Jeffrey Jones has always had his eye on a target. He joined the military with the goal of earning a college degree—actually, the first of four. In the process, he learned valuable skills, from meeting hard deadlines to leading in stressful situations.
Today, he’s no longer responsible for launching cargo aircrafts. But that background has served him well over the course of a career that has required multiple pivots and laser focus as he worked his way to his current role as chief information security officer (CISO) at Milliman, an actuarial and consulting firm.
Initially, Jones intended to become a video game designer, inspired by his love of arcade games, particularly Tempest. When that plan evolved into an interest in software development, he knew he would need to study computer science. He enlisted in the US Air Force to leverage the tuition assistance provided through the GI Bill, but the experience benefitted him in many other ways.
Jones was trained in avionics technology, stationed at Travis Air Force Base in California, and deployed to Germany for operations Desert Shield and Desert Storm. In that era, he supported all aspects of avionics on cargo aircraft. As he managed systems repairs, he established lifelong friendships, met his wife Cynthia, and finished the first of his four degrees while on active duty.
Later, during his undergraduate studies in computer science and engineering at the University of California, Davis, Jones completed internships with Pacific Bell and Lockheed Martin before embarking on the career journey that brought him to Milliman.
His path there has been full of twists and turns that, although unexpected, have prepared him for the top tech spot. “Each different stop in my career has given me a new chance to reenvision how to use my skill set and find interesting ways those skills can benefit a company or organization,” he explains.
One of those unexpected moments came in 2003 when ADP acquired ProBusiness, where Jones was the director of internet engineering responsible for a suite of online products that supported thirteen million users. Suddenly, in what he describes as a “crushing blow,” Jones found himself caught up in layoffs.
Instead of wallowing, the resilient Jones mined his network and took a step up into an information security officer opening at CoreLogic. “The key was recognizing that it wasn’t personal,” he reflects. “It was business.” From there, Jones transitioned to roles at Black Knight Financial Services and Kalles Group, where, as a consultant, he built a robust information security (IS) compliance risk and remediation management program.
“The key was recognizing that [the layoff] wasn’t personal. It was business.”
Jeffrey Jones
In 2016, Jones joined Milliman as IS manager for the global corporate services team. Milliman is a Seattle-based firm with about 5,000 employees and 125 practices worldwide. Jones’s principal responsibilities include advancing the maturity and governance of its IS policies.
In the years that led to his promotion to CISO, Jones aligned cybersecurity endeavors to business objectives, managed incident response activities, and built an IS team whose contributions are valued by the firm.
These steps are of critical importance, as each of Milliman’s practices operate with some autonomy while being guided by the policies and programs that Jones and his team introduce and maintain to keep Milliman’s network and data safe and compliant with privacy regulations.
Seven years ago, that team consisted of just three people; today, Jones has twenty-five associates working with him. The “red team” handles vulnerability management and penetration testing while the “blue team” focuses on cybersecurity operations, incident response, and other related areas.
As Milliman, its clients, and its employees adjust to life and business in the post-pandemic environment, Jones is implementing Zero Trust principles to support remote and hybrid work arrangements. Zero Trust is a security methodology that constantly screens, authenticates, and validates users who need access to data. He used a variety of solutions and the one that helped the most with segmentation was Zero Networks.
The landscape is changing at Milliman and beyond. Fortune reported that there are seven hundred thousand IS positions to be filled industrywide. That means companies need to be realistic, creative, and flexible when it comes to employee attraction, development, and retention.
“Talk to leaders to know and understand what information must be protected against leaks and compromise. Otherwise, you may overspend or underspend.”
Jeffrey Jones
“IS leaders will be challenged to find candidates that have all boxes ticked during the vetting process. Creative and successful companies will navigate high employee demand and limited availability by getting creative and developing their own training programs for non-traditional candidates,” Jones says.
The respected tech leader expects threats to increase in the coming months and years. His peers and counterparts therefore need to have layered controls and engage in deep conversations with their business partners.
“Talk to leaders to know and understand what information must be protected against leaks and compromise. Otherwise, you could find yourself in a position of not being aligned with your organization’s risk tolerance, which, in turn, can result in overspending or underspending,” he advises.
Advising is a role near to his heart. Jones coached his sons, Brandon and Donovan, in sports when they were younger and now cherishes giving them career advice—Brandon, a University of California, Berkeley computer science graduate, is following in his father’s footsteps and working in the information technology discipline.
Jones also is a mentor in a Milliman program and through 100 Black Men of America. “I benefitted from coaching in my career,” he says, “and I value opportunities to pay it forward.”
As always, Jones is focused on moving forward and meeting the next challenge. “Work in the cybersecurity discipline is ever changing,” he says. “You must continue to hone skills in your field. Hard work and preparation are critical to success and getting to the next stage.”
Zero Networks protects organizations of all sizes by providing an automated microsegmentation solution at scale and with the click of a button—without agents or hair-pinning. By leveraging MFA-everywhere, Zero Networks blocks ransomware and completely stops lateral movement, all without interrupting normal network traffic.
