Jordan Shaw-Young is Chief of Staff, Security Solutions at BlueVoyant. BlueVoyant is an analytics-driven cybersecurity company whose mission is to defend businesses around the world against agile and well-financed cyber attackers by providing unparalleled visibility, insight and responsiveness. At the Catalyst, Jordan is a Fellow, and his research and publications focus on cybersecurity economic decision making support for start-ups and early stage technology companies. Jordan is a graduate of the London School of Economics and Political Science (LSE), Masters of Science; M.S, Business Administration and Management, a graduate of Queen’s University, M.S., Philosophy, and University of Toronto, B.A, Philosophy.
For Jordan Shaw-Young, his career in cybersecurity began with the study of logic. Jordan was a masters student in the philosophy department and he found himself caught in the divide between epistemology (the study of the nature of origin and the limits of human knowledge), and political philosophy (a branch of philosophy concerned with the concepts and arguments involved in political opinion.) His early interests were in geopolitics and he chose political philosophy as a result. He liked thinking about how we do (and how we should) organize ourselves as human societies.
At that time, the philosophy department often meandered from class to the pub. And it was there that Jordan and his classmates would poke holes in the logic of one another’s philosophy. “Philosophy is about logic and the logical construction of ideas,” says Jordan, “such that if someone has a supposition and a conclusion they’re drawing, you question the foundational parts to see if they’re actually right.”
That’s when Jordan applied this concept to the business world.
His path unfolded after the loss of a dream. He had studied political theory with an intention to go into public service. While in grad school, he interviewed for CSIS, traveling from Kingston to Ottawa for six interviews. In this impossibly selective process, it appeared Jordan had what it would take. He made it through all the psychological profiles. And only in the end, at a final interview, did he lose his streak. “I got all the way. But I didn’t prepare for it adequately. My life would have taken a very different turn had I gone down that path.”
The philosophy advantage: breaking down complexity in cybersecurity
With the dream of CSIS behind him, Jordan was resolute about solidifying his next steps. But it wasn’t easy. He graduated in 2008 with a philosophy degree at the height of a global financial crisis. He stumbled into a job at Telus. It was his first foray into technology, and after some time learning the business he joined the security team as a Product Manager. Telus was a great place to be doing security at the time, he reflects.
According to Jordan, security wasn’t a common career path then. There were few school programs in cyber but Telus had a lot of top Canadian security talent. It was a really important, formative couple of years.
While Jordan’s philosophy background wasn’t a significant contributor to landing the job, the utility of his training quickly rose to the surface. “A structured way of thinking is such an asset,” says Jordan. “I walked into a job where I didn’t know anything about anything. But it helps you approach complicated topics.” Philosophy gave Jordan an advantage because it enabled him to break things down into their parts. It helped develop skills of pattern recognition. It strengthened his ability to sight and create connections. He could synthesize. He quickly gained a reputation for asking uncompromising questions.
Thinking back to those intellectual jousts at the Queen’s pub, Jordan says, “You’re used to being in that place where you don’t know what you’re talking about. But you can ask questions, relatively intelligent questions in a genuine way, because you just don’t know the answer.” This proved pivotal in a big corporate environment, where things often happened in a certain way, simply because that’s how they had always happened.
Jordan’s proclivity to question things gave him a reputation as a person who was willing to make change, to do things differently.
Cybersecurity and the mission-driven mindset
From his application to CSIS to his first role, there was a unifying theme: Jordan was interested in security. He saw promise in the cyber ecosystem, it was a natural next step.
Cyber attracts the mission-driven. You have to be on the side of defending somebody. That’s going to be the thing that keeps you going, the thing that keeps it interesting. In IT and technology, you can build things, but nowhere else in the technology industry do you have another person on the other side of the computer trying to break it. It has a competitive angle. In cyber in general, everything you’re doing is competing against attackers. I think the motivation for me is competitiveness — competing with threat actors, and each other in the industry.
Jordan has had many roles in cyber, but perhaps his favorite was in sales. He wanted to be closer to the customer. In a sales role, Jordan was inseparable from the user. They had real problems, and up close, you could feel the weight of the responsibility of protecting them. If they were breached, their company might go out of business.
Jordan’s team protected the Province of Ontario, including healthcare and law enforcement — if things went wrong from a security perspective, there was a real impact on people’s lives. In sales, Jordan got close to the problem customers were trying to solve. “After that,” he says, “you can go back and sort out how your company can help to solve it better than anyone else.”
The desire to solve drives Jordan’s work as a Catalyst Fellow. “It’s a risk calculation,” says Jordan, speaking of his research endeavors. “You have to take some amount of people and money and resources and you have to put it toward making sure the attacker doesn’t steal or break this asset.” Jordan points out that if you’re diverting resources, or taking people away from something else, you’re taking them away from new ways you could be building your business or contributing to research and development. “It’s always a trade-off decision,” says Jordan. “You’re doing something for risk mitigation. It sucks that someone is out there trying to steal your stuff, but that’s the reality.”
You’re one business potentially up against organized and well-funded government or criminal organizations, and you have to make a tough decision about how much of your limited resourcing you will put towards cyber defense.
Security versus growth: Insights from the Zoom dilemma
Jordan’s Fellowship research interest at the Catalyst had its roots in his research in the last year at London School of Economics and Political Science (LSE). His curiosity stems from the question that business owners face: “How do I make smart and pragmatic decisions around where I’m investing?” For Jordan, the big question is how does cyber fit into that.
In his research, Jordan came across the organization Zoom Conferencing, which took off in 2020. They were pretty much in the growth phase. Then, the pandemic hit. Everyone was working from home, and companies suddenly raced to buy Zoom licenses. The company went up to around 400 million users overnight. But then the security teams at the client companies started poking around the software and realizing that Zoom had cut a lot of corners. It wasn’t that secure.
As a result, governments and the military said Zoom could not be used. Some big enterprises jumped on board. The CEO was raked over the coals. What struck Jordan in all of this was the underexamined dilemma. Was it actually the wrong decision to focus on the product growth and cut corners on security? This was patient zero for Jordan’s case study.
But maybe if they had gone slower and built a more secure product, maybe they never would have gotten that huge growth. They would have been lost to history. No one would have ever heard of Zoom.
This got Jordan thinking. How do you make the decision? When is the right time? “Maybe they did exactly the right thing. Get all these users and fix security later.” A startup may have two people. Jordan explains that the focus has to be on building the business and creating a product that is useful in the marketplace.
At what point, when you’re deciding to hire that third person, do you choose to hire someone for security reasons? It could be you need an engineer, someone in sales, or a financial person, so when do you know?
“Somewhere between founding and the time that Zoom is a public company,” says Jordan, “there is somewhere on that curve where you must hire a security person. And it’s a bit of a chicken and egg problem. You need to pay someone who knows about security to tell you when you should pay someone to tell you about security ” In his research at LSE, Jordan found that founders often felt badly about their decision to ignore potential security issues because the media and cyber industry told them that they should think about it, when what they felt they needed most was to focus on their product.
When Jordan learned of the opportunity to apply for a Fellowship at the Catalyst, he knew he could take the work he had started at LSE the next mile and put his learnings into practice. Building on his Master of Science in Management dissertation, Jordan aims to refine his analytical framework and produce practical tools to help founders and management teams make informed cybersecurity decisions.
As a Fellow, Jordan’s goal is to support investment decision making in early-stage startups. Specifically, he wants to guide managers without cybersecurity expertise in effectively directing limited resources. The fellowship provides this opportunity.
Defending networks, defining purpose: A career in cybersecurity
These days, Jordan works at BlueVoyant as Chief of Staff of the Detection Response Business Unit. In his 4+ years at BlueVoyant, he has worked in a variety of positions including, sales, product management, and now Chief of Staff. When he started at the organization, there were 150 people. Now, BlueVoyant has grown to over 800 employees. As the company grew, he relocated to New York. His business unit watches customer networks for signs of attack and they kick attackers out when they find them. Businesses and governments hire them to watch their networks, to find out when there is an attacker, and to kick them out before they can do any kind of damage. It’s exactly the kind of work that fuels and fulfills him.
Ultimately, what drives Jordan is the competitive angle. “In cyber, everything you’re doing is competing against hackers. You’re not just trying to keep infrastructure running or keep your mobile network up. You also have a person who’s trying to take it down, steal money, or otherwise disrupt somebody’s life on the other side. The motivation for me is about competing with threat actors.” The work is demanding, but it’s purposeful. Jordan wouldn’t change his path.
