breach Response – Led investigative team engaged by an international government contractor to identify the cause of a major data breach incident and neutralize the vulnerability exploited by the breach. Generated an expert report documenting the event, its timeline, and the full scope of consequences to be shared with federal regulators who inquired about the event.
- Intellectual Property Protection – Designed and led engagement with a leading energy industry company concerned with protecting highly sensitive intellectual property in conjunction with a multi-billion dollar industrial project in the Middle East. Supervised team of physical and information security professionals to create and implement a strict data protection protocol during the course of the project.
- Website Hacking Investigation – Oversaw an investigation into the cause and impact of an alleged hacker attack that resulted in the exposure of user log-in credentials and other personal information. Led an incident response team to identify the attack vector used by the attacker, made sure that the client’s websites were free of malicious code and helped the client bring its sites back online as quickly as possible.
- Intellectual Property Loss Event – Co-led an investigation into the cause of a leak of sensitive intellectual property belonging to a US-based public company to a China-based competitor. Interviewed key witnesses and reviewed electronic evidence to confirm the suspected scope of the leak and identify the likely cause of the incident. Worked with company’s general counsel to prepare and deliver a report to the company’s board of directors.
- Attempted Extortion Investigation – Led an investigation in response to an attempted extortion scheme involving an alleged vulnerability identified in the network infrastructure of a major US law firm. Assisted the firm in identifying the vulnerability and assisted the client in communicating with the adversary to successfully recover the potentially compromised information.
- Leak of Trade Secrets – Led an investigation into the unauthorized pre-release of trade secrets belonging to a major international advertising firm. Helped the client establish whether it was an inherent vulnerability in its website architecture or simple user error that caused the sensitive information to be released publicly before the company had authorized its disclosure.
- JD, University of Minnesota Law School
- BA, Macalester College
- Certified Information Privacy Professional/US
- International Association of Privacy Professionals
- American Bar Association
- Association of the Bar of the City of New York