ISE® North America 2014

Information Security Executive of the Year Awards

The ISE® North America Leadership Summit and Awards were held on November 5-6, 2014 at the Westin Alexandria in Alexandria, VA. The awards recognize the information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security.

The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions.

ISE® North America Executive Award Winner 2014 - Commercial Category

Kenneth Haertling

Kenneth Haertling
VP & Chief Security Officer
ISE® Canada Executive Award Finalist 2013

ISE® North America Executive Award Winner 2014 - Academic/Public Sector Category

Brian Engle

Brian Engle
Chief Information Security Officer
State of Texas

ISE® North America Executive Award Winner 2014 - Health Care Category

Jim Routh

Jim Routh
Chief Information Security Officer
ISE® Northeast Executive Award Winner 2007

ISE® North America Executive Award Winner 2014 - Financial Category

Roland Cloutier

Roland Cloutier
Vice President, Chief Security Officer
ISE® Northeast Executive Award Winner 2012
ISE® Northeast People's Choice Award Winner 2012
ISE® North America Commercial Executive Award Winner 2012

ISE® North America Project Award Winner 2014 - Commercial Category

Executive Sponsor: Daniel Thanos, Director Advanced Cybersecurity & Strategic Programs, TELUS Communications
Location: Toronto, ON

TELUS’ Argus project is named after and inspired by the multi-eyed giant of Greek mythology, to represent an all-seeing system designed to intelligently and automatically detect everything from the most mundane to the most advanced forms of system and network intrusions, and then automate and monitor their containment and remediation. Argus is both a functional system and extensible architecture using advanced software technologies built upon Hadoop clusters, streams, and complex event processing with integrations into security event management and incident response tools. Argus embeds the best of Security Monitoring Analytics to build a game-changing technology with capabilities beyond those offered by off-the-shelf platforms.

ISE® North America Project Award Winner 2014 - Academic/Public Sector Category

The Software Assurance Marketplace (SWAMP)
The Software Assurance Marketplace (SWAMP)
Executive Sponsor: Kevin Greene, Software Assurance Manager of The Department of Homeland Security Science and Technology Directorate, Software Assurance Marketplace
Project Team: Kevin Greene, Miron Livny, Barton Miller, Von Welch, Jim Basney, Patrick Beyer and Irene Landrum.
Location: Madison, WI

SWAMP is a no-cost, high performance computing platform for continuous software assurance. Global customers use an array of open-source and commercial software security testing tools to conduct software security testing. A results viewer consolidates, normalizes and prioritizes weaknesses detected by disparate analysis tools into a central platform to ensure critical weaknesses are remediated. SWAMP also offers a library of almost 400 applications with known vulnerabilities, enabling tool developers to improve the effectiveness of their own testing tools to advance cybersecurity, protect critical infrastructures, and improve software resiliency by integrating security into the software development lifecycle (SDLC).

ISE® North America Project Award Winner 2014 - Health Care Category

Software Security Program Implementation
Executive Sponsor: Jim Routh, CISO, Aetna
Project Team: Tim Tompkins, Brian Heemsoth, Jay Marehalli, Mark Willis, Sara Dunnack and Derek Swift.
Location: Hartford, CT

Aetna’s Software Security Program integrates security controls into the enterprise’s software delivery methodologies to improve developer productivity in producing resilient software while also fundamentally reducing security risk in Aetna’s software assets. During the first year of a three-year plan, the Software Security Group (SSG) successfully implemented an enterprise-wide training and security champion program, integrated new processes, technology, and services to scale risk-based preventative controls across Aetna’s entire software portfolio, and implemented practical techniques to enable effective governance through reporting of key performance indicators. The success of the program positions Aetna as a software security leader in the health care industry.

ISE® North America Project Award Winner 2014 - Financial Category

MIAX options
Enterprise-wide Risk Dashboard and Alerting
Executive Sponsor: John Masserini, CSO, MIAX Options Exchange
Project Team: Philip Varughese and Chaz Pulmeri.
Location: Princeton, NJ

The goal of the Enterprise-wide Risk Dashboard and Alerting project was to deploy a best-of-breed solution that would be used by every single operations team to monitor, alert, and report on corporate-wide risks. The cutting-edge solution, based upon the correlation, aggregation, and risk scoring functions of IBM’s QRadar platform provides custom, individualized dashboards to the entire Operation’s Center as well as concise, risk-centric dashboards and reports to executive management. Additionally, with the integration of our real-time threat intelligence feeds, we are able to proactively alert on known bad actors that are using new attack vectors which otherwise go unnoticed.

ISE® North America People's Choice Award Winner 2014

Jason Witty

Jason Witty
Senior Vice President, Chief Information Security Officer
U.S. Bancorp

ISE® North America Luminary Leadership Award Winner 2014

William Hugh Murray

William Hugh Murray, CISSP

ISE® North America Executive Award Finalists 2014 - Commercial Category

Chuck Hudson

Charles Hudson
Executive Director, National Governance, Risk and Compliance

Vijay Viswanathan

ViJay Viswanathan
Chief Information Security Officer
HD Supply

ISE® North America Executive Award Finalist 2014 - Academic/Public Sector Category

Michael Dent

Michael Dent
Chief Information Security Officer
Fairfax County Government

ISE® North America Executive Award Finalist 2014 - Health Care Category

Vikrant Arora

Vikrant Arora
Sr. Director
New York City Health & Hospitals Corporation

Scott Pettigrew

Scott Pettigrew
VP, Chief Security Officer

ISE® North America Executive Award Finalist 2014 - Financial Category

John Schramm

John Schramm
Vice President of Global Information Risk Management and CIRO
Manulife/John Hancock

Jeffrey Wright

Jeffrey Wright
Vice President, Chief Information Security Officer
Allstate Insurance Company

ISE® North America Project Award Finalists 2014 - Commercial Category

IT Security Analytics (ITSA)
Executive Sponsor: Charles Hudson, Executive Director, National Governance, Risk & Compliance, Comcast
Project Team: Kallol Ray, Venkat Paruchuri, Laura Whitt-Winyard and Luis Colon.
Location: Philadelphia, PA

The ITSA solution at Comcast solves a problem that practically all security organizations deal with – numerous security tools with individual dashboards, reports (many of which are aesthetically unappealing), remediation portals – all working independent of one another and requiring manual analysis to uncover enterprise risk. Comcast’s ITSA program extends beyond the boundaries of a typical IT Analytics program by creating an end-to-end centralized capability that consolidates numerous security tool reports, provides real-time contextual security analysis, produces stunning visual interactive security metrics, generates behavioral analytics, initiates orchestrated automated remediation and facilitates manual remediation workflows.

Put Yourself in the (Information Security) Picture Training & Awareness
Executive Sponsor: Patricia Weedon, VP, Information Security & Compliance, Warner Bros.
Team Members: Patricia Weedon, Jessica Fernandez, Gene Yoo, Andrew Sutherland, Christopher Bolton, Robert Carrillo, Cantrell Harris, Young Le and Sunny Young.
Location: Burbank, CA

The “Put Yourself in the (Information Security) Picture” security awareness campaign is a comprehensive communications effort that was designed to engage and train a global workforce. At the heart of the program are the fictional characters of Barclay and Fisk, two employees on the Warner Bros. Information Security team who aspire to teach their fellow employees about information security. The program was launched with a series of three film shorts. With a blend of humor and substance, the videos created initial awareness and familiarity among employees on the topic of information security. These likeable characters put a story and face on the topic of information security and helped to solidify a brand for the department. The program successfully put the topic of information security on employees’ radar.

ISE® North America Project Award Finalists 2014 - Academic/Public Sector Category

Government of New Brunswick
Security Event Management Centre (SEMC)
Executive Sponsor: Christian Couturier, Chief Information Officer, Government of New Brunswick, Executive Council Office
Project Team: Jamie Rees, Grant Streeter, Todd Legere and Blair Nason.
Location: Fredericton, New Brunswick

In 2012 GNB created a Security Event Management Centre (SEMC) in the Office of the CIO. Its main purpose was to improve the Government’s cyber-infrastructure security posture. SEMC program staff continually monitors and reports suspected cyber incidents to appropriate stakeholders and recommends mitigating actions. This includes near real-time emergency response and longer-term security posture reports. SEMC’s objective was to achieve uniform and consistent security event management across all of government and break even within two years, considering the cost of set-up against the cost of productivity saved.

University of Connecticut
Comcast Center of Excellence for Computer Security Innovation & Center for Hardware Assurance, Security, and Engineering at the University of Connecticut
Executive Sponsor: Mark Tehranipoor, Professor, University of Connecticut
Project Team: Professors John Chandy, Laurent Michel and Jerry Shi.
Location: Storrs, CT

CSI research covers the following domains – Authentication, Hardware Security, Theft Prevention, Software Security, Anti-Tampering, Broadband Security, and Supply Chain and a layered approach to security in the age of “Internet of Things”. The center’s research initiatives focus on addressing broadband security starting from the customer’s home to the infrastructure used for transporting data to the equipment on the service provider’s premise. The goal is for a holistic approach to providing supply chain assurance of equipment starting from manufacturing to distribution to placement in customer homes. One of the main charters of CSI is to train and develop the next-generation security engineers through research opportunities, security contests/challenges and other relevant activities.

ISE® North America Project Award Finalist 2014 - Health Care Category

Pillars of Security Program
Executive Sponsor: Robert Rice, Director, Security Services, St. Joseph Health
Team Members: Robert Rice, Bobbie Tinkler, Chris Martin, Louis Tillis, Roberto Perez, Alek Boyarov, Dan King, Jayanth Panuganti, Michel Isenberg, Shawn Kelly, Victor Allen and Marshall Gibson.
Location: Anaheim, CA

The Pillars of Security program was initiated to establish a model to assess, track and monitor all security risks and initiatives empirically, and allow St Joseph Health (SJH) to be confident that we are focused on the right things at the right times, and can add and align new security risks and initiatives with the proper emphasis and investment. At its core the Pillars of Security is an Enterprise Risk Management (ERM) model, but expands upon the basic ERM model by incorporating a holistic framework of approach, with a strict emphasis on empirically support statements. This allows SJH leadership to have very specific and targeted discussions regarding risk and impact with defensible data to support key decisions.

ISE® North America Project Award Finalists 2014 - Financial Category

Next Generation Identity & Access Management
Executive Sponsor: Jack Key, Chief Information Security Officer & Privacy Officer, USAA
Project Team: BJ Hicks, Patrick Landry, Bradley Machicek, Paul Manz, Brandon Esplin, Randy Jenschke, Carla Rosas, Rudy Castro, Charles Smith, Ruth Shropshire, Christina Marin, Sherry Rakowitz, David Allen, Tammy O’Neal, Diana Teneyuca, Tim Crawford, Elizabeth Williams, Estevan Perez, Gary Pullen, Jediah Logiodice, Jeff Lewis, Jeff Speer, Laura Moran, Letty Sifuentes, Lionel Franklin, Marcie Swonson, Maria Flack, Martin Palmer, Michael Morris, Michael Wood, Pamela Strzelczyk
Location: San Antonio, TX

The Next Generation Identity & Access Management (NexGen IAM) Program is comprised of more than 30 complex interdependent projects aimed at efficiently enabling USAA’s business while creating a world class secure access management capability that meets the needs of USAA’s dynamic and growing business. The projects are developed and deployed by a dedicated highly skilled IAM Information Security team (with integrated IT and Consultant support) in an agile infrastructure development lab. The program has delivered on-time and on-budget since 2011. NexGen IAM projects are delivering exceptional security and business results aligned with the goals of the effort and the mission of the company.

CitiNAC (Network Access Control)
Executive Sponsor: Dan Tigar, Managing Director, Citigroup Architecture and Technology Engineering (CATE) CitiSecure Platform
Project Team: John R. Miller, Bill Sztabnik, Carl Froggett, Dave Tirado, Brian Firlein, Patricia Davis, Howard Chang, Vincent D’Onofrio and Steve Chang.
Location: Melville, NY

The thrust of the CitiNAC (Network Access Control) project lay in the profound urgency to aggressively develop and deploy a proactive security solution that would: dynamically yield real time intelligence of all users, devices, systems and applications requesting access to or on Citi’s protected network; provide Enterprise-wide management and enforcement of security policies across Windows and non-Windows systems; block rogue and non-compliant devices; and assess endpoint compliance states allowing Citi to more efficiently remediate endpoint threats and violations. Citi now has one of the largest active global commercial deployments of Network Access Control (NAC) technology.