ISE® North America 2015

Information Security Executive of the Year Awards

The ISE® North America Leadership Summit and Awards was held November 10-11, 2015 at the Westin Michigan Avenue in Chicago, IL. The awards recognize the information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security.

The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions.

Unique to the ISE® North America Awards, both executive and project divisions offer recognition within industry classification, including Commercial, Financial Services, Health Care and Academic/Public Sector.

ISE® North America Executive Award Winner 2015 - Commercial Category

Bret Arsenault

Bret Arsenault
Vice President and Chief Information Security Officer
Microsoft
Seattle, WA
ISE® North America Executive Award Winner 2015 - Commercial Category
Biography



ISE® North America Executive Award Winners 2015 - Academic/Public Sector Category

Michael Dent

Michael Dent
Chief Information Security Officer
Fairfax County Government
ISE® North America Executive Award Finalist 2014 - Academic/Public Sector Category
ISE® North America Executive Award Winner 2015 - Academic/Public Sector Category

Biography


Medha Bhalodkar

Medha Bhalodkar
CISO, Enterprise IT Risk Officer
Columbia University
ISE® North America Executive Award Winner 2015 - Academic/Public Sector Category
ISE® North America Executive Award Winner 2016 - Academic/Public Sector Category
ISE® Northeast Executive Award Finalist 2018

Biography



ISE® North America Executive Award Winner 2015 - Health Care Category

Mike Towers
Former Chief Digital Trust Officer
Takeda Pharmaceuticals
ISE® Northeast Executive of the Year Award Winner 2015
ISE® North America Executive: Health Care Award Winner 2015
ISE® Northeast Executive Award Winner 2020
ISE® North America Executive: Health Care Award Winner 2020

Biography



ISE® North America Executive Award Winner 2015 - Financial Category

Lisa Humbert

Lisa Humbert
Chief Information Risk Officer
BNY Mellon
New York, NY
ISE® North America Executive Award Winner 2015 - Financial Category
Biography



ISE® North America Project Award Winner 2015 - Commercial Category

ATT
Project Astra
Executive Sponsor: Ed Amoroso, Chief Security Officer, AT&T
Project Team: Dan Solero, Michelle Barry, Rodney Dilts and Anthony Ramos.
Location: Bedminster, NJ

AT&T’s Astra project is an innovative, cloud-based platform to protect all internal applications within the AT&T cloud environment. The Astra ecosystem and framework enables virtual security services to be delivered effortlessly via APIs and automated intelligent provisioning, creating micro-perimeters around specific applications based on application specific requirements. Using an Agile software development approach, the project integrated internally developed software with both open source and vendor solutions to create an extensible architecture, providing protection to AT&T’s enterprise network.



ISE® North America Project Award Winner 2015 - Academic/Public Sector Category

Columbia
IT Risk Management Security & Privacy Program
Executive Sponsor: Medha Bhalodkar, CISO and AVP, Columbia University/Information Technology
Project Team: Chuck Eigen, Joel Rosenblatt, Larry Lee, Chris Dowden, Bhargava Gorty, Demian Vanderputten, Spencer Malmad, Martin Wren and Dan Ellentuck.
Location: New York, NY

Over the last 12 months, rather than doing security projects or initiatives in a reactive manner, or reporting risks in “silos”, our CISO proposed that we implement a comprehensive program for Security and Risk Management that outlines a multi-layered approach to Security at the University. Our program includes major areas such as strategy, policies and standards, governance and operating model, management processes, management reporting, communication, training, and awareness. Using this program as our framework, the program team assessed the current status of controls/maturity on all categories, as well as the tools required, and then identified/planned and implemented multi-year Security and Risk Management initiatives, which were communicated across all stakeholders, and obtained CISO Executive sponsorship and alignment. These projects were all monitored and reported to senior management over the identified period.



ISE® North America Project Award Winner 2015 - Health Care Category


Application Security Program Management
Executive Sponsor: Jason Morton, Application Security Manager | Office of the CISO
Team Members: Tim Heimerl, Andrew Welsh, Matin Kahn, Bud Wilkinson, Manuela Robinson, Carla Lewis and Ben Kinsella
Location: Denver, CO

The project was focused on transforming how application security was managed for DaVita HealthCare Partners’ complex ecosystem. The goal was to move from a one-man operation into a fully integrated program, built on a single platform that could scale with the business needs.

By May, 2015, DaVita has brought the software development lifecycle (SDLC) for 18 applications under automated security assessment, trained 90 developers around the world, established a secure mobile program, put a system in place to ensure that all third-party application used by DaVita HealthCare Partners are secure, and actively monitors all 141 of the company’s associated websites.



ISE® North America Project Award Winner 2015 - Financial Category

U S A A
Biometric Logon for Mobile App
Executive Sponsor: Gary McAlum, Senior Vice President, Chief Security Officer
Project Team: Philip Leininger, Thomas Buckingham, Rick Swenson, Tom Clark, John Harris, Vicki Shapiro, Hoang Vo, Rochelle Tijerina, Robert Barner, Maria Gummerson, Tammy Sanclemente, Sudarshan Rangarajan and David James
Location: San Antonio, TX

USAA continues to innovate in security, first with two-factor “Quick Logon” and now by providing a game changing experience of using facial or voice biometrics as a convenient and secure means of logging onto the USAA Mobile Application. This capability expands on our existing use of an embedded security token with our biometrics technology, eliminating the need for static usernames and passwords while improving the overall logon experience. This giant step directly addresses safeguarding personal information being harvested from data breaches and social engineering, by focusing on what you have and who you are and not on what you know.



ISE® North America People's Choice Award Winner 2015

name

Gary Hayslip
Director of Information Security (CISO)
SoftBank Group
ISE® West Executive of the Year Award Winner 2015
ISE® North America People's Choice Award Winner 2015

Biography


ISE® North America Luminary Leadership Award Winner 2015

Bill Boni

Bill Boni
Retired Senior Vice President
Information Security
T-Mobile USA
ISE® Central Executive Award Winner 2007
ISE® North America Commercial Executive Award Finalist 2007
ISE® Luminary Leadership Award Winner 2015

Biography


ISE® North America Executive Award Finalists 2015 - Commercial Category

Chris Bullock Chris Bullock
Director of Information Assurance
Aaron's Inc.
Kennesaw, GA
ISE® North America Executive Award Finalist 2015 - Commercial Category
Biography

Pritesh Parekh

Pritesh Parekh
VP & Chief Security Officer
Zuora
San Francisco, CA
ISE® West Executive Award Finalist 2016
ISE® North America Executive: Commercial Award Finalist 2016
ISE® West Executive Award Finalist 2017
ISE® North America Executive: Financial Award Winner 2017

Biography


ISE® North America Project Award Finalists 2015 - Commercial Category

Aarons
Aaron's Secure Software Development Lifecycle
Executive Sponsor: Chris Bullock, Director of Information Assurance, Aaron's
Project Team: Bhavin Patel, James Moore, Meghan Flynn and Sarah Countryman.
Location: Kennesaw, GA

Aaron's Secure Software Development Lifecycle is a unique fusion of advanced application security technologies with the company's agile software development methodology. By scanning application code for vulnerabilities as it's being written, this project enables Aaron's developers to seamlessly resolve identified issues, not only improving application quality and security but also accelerating application time-to-market and reduce costs substantially. Aaron's also made corporate-wide engagement a key part of the project by sharing application security testing results with everyone from senior management to store owners—not just developers—to promote collaboration and engagement with security as key enabler of business success.



Tokenization of all Caesars PCI environment
Executive Sponsor: Steve McNamara, VP of IT Security, Caesars Entertainment
Team Members: Team Members: Bobby Wilkins, Vaishali Caldwell, CJ Foster, Mukti Bhakta, Judi Evans, Sue Traynor, Brian Bunney, Alan Kennemar, Aaron Otte, Eric Williams, Swithin George, Komala Mekapati, Mike Rogers, Tyler Adams, Rebecca Davis, Marilyn Ellis-Visser, Raju Bade, Revathi Kannan, Elton Cassels, Manuj Bhatia, Greg O'Keefe, Jeanine Glass, Shaun Burnett, Galen Duff Luette Loop, Haamid Shaik, Minh Tran, Chad Becker and John Plough
Location: Las Vegas, NV

This project successful eliminated all credit card (CC) data in affected systems by deploying Point to Point encryption (P2PE) and Tokenization. Using these two solutions the affected systems no longer see, process, or store CC data, protecting Caesars from breach or theft of that data. P2PE encrypts the CC numbers at the swipe preventing any memory scrape risks and tokenization replaces actual CC data with a token, randomized 16-character alphanumeric representation of the CC data.

Jabil
Jabil Security-as-a-Service Initiative
Executive Sponsor: John Graham, CISO, Jabil
Project Team: Erik Collasius, John Graham, Mike Theriault, Walther Ardon, Greg Fisher, Troy Riley and Gabriella Nelms.
Location: St. Petersburg, FL

Jabil’s global customer base is highly competitive regarding intellectual property, cutting edge innovation, and the secrecy surrounding new product launches. Losing this data would result in millions of dollars in contract fines, as well as, major loss of existing and future business. To minimize customer and Jabil risk, Jabil created and adopted a portfolio of security-as-a-service solutions in order to better protect and secure the company’s critical information. The security-as-a-service initiative spanned three areas: application access, data loss prevention and external threats. This project enables Jabil to close security gaps, have an accelerated rapid time to value, leverage its security technology and practices as a market differentiator and create a competitive business advantage in the marketplace.


ISE® North America Project Award Finalists 2015 - Health Care Category

Blue Cross Blue Shield/Blue Care Network of Michigan
Supplier Risk Management (SRM) Program
Executive Sponsor: Tonya Byers, Director II, Information Security
Project Team: Damon Stokes, Cecilia Burger, Shannon Robinson, Joe Dylewski, John Becker and Cantrell Daniels
Location: Detroit, MI

The Supplier Risk Management program gauges each supplier’s capability to protect BCBSM/BCN’s sensitive information exchanged and computing assets provisioned, in the normal course of the business relationship, while adhering to established HIPAA/HITECH requirements and information security industry standards, by:

  • Identifying risks of new/existing suppliers who connect to BCBSM/BCN infrastructure, access BCBSM/BCN data, develop or maintain BCSM/BCN’s software
  • Tracking remediation plans
  • Executing on-site visits or desktop assessments, based on detailed questionnaires, to ensure security measures are implemented
  • Monitoring, reassessing, and decommissioning suppliers per contractual agreement
  • Employing a quantitative, risk-based approach to supplier ranking and reporting metrics

HMS
Business Resilience Program
Executive Sponsor: Scott Pettigrew, Chief Security Officer
Project Team: George Macrelli, Denise Mason, Daryl Hykel, Sean Miller, Michael Lee and Catherine Sisterson
Location: Irving, TX

Business Resilience Program: Business Continuity Management (BCM) and Security Risk Management (SRM) responsibility has been somewhat of a conflict because, although it is important to have a plan for such an unlikely catastrophe, there are other serious risks that have a nearly certain likelihood of occurring. Risks like privacy, fraud and inaccurate data. Emotions run high in the face of rare and disastrous events, causing a rush to allocate funds and efforts to safeguard against them. HMS’s Integrated Business Resilience Program is part of a comprehensive SRM program, which allows a more reasoned and less emotional understanding of the universe of business risks faced by HMS. This program produces efficiencies with regards to how HMS reacts to catastrophic risk.

ISE® North America Project Award Finalists 2015 - Financial Category

ADP
Integrated Application Security Testing (IAST)
Executive Sponsor: Roland Cloutier, Chief Security Officer, ADP
Project Team: V.Jay LaRosa, Chris Olsen, Atanas Dimitrov, Craig Butler, Owen Buckingham, Joseph Kraft, Manmadh Kancharla, Devi Nekkanti, Raghunath Kunta, Nagasuman Veeranala, Ramakrishna Marella and Sumeet Lakhwani.
Location: Roseland, NJ

In order to support ADP’s continuing drive to increase the speed of our software development release cycles, we have implemented an integrated automated application security testing technology into our quality assurance testing processes. This technology provides the following benefits:

  • Provides continual analysis of application code running Java or .NET
  • Finds vulnerabilities in real-time
  • Allows development teams vision into potential security issues as code is moved into the QA environment
  • Allows for minor release testing to be performed without direct interaction with the security testing team
  • Simple to install with little performance overhead
  • Automated library monitoring and inventory for vulnerability management


Janus ElasticSearch Security Visualization Engine
Executive Sponsor: Joseph McComb, Director, Information Security
Team Members: Todd Garrison, Enterprise Security Specialist
Location: Denver, CO

Janus utilized Elasticsearch, Logstash and Kibana (big data technologies) to drive an internal security analytics program. The open source tools were used to pull in relevant security log information and provide an interface to rapidly search security relevant information. The project had zero dollar cost in software licensing and reduced incident response times by fifty percent.