Attack the Attack Surface: Aegon's Global Information Security Strategy Implementation
Executive Sponsor: Steve Jenson, Global CISO
Project Team: More than 150 Security Profressionals were involved in delivering our Global Security Strategy. Leaders of the effort were:
Steve Jensen (Global Chief Information Security Officer), Chris Delaney (Senior Director, Infrastructure Security Services), Karen Hunt (Director, Data Security), Joyce Leek (Senior Director, Identity & Access Management), Tom Mooney (Director, Cloud Security), Paul Nickelson (Senior Director, Global Security Operations Center), Eric Svalstad (Global Tech and Corporate Center Information Security Officer), Rob Tourt (Transamerica Information Security Officer), Marijke Witteman (Director, Information Security Analytics), Jesus Gomez (Aegon Spain Information Security Officer), Tony Povoas (Aegon UK Information Security Officer), Herman Stoker (Aegon Asset Management Information Security Officer), Philip Wong (Aegon Asia Information Securty Officer)
Completed an ambitious 2-year, risk-based global Security Strategy implementation by focusing on our highest risk categories: External, Internal, Data and Unavailability of Systems and establishing a cross-organizational collaboration model.
Feathers and Firewalls: Aflac's Zero Trust Approach
Executive Sponsor: Tim Callahan, SVP, Global CISO
Project Team: DJ Goldsworthy (VP, Security Ops & Threat Mgmt), Mike Danley (Director, Security Engineering & Ad), Brandon Sellers (Manager, Cloud Security Engineering), Justin Brown (Lead Cloud Security Engineer), Milton Gardner (Global Security Systems Consultant)
The Zero Trust Program is designed to achieve increased security, simplified network architecture, and cost savings. Aflac's program is centered on the principle of consistent controls, with all communication passing through a cloud-based common exchange. Our goal is to provide a seamless user experience whether they are working on-site or remotely. We use strong identity-based access, requiring step-up multifactor authentication for resource access that appears risky, and we also employ device verification through risk-based access and posture checking.
Data Governance
Executive Sponsor: Elliott Franklin, CISO
Project Team: Rafal Baran (VP of Information Security Operations), Harlan Harris (IT Security Architect), Brianna Toney (Project Manager), Elliott Franklin (CISO)
As a backbone of cyber security and privacy programs, data governance allows for clear understanding of the key risk areas. The team has developed and implemented a data governance processes connected with the Data Loss Prevention controls across in-house data and information stored by third parties. This includes ownership of data, classification, encryption, and backups with DLP over web, hardware, and email.
I-Shield: Simplified Secure Access
Executive Sponsor: Swatantr Pal, Deputy CISO
Project Team: Asad Lambate (Assistant Vice President)
To adopt a risk-based approach to Identity and Access Management (IAM), ensuring the highest level of assurance for privileged users, simplify the process for non- privileged users and vigilantly monitoring user identity configurations and actions.
Office of CISO: Customer Security Trust to Drive Revenue
Executive Sponsor: Jack Ledeicker, CISO
Project Team: Jack Ledeicker (CISO), Michael Sinitiere (Senior Director), Justin Unton (Principal), Jesse Raymond (Senior Security Strategist), Vanessa Sauter (Security Strategist), Thu Koehler (Security Strategist)
To adopt a risk-based approach to Identity and Access Management (IAM), ensuring the highest level of assurance for privileged users, simplify the process for non- privileged users and vigilantly monitoring user identity configurations and actions.
Secure Fastconnect + SD-WAN
Executive Sponsor: Malvin Eanes, BISO
Project Team: Malvin Eanes (BISO), Kerrell Hurt (Head of Global Deployment and Hotel Infrastructure), Alvin Smith (VP of Global Infrastructure), Travis Welch (Network Engineer), Alvin Neale (Technical Consultant), Samuel Sims (Sr Engineer), Mark Moore (Director), AT&T Partnership (5 team members), Digital Hands Partnership (12 team members), Fortinet Partnership (6 team members)
This project was a security-driven business enabler. We transformed 4200 hotels across North and Latin America with a secure improved guest experience and network reliability through the implementation of new SIEM services, encryption, and SD-WAN.
Proactive Fraud Identification Tool
Executive Sponsor: Max Garcia, Executive Director & CISO
Project Team: Maximo Garcia (Executive Director & CISO), Nikola Spasojevic (Information Security Consultant), Marko Vicentijevic (Information Security Consultant), Clay Morgan (Senior Software Support Manager), Vicent Alonzo (Software Support Engineer), Robert Albrich (Software Support Engineer), Christopher Patrick (Software Support Engineer), Paul Wan (Communications Senior Specialist)
A self-service tool to provide NCR Voyix financial institution customers with information about suspicious user activity identified by our security experts. The suspicious activities displayed in this tool are identified by reviewing unique data patterns associated with previously confirmed fraud using data elements like IP addresses and specific event sequences. With this data, our customers can quickly assess these cases resulting in potential loss prevention.
Text Abuse Project
Executive Sponsor: Susan Koski, Chief Information Security Officer
Project Team: Debbie Guild (Head of Enterprise Technology & Security), Susan Koski (CISO), Sam Strohm (Security Operations Director), David Butler (Senior Manager, Enterprise Infrastructure), Mary Beach (Portfolio Management Director), Samba Lampich (Digital Product Manager Lead), Tony Marmo (Deputy General Counsel), Jacqueline Kahwash (Security Manager), Micah Semon (Security Staff Manager), Dale Wisehart (Security Specialist), Cindy Hopson (Senior Security Specialist), Michael Rimkus (Security Manager), Sarah Schuilenburg (Senior Manager, Digital Product Management), Jessica Taverna (Technology Communications Lead), D'Elda Faciane-Lewis (Project Manager), RJ Permuka (Senior Security Manager), Evan Kinney (Security Specialist), Christine Pochis (Customer Experience Group Manager)
After observing an uptick in phishing text messages targeting customers, PNC developed a solution and partnered with telecommunications carriers to help reduce this threat. Once successful, the team socialized this model with the financial industry.
Qualified Access Request & Fulfillment for GxP Systems
Executive Sponsor: Mark Leary, Chief Information Security Officer
Project Team: Edwin Wong (Associate Director, Information Security), Liam Cummins (Senior Director, IOPS IT), Roshan Raj (Associate Director, IT Architect)
Regeneron's manufacturing teams rely on highly regulated systems where access requests require extensive documentation and validation. Our Qualified Access Request (QAR) solution automates the process and maintains auditable records for key systems.
Leveraging ASM, CSPM and SSPM for Cloud Security
Executive Sponsor: Raymond Kernea, Director Attack Surface Management
Project Team: Leo Longoria (Information Security Engineer Senior), Chris Weaver (Information Security Analyst I), Austin House (College Co-op Associate)
Strategic effort to improve cloud security using Attack Surface Management (ASM), Cloud Security Posture Management (CSPM), and SaaS Security Posture Management (SSPM) providing comprehensive defenses enhancing our overall security posture in the face of potential cyber threats.