Jeffrey M Spaeth


Jeff is a Director in Grant Thornton’s Cyber Risk practice, with focus on infrastucure security.  He has over 20 years of experience of cybersecurity consulting, implementation, and operations experience.  He has led numerous large scale engagements for both private and public sector in the following areas:

  • Enterprise Security opeation and analysis capability improvement
  • Security programs strategy and implementation
  • Security architecture assessement and integration
  • Security Incident management response and coordination


  • Led a team conducting a Security Gap assessment of an international bank. Built up a cross sector international team of security analysts for the first Managed Security Operations Center Monitoring and Threat Intelligence Service Offering for Financial Services sector.  Developed Incident Management Governance and Charter for formalization of incident response and management procedures.  Conducted Use Case workshops for the implementation of new SIEM technology implementation. Worked with Americas branch to start insider threat program and implementation of user behavior analysis use cases and toolset.  
  • Led teams for an international bank and financial group establishing and developing a Cyber Security Operations Center (CSOC) encompassing the integration of all operational aspects of the Americas into a centralized cyber security model. Developed new processes and procedures in response to a Federal Financial Institutions Examination Council (FFIEC) assessment.  Implemented new training, integration, standard operating procedures, reduction and deduplication of personnel, equipment, and processes.
  • Led the establishment of the Threat and Vulnerability program for a large national insurance company and all its subsidiaries and affiliates.  This effort built the organization from having basic scan and patch methodology to a maturity model with strategy and governance and program charters.  This not only allowed the customer to meet all audit requirements but allowed them to have an established and sustainable program with vulnerability and threat intelligence teams working with the Security Operations Center for better security posture and proactive operational models.
  • Led the restructuring and implementation for the largest federal department’s Network and Security Operations Center (NSOC) into fully credentialed CSIRT and Fusion Center.  The center was responsible for managing 24x7 operations, analysis of network and security incidents, incident response, computer and network forensics, cyber threat intelligence and vulnerability management.


Professional qualifications and memberships 


Presentations and publications

  • Phase 0 – Micro Focus Protect 17

Languages spoken



Education [optional]

  • M.B.A Candidate
  • BS, Software Engineering