Jeffrey Groman

Jeffrey Groman

cybersecurity & privacy protection conference 2017

Jeffrey Groman is a Senior Manager in the Mandiant Global Consulting Services organization and a member of the Mandiant Central Region leadership team. He is an Information Security veteran with over 17 years of experience as a practitioner, mentor, team lead and engagement manager. His primary focus is helping clients prepare for a security breach. He also works with clients providing them technical and strategic assessments and forensic investigations.


Mr. Groman has assisted customers in the Fortune 10-500 building security programs ranging from Vulnerability Management, Application Security, Incident Response and SOC implementations. He also has extensive experience running assessments and investigations across industries such as healthcare, manufacturing, retail, finance, and hospitality.

Regional Manager

Mr. Groman served as a regional services manager for a Security Product and Services Company, helping their largest customers build and mature their security programs. Elements of these security programs included developer training, prioritizing fixes, and metrics reporting and analytics. Mr. Groman played a pivotal role in identifying the right set of tools and augmenting customer staff with rightly skilled resources and building out repeatable processes.

Program Manager

Mr. Groman worked for a large Health Insurer building out their Application Security Program and internal Forensics capability. The capabilities did not previously exist in-house, and Mr. Groman was responsible for building these capabilities through a combination of in-house staff and trusted partners.

Senior Consultant

Mr. Groman served as a Subject Matter Expert to customers on a variety of topics such as Application Security, Incident Response, and Security Operations working for a Big 4 consulting firm. Mr. Groman worked on engagements ranging for SOC build-outs to application security architecture reviews, penetration tests, responding to incidents, and creating process documents.


  • BS Electrical & Computer Engineering, University of Colorado at Boulder, 1995


  • Certified Information Security Systems Professional (CISSP) #58218 » GIAC Certified Web Application Defender (GWEB) 2011 » GIAC Certified Forensic Analyst (GCFA) 2008
  • Share