ISE® West Project Award Nominees 2017

Going Agile, Securely
Executive Sponsor: Todd Fennell, VP, Information Security, American Express
Location: Phoenix, AZ

Cloud services are an integral part of American Express’s IT strategy – especially for their move to an agile development methodology. Security needed to support the business by enforcing cloud security policies globally and providing a secure collaboration solution. By implementing a cloud access security broker (CASB), American Express tangibly reduced their risk from Shadow IT and securely enabled a standard cloud-based collaboration platform for thousands of developers.

City National Bank E-mail Authentication as a Service
Executive Sponsor: Karl Mattson, CISO, City National Bank
Location: Los Angeles, CA

City National Bank was concerned about bad actors sending emails to their employees and customers pretending to be from the bank. They were also concerned about damage to their brand caused by Phish/Spam sent as them. CNB Implemented Email Authentication using the DMARC standard which ensures that any emails sent anywhere in the world purporting to be the bank would be blocked by the recipient’s email systems.

DHCS Deception Security
Executive Sponsor: Barney Gomez, Deputy Director/ Chief Information Officer, Department of Health Care Services
Team Members: Steve Moore (CISO), Gary Dias (Backup CISO), Mike Ruff (Network Manager), and Yance Lam (Network Analyst)
Location: Sacramento, CA

The California Department of Health Care Services (DHCS) needs to ensure that they can detect, report & mitigate any in network breaches – in real time. Traditional perimeter defense mechanisms are no longer enough. DHCS acknowledged that an additional layer of “in network” security is required with specific emphasis on immediate detection & mitigation of ransomware attacks. Their Deception Security platform deployment now provides a holistic network defense system, that will integrate with their other security tools by luring potential attackers to deceptive data decoys, and away from their credible data assets.

Next Generation Single Sign-On Program
Executive Sponsor: JoAnn Velez, Director, Electronic Security, Seagate Technology
Team Members: Hardik Sancheti (Senior Manager, Identity Management Infrastructure), Michael Hunter (Senior Manager, eSecurity), and Ragini Ramalingam (eSecurity Program Manager)
Location: Cupertino, CA

The NextGen Single Sign-On (SSO) program replaced Seagate’s previous SSO infrastructure to support Seagate’s zero trust security model. The project was necessary because the previous SSO infrastructure was vulnerable to a malicious insider who could acquire users’ SSO cookie in a “watering hole” attack. The project replaced Seagate’s SSO infrastructure with a secure platform that supports risk-based authentication and robust federation. The infrastructure was deployed across two data centers and two disaster recovery sites and included migrating over 150 applications and 50 federations (SSO across two or more domains / companies) with positive impact to Seagate’s business.

Square E-mail Authentication as a Service
Executive Sponsor: Chris Giard, Online Data Manager, Square, Inc.
Location: San Francisco, CA

As a financial services company, Square wanted to ensure that their customers were not subject to bad actors sending emails that purported to be from Square. They also wanted to ensure that only third party senders and internal systems that were in accordance with Square’s corporate compliance program are allowed to send emails as Square. Square implemented Email Authentication using the DMARC standard which ensures that any emails sent anywhere in the world purporting to be the bank would be blocked by the recipient’s email systems.

OneOps Security Framework
Executive Sponsor: Adam Ely, Vice President & Deputy CISO, Walmart
Team Members: Flavio Domingos, Luis Locegueda, Brian Fennimore, Sruthin Parayil, Bhaskar Annamalai, Lev Khusid, Khushboo Lohia, and Niyati Gandhe
Location: San Francisco, CA

Walmart operates one of the largest cloud environments and leverages the open source tool OneOps to manage applications and operating systems. The OneOps Security Framework is an integration that allows applying security best practices and configurations to any application or operating system automatically at deployment to save time while meeting security and compliance requirements. The OneOps security framework is available to all industry users of OneOps through WalMart’s open source initiate.

Western Union Mobile Threat Defense Project
Executive Sponsor: David Levin, Information Security and End User Enablement Leader, Western Union
Team Members: Tim Smith, Sr. IT Manager of End User Computing (EUC) and Corporate Information Security (CIS)
Location: Englewood, CA

Western Union is a huge proponent of empowering their end users via mobile devices, and in 2016 they wanted to make sure they had a strong mobile threat defense solution in place that would properly safeguard their employee’s mobile devices and data. To accomplish this, they required a solution which provided protection across the most common mobile threat vectors- malware, malicious networks, and OS/configuration vulnerabilities- and which was easy to deploy and manage, offered in-depth reporting and analysis, protected devices in real-time, and could mitigate threats automatically.