Jason Loomis on cyber risks with startups, M&A, and SolarWinds - Ascent Conference

Jason Loomis on cyber risks with startups, M&A, and SolarWinds

For those of you who don’t know Jason Loomis, here’s a quick rundown. Jason has been in the information security industry for 20 years in a wide range of industries including TechStyle Fashion Group, ProKarma, and Mellon Capital Management. For the last three years, he has been mindbody’s CISO, a SaaS technology platform for the wellness industry. He’s a senior executive who drives organizational change by building, leading, and mentoring high-performing IS/IT teams. 

We recently sat down with Jason to see what has been top of mind in the world of cybersecurity:

On cyber threats with mergers and acquisitions 

In referencing the 2018 M&A of Marriott Starwood data breach, he knows that there is a real risk with any M&A. You need to understand your risk from the outset, and while it may impact the valuation of the company, it doesn’t need to derail the M&A.

On who has the tightest security 

In his experience, banking and finance have the tightest security – they also have the tightest regulation. But in terms of ‘cutting-edge’ cybersecurity technology – SaaS companies lead the way. It is also interesting to note that while most SaaS companies are cloud-based, banking and finance are likely still accessing the mainframe. 

On social media 

Yes Jason is on social media and he has gotten questions from peers and friends about sharing information on social channels, but Jason doesn’t have an issue with how the platforms are using his data. He knows that if the product is free, he is the product. He is aware of the risks and because of this, is hyper-aware of what content he does share. 

On sensitive information and SaaS

Saas companies should not be in the business of storing sensitive information like credit card info. Some companies can tokenize this data for you and will reduce your overall risk portfolio. His other tip is to hire developers who have experience and knowledge in cybersecurity at the start to ensure it is built into your product.

On preventing future SolarWinds 

This is where our panel on April 7 is going to get interesting. The panel will discuss how to prevent a future SolarWinds hack, but Jason will be our devil’s advocate who believes that if someone wants into your data or information, then they’re going to get in. The best thing to do is to prepare for what comes after.

You can join Jason along with Jimmy Mesta, Tyler Young, and Samantha Schwartz for our SolarWinds Deep Dive at Spotlight on Cybersecurity on April 7th at 4:00 PM EST.

Privacy Notice

This privacy notice discloses the privacy practices for (www.ascentconf.com). This privacy notice applies solely to information collected by this website. It will notify you of the following:

  • What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  • What choices are available to you regarding the use of your data.
  • The security procedures in place to protect the misuse of your information.
  • How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.


We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 202-256-9707 or [email protected].