ISE® North America 2013

Information Security Executive of the Year Awards

The ISE® North America Leadership Summit and Awards was held on November 6-7, 2013 at the Sheraton Premiere at Tysons Corner in Vienna, VA. The awards recognize the information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security.

The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions.

ISE® North America Executive Award Winner 2013 - Commercial Category

Glen Taylor

Glen Taylor
Chief Information Security Officer
The Walt Disney Company
ISE® Southeast People's Choice Award Winner 2011
ISE® Southeast Executive Award Finalist 2011

ISE® North America Executive Award Winner 2013 - Academic/Public Sector Category

Kevin McKenzie

Kevin McKenzie
Chief Information Security Officer
Clemson University

ISE® North America Executive Award Winner 2013 - Health Care Category

Jeff Trudeau

Jeff Trudeau
Information Security Officer
Sutter Health

ISE® North America Project Award Winner 2013 - Commercial Category

B N Y Mellon
Unstructured Data Governance Project
Executive Sponsor: Donna Nemecek, VP, Manager Technology Risk Assurance & Senior Information Risk Officer, BNY Mellon
Project Team: Susan Wade, Tijuanna Beckles and Gina Grisaffi
Location: New York, NY

BNY Mellon’s Risk and Compliance Group has developed a governance process to provide security and user access certifications over high risk data stored in network shared drives, which are scrutinized by Regulatory Agencies, external and internal auditors.

ISE® North America Project Award Winner 2013 - Academic/Public Sector Category

University of Massachusetts
University Cyber-security Initiative
Executive Sponsor: Larry Wilson, CISO, University of Massachusetts
Project Team: Todd Glover, Chris Misra, Larry Wilson, Gene Kingsley, Andrew Darling, Brian Sullivan, Jim Packard, Anthony Kolodziej, Jake Cunningham, Wil Khouri and Dan Jones.
Location: Shrewsbury, MA

The University of Massachusetts Cyber-security initiative involves planning, designing, implementing and managing a University-wide technology-based program based on the SANS 20 Critical Security Controls (CSC). The main deliverables include IT asset management, software asset management, system and network configuration, malware defenses, vulnerability management, log management, security administration, data loss prevention, etc. The primary goal is to establish technology, implementation and security monitoring standards that are implemented and managed across all five campuses (Amherst, Boston, Dartmouth, Lowell, Worcester Medical School), UMASS On-line and the President’s Office. Successful implementation of this program will ensure the University reduces the impact and exposure of a Cyber-security threat.

ISE® North America Project Award Winner 2013 - Health Care Category

Executive Sponsor: Terry Rice, AVP, Service Delivery & Risk Management, Merck & Co.
Team Members: (Merck) Phyllis Post, Andy Porter, Jason Victor, Keith Respass, Andrea Kirby, Terry Bauman, Steve Borst, Vish Gadgil, JoAnn Weitzman, Cathy Carfagno, Maria Pascual, Brian Swartley and John Litvinchuck. (Exostar) Tom Johnson, Dan McConnell, Vijay Takanti, Raju Nadakuduty, Paul Rabinovich, Rob Sherwood and Lisa Sullivan
Location: Whitehouse Station, NJ

Merck partnered with Exostar to redefine business-to-business engagements by creating a Life-Sciences Identity Broker in the Cloud. This secure cloud-based hub is where teams from multiple companies can access any number of technology services through a multi-tenant identity broker, protecting sensitive data and intellectual property from unauthorized access. The result included the reduction of time to stand up business-to-business collaborations, minimized administrative cost, and elimination of the need to replicate redundant technology infrastructure. In addition, the model improves the security and risk profiles for these teams by moving away from point-to-point engagements to a highly-scalable service model that can be monitored and protected from outside threats.

ISE® North America People's Choice Award Winner 2013

Eric Fisch

Eric Fisch
Senior Vice President, Information Security
Texas Capital Bank

ISE® North America Luminary Leadership Award Winner 2013

Howard Schmidt

Howard Schmidt
Retired Special Assistant to the President, Cyber Security Coordinator
The White House

ISE® North America Executive Award Finalists 2013 - Commercial Category

Steven Jensen

Steven Jensen
VP and Chief Information Security Officer
Ameriprise Financial

Myrna Soto

Myrna Soto
Senior Vice President and Chief Information and Infrastructure Security Officer
ISE® North America Commercial Executive Award Finalist 2012
ISE® Northeast Executive Award Finalist 2012

ISE® North America Executive Award Finalists 2013 - Academic/Public Sector Category

Connie Barrera

Connie Barrera
Executive Director, Security and Compliance
University of Miami

Larry Wilson

Larry Wilson
Chief Information Security Officer
University of Massachusetts

ISE® North America Project Award Finalists 2013 - Commercial Category

Workspace Virtualization and Containment for Sourcing Providers
Executive Sponsor: Dan Tigar, Managing Director Citigroup Architecture & Technology Engineering (CATE) CitiSecure Platform
Project Team: Matt Ramey, Bill Sztabnik, Brian Firlein, Vincent D’Onofrio, Sean Hunnicutt.
Location: Melville, NY

The solution utilizes a containment approach that satisfies a requirement to establish a controls framework to secure Citi’s Desktop Virtualization strategy for Third Parties. The containment strategy ensures that “least privileges” entitlement is enforced, including Application and Network access controls, at a desktop level.

QRadar SIEM Implementation for Threat Intelligence and Security Monitoring
Executive Sponsor: Ray Archer, SVP & CISO, Scotiabank
Project Team: YRob Knoblauch, Adam Evans,& Alain-Desire Kamenyero, Vicky Laurens, David Tozer, Egor Burnashev, Ify Ajokubi and Kelvin Lomboy
Location: Scarborough, ON

Qradar SIEM was deployed at Scotiabank to collect, correlate and index data from thousands of sources around the globe. Data is ingested into the SIEM platform and provides security analysts with a correlated and contextualized view of the Scotiabank network in real-time allowing them to detect anomalies in near real-time. The SIEM solution has moved Scotiabank closer to an “Intelligence Based Security” model  which provides analysts with the ability to respond quicker to emerging threats while reducing impact to their users and customers by leveraging internal and external intelligence sources during threat remediation activities. This implementation has allowed Scotiabank to react to new threats more quickly and armed with deep intelligence.

Twitter Domain Authentication Service
Executive Sponsor: Josh Aberant, Postmaster, Twitter
Location: San Francisco, CA

The Twitter Domain Authentication Service was deployed to prevent malicious unauthorized use of Twitter domains and brands in email communications across the Internet. Prior to deployment of the service, Twitter customers had no way of knowing if the email they’d received purporting to be from Twitter was actually from Twitter or was from a criminal impersonating a Twitter server. Since the rollout of the project, Twitter users have been able to know that emails claiming to be from and other Twitter domains are really from Twitter, and the level of email phishing attacks against Twitter have dropped over 95%. This represents over 110 million malicious emails per day being blocked from reaching Twitter users.

ISE® North America Project Award Finalist 2013 - Academic/Public Sector Category

Kennesaw State University
KSU Identity and Access Management Initiative
Executive Sponsor: Lectra Lawhorne, Executive Director of Information Technology Services, Kennesaw State University
Project Team: McCree Lake and Stephen Gay
Location: Kennesaw, GA

An implementation of IBM Security Identity Manager and other systems that creates and manages a centralized repository with key data elements about every person in the organization merged together from multiple sources that in turn fully automates the management and creation of accounts and services on multiple systems in the enterprise. The project substantially automated existing business processes which were previously not easily enforceable through workflows managed by defined and business-drivenworkflows. Additionally, the system creates a single sign-on environment across the entire enterprise by synchronizing passwords and users across all systems and enforcing password standards for regulatory compliance.

ISE® North America Project Award Finalist 2013 - Health Care Category

EPCS for Electronic Prescription Pharmacy Compliance
Executive Sponsor: Jeffrey Pettingill, Enterprise IT Risk & Compliance, PharMerica Corporation
Project Team: Michael LaMondra, Michael Krok, Muhammad Amjad, John Davis, Daniel Teklu, Sherry Walts, Christopher Aloi, team at McGladrey LLP, Joseph Benfatti and Aris Baghoumian.
Location: Louisville, KY

The goal of this project was to obtain Electronic Prescription Controlled Substance certification to dispense controlled substances electronically for our patients located in long-term care facilities. Compared to paper or fax prescriptions, e-prescribing improves medication safety, better management of medications costs, improved prescribing accuracy and efficiency, increase practice efficiency while improving health care quality and reducing health care costs through the reduction of adverse drug events and increased prescribing of generic medications. Making the process of prescription filling easier for patients will improve patient compliance with their medications. E-prescribing will help decrease the number of unfilled prescriptions by removing one step in the traditional prescription filling process, but also build a more complete medication history for our US pharmacies which a patient may use.