Shaun currently serves as the Senior Vice President, Chief Information Security Officer for Discover Financial.
In this role, he leads the Information Security organization with overall responsibility for implementing the information security strategy and objectives, including strategies to monitor and address current and emerging risks and a strong cyber engineering function.
Shaun has over 20 years of IT experience with specialization in information security and risk management. Shaun has held roles in increasing responsibility at the Department of Defense, culminating in the role of Chief Information Security Officer for the Department of Homeland Security, U.S. Customs and Border Protection. He was Vice President, Chief Information Security Officer at Freddie Mac where he was responsible for company-wide cybersecurity risk reduction efforts, security architecture, securing cloud transition, modern software delivery transformation, and end-user experience enhancement initiatives.
Most recently, he served as Managing Director, Chief Information Security Officer at Barclays International.
Shaun is a graduate of the University of Maryland and has an MBA from the George Washington University School of Business.
He serves on the board of the Financial Services Information Sharing and Analysis Center (FS-ISAC), is an adjunct professor at Carnegie Mellon University, and Army combat veteran.
Shaun is also a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and a graduate of the Department of Defense Executive Leadership Development Program.
Get to know Shaun Khalfan
What motivates you to serve on the National Cybersecurity Alliance Board?
Today’s digital environment has never been more contested. I believe education is a foundational component to securing our digital environment. I am passionate about the National Cybersecurity Alliance’s focus on building public-private partnerships to improve collective defense and empowering our businesses, schools, and communities with the training to protect themselves online, whether it’s securing your home network or tips to prevent cyberbullying. Creating strong partnerships and ensuring those operating in the digital environment know how to protect themselves will move us toward a more secure digital world.
How do Discover’s cybersecurity interests align with our mission?
I believe the National Cybersecurity Alliance’s interest in empowering and educating align well with Discover’s. Our mission is to help people spend smarter, manage debt better, and save more so they can achieve a brighter financial future. Protecting our customer data, financial assets, and ensuring our employees and customers have the training and tools to protect themselves online are paramount to enabling this mission.
Do you think your experience and skills as a military veteran equipped you for a career in cybersecurity?
I am thankful to have served and believe military service equipped me for a career in any industry. The military taught me how to create an environment focused on people and compassion, which leads to results. People first, mission always. Service also prepares you to make decisions without all the information, operate under duress, manage risk, lead and empower teams. This translates to many domains in cybersecurity, such as cybersecurity operations and secure product engineering.
What advice to you have for a veteran who wants to jump into this field?
You bring a broad range of key skills to the domain, such as discipline, integrity, teamwork, and mission-focus. That’s a solid foundation to build from and the hardest to train. Your next step is domain expertise. That might be to focus on a particular area for study, take advantage of training programs, and network through veteran’s groups. Lastly, visit the National Initiative for Cybersecurity Careers and Studies (NICCS) which has a user guide for U.S. Veterans entering the cybersecurity career field.
What is it like to work at the intersection of cybersecurity and financial services?
This is an exciting and dynamic sector where cybersecurity and operational risk are on par with credit, market, and liquidity risk, playing a role to help ensure the free flow of capital and liquidity to the marketplace.