By Sherri Davidoff   /   May 12th, 2019

Tribute to Jerome “Jay” Combs (1954-2019)

Jay speaking at the University of Montana School of Business, 2015.The security community lost a special person this week: Jerome “Jay” Combs, longtime Senior Examiner at the Federal Reserve Bank of Minneapolis. Jay was a leader who worked with banks throughout the nation. He was passionate about security and cared deeply about the communities that he served.

Jay impacted my work before I ever met him. When I was a much younger penetration tester, working for banks, my clients would hire me because he was going to audit them. Although I didn’t know it at the time, Jay would also review my reports. Clients would often say, “Our examiner says we should be using the Critical Controls. Can you help?” I found out later that this was Jay’s guiding hand, pushing our banks to improve their security, one step at a time.

Like so many people in security, Jay was a Renaissance man. He was a professional bassist in San Francisco for many years. He lit up whenever anyone played Motown or mentioned the Funk Brothers. Once a professional DJ, Jay had wide and varied musical tastes, and he relished in sharing his latest favorite albums and songs.

The road leading to the Mission Mountains, St. Ignacious, MT. Photograph by Jay Combs.Jay was also an avid photographer. He delighted in taking photos of nature and the people he loved. My favorite of Jay’s photos is a portrait of the highway leading to the Mission Mountains in St. Ignacious, Montana. In order to capture just the right angle, Jay laid down in the middle of the highway at dawn, rolling the dice that no cars would come along while he snapped the shot.

Professionally, Jay was a security evangelist. He knew instinctively that security was overwhelming for everyone— smaller banks in particular. He had a knack for breaking complex topics into bite-sized pieces, so that even non-technical folks could understand. Jay also developed his own, simple model: “5 Things— a Nontechnical Approach to Cybersecurity Risk Management.” These guiding principles are still beautifully relevant today.

A few weeks ago, when Jay decided to stop treatment for cancer, I asked him, “So how’d it go? How was life?” He reflected, and answered, “It was okay. Looking back, I wish I had taken more risks.”

Life, like banking, was all about risk for Jay. In the same way that he assessed banks, he assessed himself, and evaluated his own risk appetite. From Jay, I learned that security isn’t always about reducing risk. It’s about balance. You have to take risks in order to make progress.

Jay: thank you so much for everything. You were a friend and a mentor for me, as well as for our community here in Montana, and for the countless other people whose lives you touched. We love you and miss you. May you rest in peace.

About the Author

Sherri Davidoff

Sherri is the CEO of LMG Security and the author of “Data Breaches.” As a recognized expert in cybersecurity and data breach response, Sherri has been called a “security badass” by The New York Times. She has conducted cybersecurity training for many distinguished organizations, including the Department of Defense, the American Bar Association, FFIEC/FDIC, and many more. She is a faculty member at the Pacific Coast Banking School, and an instructor for Black Hat, where she teaches her “Data Breaches” course. She is also the co-author of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012), and has been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien”Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in Computer Science and Electrical Engineering from MIT. Her latest book, Ransomware Response, will be published early next year.