ISE® North America Leadership Summit and Awards 2018

Information Security Executive of the Year Awards

The ISE® North America Leadership Summit and Awards was held November 8-9, 2018 at the Summit Chicago and Hyatt Regency Chicago in Chicago, IL. The awards recognize the information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security.

The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions.

Unique to the ISE® North America Awards, both executive and project divisions offer recognition within industry classification, including Commercial, Financial Services, Health Care and Academic/Public Sector.

ISE® North America Executive: Academic/Public Sector Award Winner 2018

Helen Patton

Helen Patton
CISO
The Ohio State University
Biography



ISE® North America Executive: Commercial Award Winner 2018

Noopur Davis

Noopur Davis
EVP, Chief Product and Information Security Officer
Comcast Corporation
ISE® Northeast Executive of the Year Award Winner 2018
Biography



ISE® North America Executive: Financial Award Winner 2018

Jason Witty

Jason Witty
Managing Director, Global Chief Information Security Officer
JPMorgan Chase & Co.
ISE® Central People's Choice Award Winner 2014
ISE® North America People's Choice Award Winner 2014
ISE® North America Executive: Financial Award Finalist 2017
ISE® Central Executive of the Year Award Winner 2018
ISE® Central People's Choice Award Winner 2018

Biography



ISE® North America Executive: Health Care Award Winner 2018

Nicole Darden Ford

Nicole Darden Ford
Vice President, IT – Global Information Security & Chief Information Security Officer
Baxter International
ISE® Central Executive Award Finalist 2018
Biography



ISE® North America Project: Academic/Public Sector Award Winner 2018

columbia
Rebuilding Identity Access Management for the 21st Century
Executive Sponsor: Medha Bhalodkar, CISO
Project Team: Chuck Eigen (IT Security & IAM Program Director), Chris Dowden (Director, IAM Management), R. Andrew Johnston (Mgr. IAM Technical Team), Jeff Eldredge (Mgr. IAM Lenel & Functional Team), Neil Meyer (Functional team & BA), Dan Ellentuck (Developer), August Visco (Developer), Ben Beecher (Developer), Mohammed Rahman (Developer), Mike Morales (Lenel Systems Lead), Steve Cramer (Lenel Systems Lead), Charlie Wu (Enterprise Active Directory Engineering), Marly Miller (Business Analyst), Phil Blake (Mgr, Client Device Engineering), Niles Patel (Mgr, Email Systems), Dan DeStefano (Email Systems Lead)
Location: New York, NY

At Columbia University, with history of 264 years, IAM had evolved as needed. IAM included Open LDAP, 880,000 users in Kerberos for authentication, 28 Active Directories at schools, and Lenel physical access system across campus, all operating in silos making it difficult to ensure secure, synchronized IAM across Columbia. In the last 18 months, in this project, we built secured Enterprise Active Directory (EAD) consolidating individual ADs with unified authentication, added MFA, implemented web applications SSO, provided group management, supported Shibboleth (SAML) for industry SSO, linked IAM to physical access management system Lenel, and achieved InCommon “SIRTFI” ID flag status.



georgia dor
CISO Sentinel Security and Compliance Risk Management Platform
Executive Sponsor: Wes Knight, CISO
Project Team: Chris Austin, Information Security Analyst, Larry Faulkner, Information Security Analyst, Jan Gaines, Information Security Analyst, Tavaris Lundy, Information Security Analyst, Joe Bellott, Information Security Analyst, Wes Knight, Chief Information Security Officer, and Steve Hodges, Chief Disclosure Officer
Location: Atlanta, GA

The Georgia Department of Revenue Office of Information Security is responsible for securing a threat and regulatory landscape that encompasses multiple Federal mandates and 3rd Party Information Service providers. This project implemented a security and compliance risk management platform, CISO Sentinel, to capture operating efficiencies in management of the program. Using continuous monitoring and management, the platform enables greater control of cybersecurity risks by effectively managing the processes associated with obtaining, identifying, processing and aggregating key information. Significant elements of the project focused upon prioritizing the review of critical security alerts, automating governance processes, eliminating redundant silos, and streamlining compliance and management reporting.



ISE® North America Project: Commerical Award Winner 2018

shell
Digital Transformation (IAM): Enterprise User Access Management/Shell Identity Management (EUAM|SIM)
Executive Sponsor: Scott Haynes, Enterprise IAM Programme Director
Project Team: David Fannon, Access Management, Special Projects and Michael Holste, IAM Program Manager
Location: Houston, TX

As part of a Digital Transformation initiative centered on Identity and Access Management, this project focuses on both enterprise access governance and enterprise access management. This initiative has two components: Enterprise User Access Management (EUAM) and Shell Identity Management (SIM). The project aims to automate the various security controls within Shell for all business-critical applications. This would bring all business-critical application on a common platform in terms of access management. The goal is to bring in the complete Segregation of Duties (SOD) ruleset of Shell under an automated platform to manage SOD, which is currently being done using spreadsheets or legacy tools. This will help enable automated certification campaigns for 60,000 users across the globe and insure compliance and satisfaction of audit requirements.

ISE® North America Project: Financial Award Winner 2018

horace mann
Blend the NOC and SOC Together, Creating an Integrated Operations Center (IOC)
Executive Sponsor: Sandy Figurski, Sr. Vice President and CIO, Horace Mann
Project Team: Eddy Wilson; Sr. Information Security Architect, James Bantner; Sr. Cyber Analyst, Tyler Gladu; Cyber Analyst, and Bryce Combs; Cyber Analyst
Location: Springfield, IL

Horace Mann set out to merge their NOC and SOC together into a single, blended platform creating an IOC (Integrated Operations Center) - one platform ingesting two environments. The team introduced security orchestration, automation and incident response tools to replace antiquated manual processes. This allowed them to meet mandated governance and compliance and decrease auditor enhanced fatigue. In parallel, the project delivered metrics driven report functionality for risk management that allowed newly created operational activities to be identified, addressed, and aligned to support Horace Mann’s business goals and objectives, including, meeting regulatory compliance for oversight transparency.



ISE® North America Project: Health Care Award Winner 2018

childrens
Mobile Clinician Project
Executive Sponsor: Jeremy Meller, VP IS&T
Project Team: Heath Baker, Team Lead, Field Services (SR), Robert Covington, Manager, Cyber Security, Frank Grogan, Sr Cyber Security Analyst, Jamie Hobbs, Sr Applications Analyst, Desiree Jennings, Project Manager, Atul Kanvinde, Director IS Business Partnerships, Clinical, Mike Kendall, Team Lead, Field Services, Jeremy Meller, VP IS&T, Stoddard Manikin, CISO, Brandon Potvin, Applications Advisor, Josh Sears, Senior Applications Analyst, Justin Shelf, Applications Analyst, and Sarah Thomas, Manager Optimization & Support
Location: Atlanta, GA

To improve clinician to clinician communication, Children's Healthcare of Atlanta replaced the existing hospital communication solution to provide enhanced services, including: bar code scanning, secure messaging and integration with Epic. The purpose of this project was to develop and implement the necessary clinical and infrastructure components to improve operational workflows in order to provide a seamless and secure means of communication and medication administration documentation. Objectives included providing secure messaging compliance, increasing mobile efficiency of nurses and clinicians, improving communications effectiveness between caregivers, integrate alerting, nurse-call, and bed-management, and reducing the number of devices needed for the care process.



ISE® North America People's Choice Award Winner 2018

Steve Kozman

Steve Kozman
Chief Information Security Officer
Athene Annuity-Life Assurance
ISE® Northeast People's Choice Award Winner 2018



ISE® North America ISE® Luminary Leadership Award Co-Winners 2018

Roland Cloutier

Roland Cloutier
CVP, Chief Security Officer
ADP
ISE® Northeast Executive Award Winner 2012
ISE® Northeast People's Choice Award Winner 2012
ISE® North America Commercial Executive Award Winner 2012
ISE® North America Executive Award Winner 2014 - Financial Category
ISE® Luminary Leadership Award Co-Winner 2018

Biography
T.E.N. Success Story


Garrison Hu

Gene “Spaf” Spafford
Professor of Computer Sciences and Executive Director Emeritus of CERIAS
Purdue University
ISE® Luminary Leadership Award Co-Winner 2018
Biography


ISE® North America Executive: Academic/Public Sector Award Runner-Up 2018

Medha Bhalodkar

Medha Bhalodkar
CISO, Enterprise IT Risk Officer
Columbia University
ISE® North America Executive Award Winner 2015 - Academic/Public Sector Category
ISE® North America Executive Award Winner 2016 - Academic/Public Sector Category
ISE® Northeast Executive Award Finalist 2018

Biography



ISE® North America Executive: Commercial Award Finalists 2018

Eppinger_Gary Gary Eppinger
Global CISO and Corporate Privacy Officer
Carnival Corporation & plc
Biography

Chuck Markarian

Chuck Markarian
CISO
PACCAR
ISE® West Executive of the Year Award Winner 2018
ISE® West People's Choice Award Winner 2018

Biography


McBee_Scott

Scott McBee
Information Security Executive (CISO)
Darden Restaurants
ISE® Southeast Executive Award Winner 2018
Biography



ISE® North America Executive: Financial Award Finalists 2017

Marc Crudgington

Marc Crudgington
CEO, vCISO, Founder, Author
CyberFore Systems Corp.
ISE® Central Executive Award Finalist 2019
ISE® North America Executive: Financial Award Winner 2019

Biography


James Quadarella

James Quadarella
Managing Director, Head of Cybersecurity Operating Office
MUFG Union Bank N.A.
ISE® Northeast Executive Award Finalist 2018
Biography



ISE® North America Executive: Health Care Award Finalists 2018

Fred Kwong

Fred Kwong
Director, Information Security (CISO)
Delta Dental Plans Association
Biography


Alden Sutherland

Alden Sutherland
Chief Information Security Officer
AmerisourceBergen
ISE® Northeast Executive Award Finalist 2018
Biography



ISE® North America Project: Commercial Award Finalists 2018

ncr
Security Vision 20/20
Executive Sponsor: Bob Varnadoe, CISO
Project Team: Randy Conner, Director, Threat Detection and Response, Kumaran Rajasekaran, Manager, Security Operations, Alex O’Brien, SIEM Engineer, Shivangi Rai, SIEM Engineer, and Saurabh Aggarwal, SIEM Engineer
Location: Atlanta, GA

Security Monitoring can be one of the trickiest and resource intensive tools to deploy well. With a quickly maturing security program, NCR saw a gap in the visibility of its monitoring program. With thousands of severs, applications, network gear and SaaS solutions to monitor, we needed a good solution for gaining this visibility and an extensive way to onboard, track and alert on the thousands of logging points in our environment. Working with our third party MSSP we put in place a program to allow a robust set of tools to do just that.

t-mobile
Cybersecurity Transformation: Shifting Security LEFT
Executive Sponsor: Sudharma Thikkavarapu, Senior Manager, Cybersecurity
Project Team: Garrison Hu (Principle Engineer), Griffin Howlett (Associate Engineer), Tucker Sneed (Associate Tech-X Intern), and Ye Eun Chae (Intern)
Location: Bellevue, WA

With increasing demand to support the UnCarrier, there was a growing desire to implement an enterprise solution where technology could develop and deploy solutions at accelerated speeds. The solution “Shifting Security LEFT” integrates the speed of secure development capabilities such as developer education, security diagnostic tools, and integrated security testing with current agile development techniques. Effectiveness is determined by comparing data-driven security metrics against performance KPI’s. This enables leadership to make bold UnCarrier business decisions with the confidence that security is in the development DNA.

ISE® North America Project: Financial Award Finalists 2018

adp
Aletheia
Executive Sponsor: Roland Cloutier, Staff Vice President, Global Chief Security Officer
Project Team: James Lugabihl (Director, Execution Assurance), Marta Palanques (Security Lead Consultant, Execution Assurance), Borja Gullon (Security Lead Consultant, Execution Assurance), Ioana Hurubeanu (Security Consultant, Execution Assurance), AJ Anand (Director, Business Operations), Lokeshkumar Polamarasetty (eGRC Archer & Security Application Developer), Nagakiran Gogineni (eGRC Archer & Security Application Developer), Zac Haas (Sr. Director, Sales Operations)
Location: Roseland, NJ

The project was set out to build a self-service reporting platform to provide a comprehensive operational view of the ADP Global Security Organization (GSO)’s portfolio of services and an understanding of the risk posture from the business point of view. This project aimed to identify, correlate and visualize reliable data and information needed for decision makers to understand risk, determine the value of their security investments, and make it consumable by allowing users to navigate it visually and explore relationships.

us bank
Access Management: Unified Next Generation Identity Governance Across U.S. Bancorp
Executive Sponsor: Jason Witty, EVP & CISO
Project Team: Linda Anderson (Information Security Specialist), Udaya Annae (Project Manager), Cynthia Bahr (Information Security Director - Identity and Access Management), Theresa Baker (Information Security Specialist), Mike Betz (Initiatives Manager), Chris Branson (Identity Engineer), Derek Dahlen (Director, IAM Lifecycle, Delivery & Controls), Scott Deery (Project Manager), Ronda Deutsch (Initiatives Manager), Traci Drapela (Admin Manager, Information Security), Dale Erickson (Information Security Specialist), Alex Friedrichsen (Information Security Specialist), Brian Griffin (Manager, Information Security), John Hunter (Information Security Services PMO Portfolio Lead), Melissa King (Initiatives Manager), Jaime Lopez (Information Security Specialist), Rebecca Lower (Information Security Specialist), Mary Maflin (Information Security Specialist), Brenda McCauley (Information Security Specialist), Beatrice “Yvonne” McRae (Project Manager), Nikki Myers (Manager, Information Security), Amy Nicholas (Information Security Specialist), JoAnn O’Rourke (Senior Manager, Information Security), Dickson Oyaro (Business Analyst), Gboyega Oyeymi (Manager, Information Security), Edward Palmer (Information Security Specialist), Doug Ritari (Application Developer), Molly Rolland (Information Security Specialist), Becky Schmitz (Business Analyst), Mustafa Syed (Information Security Tech Consultant), Russ Terrell (Information Security Specialist), Indiran Thirumani (Senior Manager, Information Security), Paul Urevig (Information Security Specialist), Phil Vander Haar (Senior Manager, Information Security), Zachary Varner (Information Security Specialist), Jeff Wheaton (Information Security Specialist), Chase Williams (Admin Manager, Information Security), and Jason Zajicek, Manager (Information Security)
Location: Naperville, IL

This project sought to rollout a centralized Identity and Access Management platform across U.S. Bancorp. The platform, “Access Management,” provides solutions to key workflows including, user access requests and approvals, automated provisioning via connectors, certifications for user access, role owner and entitlement owner reviews, manual provisioning queue management, and preventative SOD (Separation of Duties). The platform replaces multiple applications, delivering a reduction in costs, labor and redundant governance and controls. Additionally, it more efficiently supports the “least access” principle and reduces the number and frequency of audit findings related to identity, access, and elevated privileges.

ISE® North America Project: Health Care Award Finalists 2018

aetna
The Aetna Entitlements, Identity, & Risk System (AEIRS)
Executive Sponsor: Kurt Lieber, Vice President, CISO, Global Security Aetna Core, Aetna
Project Team: Jon Backus (Product Manager), Candice Chang, Jason Cruces, Shazia Khan, Jeffrey Graff, Jeffrey Harris, Nathan Harris, Cheryl McCarthy, Angelique Nix, and Barbara Troutman
Location: Phoenix, AZ

The team at Aetna is using leading-edge technology that uses machine learning to provide early detection of anomalies in user behavior. The Aetna Entitlements, Identity, & Risk System (AEIRS), is a User and Entitlement Behavior Analytics (UEBA) program that evaluates millions of event records looking for anomalous or unusual behavior and alerts when detected. The analytics engine, AEIRS, determines and tracks normalized behavior for every Aetna user and then uses it to look for abnormal breaks from pattern, as well as rules-based criteria through behavior models. It also calculates a risk score for each individual user that has access to an Aetna system. The risk scores will change based on anomalous or unusual behavior detected by a model. The models and risk scores can then be used to trigger control changes in real-time.

hms
Business Resilience – Changing the Culture from Continuity to Resilient Enterprise
Executive Sponsor: Scott Pettigrew, VP and Chief Security Officer
Project Team: Latasha Robinson, George Macrelli, and Tosha Terry-Lee
Location: Irving, TX

From integration, to automation, compliance to communication, the HMS Business Resilience Program is an integrated enterprise wide program that applies automation for monitoring world events, including HMS infrastructure technology, such as, servers, networks, and assets. It provides consistent change monitoring and management by automating the updating of infrastructure changes for their business impact analyses and recovery procedures. It allows HMS to demonstrate compliance with HITRUST, ISO, and SOC frameworks, which ensures the standardization of control information. This cultural shift positioned HMS in pursuing a ‘Resilient Enterprise’ designation from an international continuity program leader.