Commercial Category
AT&T Threat Manager with Log Analysis
Executive Sponsor: Noelle Bloomfield, Senior Public Relations Manager, AT&T
Project Team: Jason Porter – Vice President, Security Solutions, Alex Cherones – Director, Security Solutions, John Chi – Lead Product Marketing Manager, Security Solutions, Justin Knapp – Lead Product Marketing Manager, Security Solutions, Tina Deljavan – Lead Product Marketing Manager, Security Solutions, Jason Miller – Lead Product Marketing Manager, Security Solutions, Trevin Tipler – Product Marketing Manager, Security Solutions, Scott Corbin – Lead Product Marketing Manager, Security Solutions, Matt Dugan – Director, Data Insights, Big Data, Ronen Kahana – Principal, System Engineer, Big Data, Johan Muedsam – Principal, Big Data Software Systems Engineer, Ellie Ordway-West – Professional Data Scientist, Big Data, Seretha Stern – Principal, Business Management, Big Data, Austin Hensley – Principal, Big Data Software Engineer, Jay Whitehurst – Director, AT&T Technology Development, Karin Lesica – Senior Technology Solutions Manager, Catherine Wood – Principal, Product Development Engineer, Jhopi Thornton – Professional Technology Project Management, Avi Gefen – Director, Research Technology Management, Erez Korn – Principal, Application Design, Lior Horn – Lead Project Manager, Data/P, Roi Levi – Senior Specialist, Project Management, Data/IP
Location: Dallas, TX
AT&T Threat Manager with Log Analysis is equipped with more than a suite of security services – it is fueled by the security foundation built from the people, processes, products and tools that form AT&T’s security backbone. As the brains behind their security services, Threat Manager with Log Analysis provides unparalleled visibility into the data patterns and threat activity across AT&T’s network, helping businesses customize their security to meet their needs. It uses multitudes of unique threat signature data streams, analytics and intelligence to help detect known and potential threats. And, Threat Manager with Log Analysis is constantly learning to adapt to the latest global security issues.
Security Operations – Security Incident Response Management
Executive Sponsor: Chris Merkel, Director, Information Security, Brunswick Corporation
Project Team: Steven Eisen (Security Analyst), Dan Matasek (Director, Infrastructure Operations)
Location: Fon Du Lac, WI
Brunswick was not able to quickly identify and respond to security threats, the resolution delay and lack of automated remediation was costing the company money. They had a challenge around risk prioritization and efficiency of resolution for alerts and the automation remediation. Brunswick needed a solution with the ability to aggregate, prioritize, and route any security risks to the appropriate resource for fast remediation. Their Security team wanted to solve this problem by leveraging existing technologies and helping to reduce overall costs for the business.
Cyber Value at Risk
Executive Sponsor: Myrna Soto, Corporate SVP Chief Technology Risk Officer & Global CISO, Comcast
Project Team: Chuck Hudson, Executive Director
Location: Philadelphia, PA
Comcast’s Cyber Value at Risk program, executed using Bay Dynamics’ Risk Fabric platform, enables the company to continuously protect its most valued assets (data, systems and applications) by quantifying the impact of cyber risk based on actual threat and vulnerability data in the environment, and then prioritizing mitigation actions based on those activities that directly address the established risks. The platform automatically delivers relevant threat and vulnerability information to an array of stakeholders responsible for the involved mitigation and continuously measures how much risk is being reduced due to the actions taken. Importantly, Risk Fabric better enables the security team to direct their fixed resources at the most important, and potentially costly, exposures.
Home Depot Deception Project
Executive Sponsor: Sarath Geethakumar, Sr. Director IT Security, The Home Depot
Location: Atlanta, GA
The Home Depot’s growth strategy involves an active acquisition strategy. A key priority in their integration strategy is to establish visibility into the acquired entities networks to understand vulnerabilities that may exist. This retail organization was actively investigating and assessing the security controls of their broader affiliate organization, and focused on elevating and standardizing security controls and governance across these subsidiaries. The Home Depot Info Sec team proactively partnered with all acquisitions to elevate their security capabilities to industry cutting edge solutions by deploying advanced deception and early detection systems. This approach would help them collectively gain needed visibility to quickly detect cyber attackers. Specifically, as a part of deploying deception, they established the capabilities to detect hidden or time triggered malware that could move laterally across the affiliate networks, identify tactics being taken to compromise endpoints relying on stolen credentials to escalate privileges and compromise the environment. This proactive approach helped them develop a light weight but highly effective and scalable security strategy across distributed subsidiaries that helps protect the integrity of the environment to maintain high customer confidence, customer loyalty, and revenue generation intended from these acquisitions.
Active Threat Monitoring and Response
Executive Sponsor: Brian Philips, VP, IT and Information Security, Macy’s Systems and Technology
Project Team: Gene Casady , Manager, Threat Response, Lance Dortch, Systems Specialist, Threat Response, Stephen Seljan, Systems Specialist, Threat Response, Randy Farmer, Sr. Analyst, Threat Response, Nick Gibbs, Sr. Analyst, Threat Response, Stephen Mcvey, Threat Analyst, Jessica Pepper , Threat Analyst, Tony Richardson , Threat Analyst, Marvin Tyner, Threat Analyst, Joey Shotton, Sr. Threat Analyst, Brian Jordan, Threat Analyst, John Scarbrough, Threat Analyst, Heidi Rolleston, Threat Analyst
Location: Johns Creek, GA
Macy’s set out to establish and implement a Threat Monitoring and Response Center that would actively monitor and respond to security threats 24 hours a day, 7 days a week. This team would be tasked with implementing, tuning, and monitoring new technologies that would give them the ability to detect, alert, and respond to security threats in near real-time. This team would be staffed with the expertise needed to cover all technical aspects of threat detection, incident response, and malware forensics.
Global Information Security Awareness Program (Communications & Training)
Executive Sponsor: Bob Varnadoe, Chief Information Security Officer, NCR
Project Team: Erin Filimon, Communications & Training – Global Information Security
Location: Duluth, GA
The Global Information Security Awareness Program (Communications & Training) is an enterprise-wide effort to educate and increase information security awareness for ~40,000 NCR employees and contractors. The program builds NCR employee awareness and engagement through training, email campaigns and marketing collateral.
Centralize Branch Office Security Management
Executive Sponsor: Justin Fredericks, Director of Information Technology, Sandy Alexander
Project Team: Lee Huy Nguyen, IT Systems Administrator, Sharon Pratt, Vice President of Human Resources
Location: Clifton, NJ
Sandy Alexander sought a more cost-effective and efficient security alternative to their MSSP for branch office security management. They needed to secure multiple branch office locations throughout the United States in a way that provided them with greater visibility and control over this distributed environment. They were especially frustrated with the service quality and response time of the MSSP and required a new, agile security approach. The team specifically wanted to find a solution to connect and secure their branch offices and vendors in a way that was more cost-effective, less complex, more agile and secure.
Next Generation Single Sign-On Program
Executive Sponsor: JoAnn Velez, Director, Electronic Security, Seagate Technology
Project Team: Hardik Sancheti (Senior Manager, Identity Management Infrastructure), Michael Hunter (Senior Manager, eSecurity), and Ragini Ramalingam (eSecurity Program Manager)
Location: Cupertino, CA
The NextGen Single Sign-On (SSO) program replaced Seagate’s previous SSO infrastructure to support Seagate’s zero trust security model. The project was necessary because the previous SSO infrastructure was vulnerable to a malicious insider who could acquire users’ SSO cookie in a “watering hole” attack. The project replaced Seagate’s SSO infrastructure with a secure platform that supports risk-based authentication and robust federation. The infrastructure was deployed across two data centers and two disaster recovery sites and included migrating over 150 applications and 50 federations (SSO across two or more domains / companies) with positive impact to Seagate’s business.
OneOps Security Framework
Executive Sponsor: Adam Ely, Vice President & Deputy CISO, Walmart
Project Team: Flavio Domingos, Luis Ocegueda, Brian Fennimore, Sruthin Parayil, Bhaskar Annamalai, Lev Khusid, Khushboo Lohia, and Niyati Gandhe
Location: San Francisco, CA
Walmart operates one of the largest cloud environments and leverages the open source tool OneOps to manage applications and operating systems. The OneOps Security Framework is an integration that allows applying security best practices and configurations to any application or operating system automatically at deployment to save time while meeting security and compliance requirements. The OneOps security framework is available to all industry users of OneOps through WalMart’s open source initiate.
Academic/Public Sector Category
Cook County Cyber Threat Intelligence Grid (CCCTIG)
Executive Sponsor: Katie Kolon – Executive Assistant, Cook County Department of Homeland Security and Emergency Management
Project Team: Katie Kolon – Executive Assistant, Tom Vari – Information Security Program Manager, Yilmaz Bal – Information Security Manager Risk and Compliance
Location: Chicago, IL
The Cook County Department of Homeland Security and Emergency Management, Information Security Office partnered with private sector organization Anomali in launching the Cook County Cyber Threat Intelligence Grid (CCCTIG). The CCCTIG is a collaborative project designed to strengthen the regions cybersecurity landscape through shared intelligence to effectively combat cyber-attacks. All CCCTIG participating municipalities have access to the secure platform which shares a wealth of cyber-threat intelligence along which includes bad actors, malicious campaigns and security incidents. CCCTIG members can publish threat intelligence to a circle of trust through a variety of formats via the platform.
Duo Two Factor Authentication Project
Executive Sponsor: Brad Sanford, CISO, Emory University
Project Team: Michael Chilcott, Sr. Security Specialist, Andy Efting, Manager, Elliot Kendall, Sr. Security Specialist, Vinh Nguyen, Security Specialist, Brad Sanford, CISO, Derek Spransy, Manager, Anne Marie Alexander, Sr. Manager, Joel Burke, Middleware Admin IV, Chris Alexander, Systems Admin IV, Darrell Durggin, Systems Admin IV, James Reed, Lead, Danny Bridges, Applications Integrator, Michael (Mo) Davidson, Manager, Kaven Moodley, Manager, Daniel Palmer, Applications Integrator, Dean Schuh, Manager, Vince Tran, Applications Integrator, Tom Vincent, Manager, Beth Broyles, Director, Lionel Clark, Assistant Director, Tom Kiel, Enterprise Solutions Architect, Natalie Mallard, Assistant Director, John Steskal, Virtualization Architect, Graydon Kirk, Project Manager II, Haniya Vaid, Project Manager, Gerry Hall, Middleware Admin III, Rose Harris, ITSM Specialist II, and Belinda Maaskant, Senior Manager
Location: Atlanta, GA
Emory’s Duo Two Factor Authentication Project was an aggressive effort to deploy two factor authentication to the entire Emory user community consisting of nearly 80,000 faculty, staff, students, and affiliated users, and to require the use two factor authentication for access to multiple enterprise class applications including VPN, Office 365, PeopleSoft Student, PeopleSoft HR, PeopleSoft Finance, Citrix Virtual Desktop, and Emory’s Shibboleth web single sign-on solution.
The DOR APT Project
Executive Sponsor: Wes Knight, Information Security Officer, Georgia Department of Revenue
Project Team: Chris Austin, Information Security Analyst, Larry Faulkner, Information Security Analyst, Jan Gaines, Information Security Analyst, Thehao Ngo, Information Security Analyst [THEE-how No], Mark Sanders, Information Security Analyst, Wes Knight, Chief Information Security Officer, Steve Hodges, Chief Disclosure Officer
Location: Atlanta, GA
The main project for DOR in 2016 was to install an APT (Advanced Persistent Threat) protection system. One key goal of DOR is confidentiality of taxpayer information. Government networks and critical infrastructure around the world are under a constant state of attack. The APT protection system is a behavioral analysis engine that examines behavior of various systems to provide protection. Installing appliances into LAN infrastructures detects attempted compromises via email and infected media to prevent and respond to breaches. This solution was extremely complex and required appliances installed at 13 different offices and required assistance from multiple vendors including AT&T, IBM (NADC), FireEye, Microsoft, Presidio, GTA.
HarvardKey Two-Step Verification Project
Executive Sponsor: Christian Hamer, CISO, Harvard University
Project Team: Dennis G. Ravenelle, Sr. Project Manager, Bill Knox, Associate CISO, Sandy Silk, Director, IT Sec. Cons. & Ed., Courtney Harwood, Director, Service Desk, Acacia Matheson, Sr. Communications Officer, Juliana DiLuca, Sr. Communications Officer, Tim Vaverchak, Director, IAM Product Ops., Tim Gleason, Directory Architect, Ken Schwartz, Sr. Developer
Location: Cambridge, MA
Information Security is a top priority for Harvard University. Not unlike their peers in higher education, Harvard has experienced a dramatic rise in recent years in the number of highly sophisticated cyberattacks aimed at their community members, systems, online resources, and networks. At the outset of fiscal year 2017, University senior leadership decided to accelerate the roll out of two-step verification for all VPN access and on HarvardKey (Harvard’s primary identity and access management system) for some 65,000 users to be completed by Thanksgiving recess – less than 20 weeks. Originally, the effort was planned to be completed over several years.
NextGen Cybersecurity
Executive Sponsor: Steve Ferguson, Chief Information Officer, Technical College System of Georgia
Project Team: Steven Ferguson – Chief Information Officer, Charles McCants – IT Manager, Michael Clough – Information Security Specialist, Daniel Black – Director, Infrastructure Engineering
Location: Atlanta, GA
TCSG established a perimeter security system that enhanced the overall security for 22 colleges spanning 85 campuses. Firepower enhances security through multiple layers of the ASA’s Next Gen Firewall Platform. This architecture allowed TCSG and its colleges to no longer worry about TCP connection limit issues that were common in the previous system. Firepower increased flexibility with deploying devices and firewall monitoring locations. Firepower accomplishes all of this while still providing a familiar interface for TCSG college staff.
Cyber-Incident Detection and Response in the United Nations Development Programme (UNDP)
Executive Sponsor: Paul Raines, CISO, United Nations Development Programme
Project Team: Alexey Kuzmenko, Security Analyst
Location: New York, NY
UNDP’s cyber-incident response team significantly upgraded its capabilities to become an international model of best practice. First, it developed an in-house system that pinpoints potential compromises by comparing known malware indications with the security traffic feeds from UNDP’s 177 country offices. Second, it developed a threat intelligence and web site scanning capability to identify potential risks to the organization. Third, the incident response team improved its readiness by developing global in-house exercises and participating in international capture-the-flag competitions. Finally, the cyber-security team sponsors annual international conferences to train IT personnel from developing nations. Thus, in short time UNDP has become a center of excellence among non-profit international organizations.
Providing Cost-Effective Cybersecurity Governance, Risk and Compliance in the United Nations Development Programme (UNDP)
Executive Sponsor: Paul Raines, CISO, United Nations Development Programme
Project Team: Alexey Kuzmenko, Security Analyst
Location: New York, NY
The UNDP cyber-security team undertook an extensive project to improve its cyber-security GRC. First they executed a risk assessment which included risk mitigation actions and assigned owners. Second, they developed a workflow application to send quarterly reminders to risk owners for timely updates. Third, they developed a compliance survey for IT managers in the 177 country offices. Fourth, they improved cloud security governance by implementing a cloud access control and risk-based, second factor authentication system. Lastly, they executed a project to comply with the SWIFT security controls framework and plan for future upgrades. Thus, over the past year UNDP has evolved its cyber-security GRC to become a best-of-breed model.
Financial Services Category
Going Agile, Securely
Executive Sponsor: Todd Fennell, VP, Information Security, American Express
Location: Phoenix, AZ
Cloud services are an integral part of American Express’s IT strategy – especially for their move to an agile development methodology. Security needed to support the business by enforcing cloud security policies globally and providing a secure collaboration solution. By implementing a cloud access security broker (CASB), American Express tangibly reduced their risk from Shadow IT and securely enabled a standard cloud-based collaboration platform for thousands of developers.
City National Bank E-mail Authentication as a Service
Executive Sponsor: Karl Mattson, CISO, City National Bank
Location: Los Angeles, CA
City National Bank was concerned about bad actors sending emails to their employees and customers pretending to be from the bank. They were also concerned about damage to their brand caused by Phish/Spam sent as them. CNB Implemented Email Authentication using the DMARC standard which ensures that any emails sent anywhere in the world purporting to be the bank would be blocked by the recipient’s email systems.
The Cybersecurity Service Desk
Executive Sponsor: Rohan Amin, Global CISO, JPMorgan Chase & Co.
Project Team: Vincent Infantino (Cybersecurity Service Delivery), John Wyatt (Service Desk Manager, Chelsea Weng (Generalist), John Rafer (Generalist), Simon Ahsan (Generalist), James Kho (Generalist), Michael Bobby (Performance and Metrics)
Location: New York, NY
JPMorgan Chase continues to make Cybersecurity awareness a priority, and as a worldwide leading financial services firm, an innovative approach has been adopted to ensure that Cybersecurity is at the forefront of every employee’s considerations. Through the Cybersecurity Service Desk project, the firm created an internal tool for employees that serves as a single point of contact providing educational materials about cyber safety, ways for employees to get help for cyber-related questions or incidents and enabling an easy way for employees to escalate issues.
The Vulnerability Scoring Model (VxSx) Project
Executive Sponsor: Rohan Amin, Global CISO, JPMorgan Chase & Co.
Project Team: Dave Robinson – Managing Director, Martin Dawson – Executive Director, Venkat Seshadri – Executive Director, Graham Hill – Vice President, Andy Graham – Vice President
Location: New York, NY
Today organizations are faced with the constant threat of exploit through vulnerabilities in underlying technologies. As hardware and software vulnerabilities are discovered, firms have traditionally prioritized remediation efforts based solely on the criticality rating of the vulnerability. In a complex enterprise environment such as JPMorgan Chase, this approach falls short as it fails to consider business context of the targeted assets. The Vulnerability Scoring Model combines the criticality of the vulnerability (Vx) within the context of business impact at JPMorgan Chase (Sx) to quantify risk and set an informed, targeted remediation path.
Square E-mail Authentication as a Service
Executive Sponsor: Chris Giard, Online Data Manager, Square, Inc.
Location: San Francisco, CA
As a financial services company, Square wanted to ensure that their customers were not subject to bad actors sending emails that purported to be from Square. They also wanted to ensure that only third party senders and internal systems that were in accordance with Square’s corporate compliance program are allowed to send emails as Square. Square implemented Email Authentication using the DMARC standard which ensures that any emails sent anywhere in the world purporting to be the bank would be blocked by the recipient’s email systems.
Elevating Corporate Crisis Management
Executive Sponsor: Terry Schade, Head of Resiliency, SunTrust Bank
Project Team: Libby Mahaffey (Crisis/Incident Response Manager), Richard McClure (Business Continuity and Recovery Strategies), and Tina Klaskala (Crisis Management Analyst)
Location: Atlanta, GA
With ever-changing threats and a need for timely informative decision-making at the highest level, SunTrust needed to enhance its corporate crisis management program. The key objectives of the Crisis Management program are timely communication, fastidious awareness, and appropriate engagement to manage crisis incidents. In order to operate effectively during a significant impacting event, the overall program needed to be renovated through improving their training system and expanding the existing tabletop exercise to include senior managers and C-level executives in a full simulation of a crisis situation.
The Process Alignment and Risk Management Enhancements (PARE) Project
Executive Sponsor: Jason Witty, CISO, U.S. Bancorp
Project Team: Marcia Peters – Information Security Governance, Risk & Compliance Executive, Arisbe Gardner (A-reese) –Senior Manager of Information Security, Adam Maslow – Information Security Director, Anna Pedersen – Senior Manager of Information Security, Michele Kaplan Clinard – Senior Manager of Information Security, Thoralf Symreng – Senior Manager of Information Security, John Kuisle – Senior Manager of Information Security, Rebecca Benson – Manager of Information Security, Dan Bohen – Senior Risk, Compliance & Audit Manager, Steve Casper – Risk, Compliance and Audit Manager, Mike Murray – Senior Risk, Compliance & Audit Manager, Lue Vue - Risk, Compliance and Audit Consultant, Kathleen Palmer - Risk, Compliance and Audit Consultant, Derek Tracey - Risk, Compliance and Audit Consultant, Molly Cook – Risk, Compliance and Audit Manager, Brian Rossmann – Senior Risk, Compliance & Audit Manager, Janet Lerch - Chief Continuity/Technology Risk Executive, Kathy Aultom – Information Security Risk & Compliance Analyst, Tammi Burr- Senior Information Security Specialist, Alicia Marshal (A-lee-see-a) – Information Security Risk &Compliance Analyst, Maureen Meyer – Senior Manager of Information Security, Aaron Neville – Information Security Risk &Compliance Analyst, Jan Morey – Manager of Information Security, Jonathan Kitchin – Manager of Information Security, Alex Duzan – Manager of Information Security
Location: Naperville, IL
US Bank take steps every day to be the most trusted choice in their industry, and that commitment extends to their information security efforts. The Process Alignment and Risk Management Enhancements (PARE) project sought to mature the Information Security program and create a more robust control set. The project started with a pilot of high risk processes in which US Bank identified the need to be more granular at the process level and the need to work hand in hand with the oversight teams. The objective of the PARE project was to document information security processes, risks, and controls and align to the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF). NIST CSF was used in order to define program completeness.
Western Union Mobile Threat Defense Project
Executive Sponsor: David Levin, Information Security and End User Enablement Leader, Western Union
Project Team: Tim Smith, Sr. IT Manager of End User Computing (EUC) and Corporate Information Security (CIS)
Location: Englewood, CA
Western Union is a huge proponent of empowering their end users via mobile devices, and in 2016 they wanted to make sure they had a strong mobile threat defense solution in place that would properly safeguard their employee’s mobile devices and data. To accomplish this, they required a solution which provided protection across the most common mobile threat vectors- malware, malicious networks, and OS/configuration vulnerabilities- and which was easy to deploy and manage, offered in-depth reporting and analysis, protected devices in real-time, and could mitigate threats automatically.
Health Care Category
Distributed Controls: Managing Security differently Across 15 Organizations
Executive Sponsor: Jim Routh,Chief Security Officer, VP of Global Security, Aetna
Project Team: Mignona Cote - SR Director, Information Security, CISO PayFlex; CISO Phoenix Data Center Services, Jeannette Rosario, Directory, Global Security, Karen Barlow, Program Business Analyst, Glenda Lopez, Sr. Information Security Engineer
Location: Hartford, CT
As daunting as securing a Fortune 50 company, adding fourteen independently operated affiliates (subsidiaries) to the mix, stretches leadership and innovation. Resiliency to market demands, continuous change in threats and fourteen completely different companies ranging from financial services, international markets and consumer healthcare forces the Global Security Officer to manage fourteen security programs uniquely while leveraging core Aetna techniques and solutions. At Aetna, a model was developed to identify risks, measure maturity and implement solutions maintaining the unique DNA of each company while assuring the security as they operate within the boutique styles required for competitive advantage and speed to market.
Aflac Deception Project
Executive Sponsor: DJ Goldsworthy, Sr. Manager Threat & Vulnerability, Aflac
Project Team: James Harris- Sr. Threat Management Consultant
Location: Columbus, GA
Despite a very mature security posture and high-end cybersecurity technology in their network, Aflac wanted to implement a deception based solution that would help them address a gap in their ability to early and accurately detect advanced threats that were inside their network. They adopted deception, and by deploying it comprehensively across their environment, have been able to flip the playing field and create an environment saturated with pitfalls that a threat actor now has to evade with 100 percent accuracy to evade detection.
Threat Intelligence System (TIS)
Executive Sponsor: Tim Callahan, SVP, Chief Information Security Officer, Global Security, Aflac
Project Team: DJ Goldsworthy – Director, Threat Intelligence, John D’Agostino – Threat Management Consultant, James Harris – Sr. Threat Management Consultant, Gareth Williams – Sr. Threat Management Consultant, Joshua Staples – Threat Management Engineer, Stephen McCamy – Sr. Threat Management Consultant, Ben Harbin – Sr. Threat Management Consultant
Location: Columbus, GA
In response to the increase in volume and velocity of new threats, Aflac embarked upon a mission to create a custom-built TIS that would be capable of consuming large amounts of threat data and, in turn, use that data to protect the environment and inform security decisions. Aflac built a system that not only tackles the daily operational feed of threat data, but provides key process automation and allows for system integration into the current security infrastructure for maximum use of the data.
Project Gateway
Executive Sponsor: Mike Towers, VP, CISO, Allergan
Project Team: Vadim Parizher – Exec Dir, Enterprise Architecture – Leadership/Design, Bill Thornton – VP, R&D/HR IT – HR, Sandy Dalal – Director, I&AM Services – I&AM, Elma Benevenga – Program Mgt, Dan Coan – Infrastructure, Gigi Lai – Data Management
Location: Rockaway, NJ
After 30+ acquisitions and divestitures in a 3 year period, the team at Allergan sought to completely rebuild, from the ground up, their entire identity & access management platform. This also included updating associated business processes for new hires onboard, contingent worker onboarding, baseline entitlements, provisioning/deprovisioning and access request/approval. Rather than pick an existing, incumbent solution and migrate over, the Allergan team decided to basically throw everything away and start over.
Cardinal Health Information Security Awareness Ambassador Program
Executive Sponsor: Talvis Love, SVP eCommerce, Enterprise Architecture & CISO, Cardinal Health
Project Team: Jana Moore, Director Information Security, Marissa McDermid, Sr. Engineer Security Awareness, Melissa Curry, Mgr. Communications and Liza Robles, Supervisor and Ambassador of the year.
Location: Dublin, OH
With mergers & acquisitions adding additional countries and employees to Cardinal Health, as well as battling the increase in phishing and ransomware exploits, their information security team was under pressure to expand their security awareness reach globally. Cardinal Health’s mission was to take a young, mostly domestic focused security awareness program and expand it globally with a tight budget and few resources. With many thanks to a small global army of volunteers under their Information Security Ambassador program, they pushed corporate boundaries, and raised awareness in a very short amount of time. It was a labor of love for the Cardinal Health team, and took patience and dedication in collaboration and coordination with executives, facilities, IT leaders, branding, communications, HR, email teams, information security and more, to incorporate over 30,000 employees into our awareness activities.
Next Generation Authentication
Executive Sponsor: Talvis Love, SVP eCommerce, Enterprise Architecture & CISO, Cardinal Health
Location: Dublin, OH
A significant number of high profile security breaches have occurred recently, primarily due of stolen identities, causing a negative impact on reputation of the organization and resulting in huge financial penalties. In response to these threats, a comprehensive and layered approach to security and authentication is required to protect sensitive information and systems. The Next Generation Authentication project implemented a multi-factor authentication solution to address gap of identities being compromised and securing access to Cardinal Health’s applications and network.
Payment Card Security Project
Executive Sponsor: Stoddard Mankin, Director, Information Security, Children's Healthcare of Atlanta
Location: Atlanta, GA
Children’s Information Security believes that their pediatric patients and their families should focus on getting better today and healthier tomorrow, not worry about recovering from a data breach or stolen credit card. This project was initiated to ensure Children’s card-based payment processes are streamlined, risk-appropriate and reduce administrative overhead in complying with regulatory requirements. The project team assessed the current state of card-based payment processes, identified improvements needed, and deployed new technologies and strategic process changes throughout the organization.
[A.M.O.S.] Asset Management on Steroids
Executive Sponsor: Scott Pettigrew, VP, Chief Security Officer, HMS
Project Team: Scot Miller, Vice President, CISO, Kory Anderson, Manager, Security Operations, Sidd Kunche, Sr. IT Project Manager
Location: Irving, TX
Identity is the foundation of security. Without identifying the assets in their institution, leaders are forced to make generalized assumptions to apply security as a blanket instead of using a risk-based approach. An oversimplified view of asset management establishes a CMDB (Configuration Management Database), but AMOS (Asset Management on Steroids) goes beyond this by ensuring consistency of information for risk management, business operations reporting, and procurement services. This is not a “one-and-done” project. AMOS is a program that forces groups to document their processes, eliminate information silos, and establish standards. Ultimately, HMS will lower risk, save money, and meet compliance objectives.
[P.A.M.] Privileged Access Management
Executive Sponsor: Scott Pettigrew, VP, Chief Security Officer, HMS
Project Team: Scot Miller, Vice President, CISO, Michael Madero, Manager, Security Architecture
Location: Irving, TX
The objective of the HMS Privileged Access Management project is to gain insight and governance around the use of privileged accounts in the environment. While most may consider a privileged account, your basic “Windows Administrator” account, or UNIX-type “Root” account, there are many other accounts that act in a privileged capacity that are ignored. HMS’s achievement provides an automated request/provisioning mechanism for “firecall” ID/Passwords for troubleshooting, with appropriate oversight and auditing, as well as reducing credential exposures in application code.
Domain Security Platform
Executive Sponsor: Douglas Falduto, VP, Admin & Chief Security Officer, Horizon Blue Cross Blue Shield of New Jersey
Project Team: Damon Becknel (Chief Information Sec Officer), Alan Leung (Dir, Enterprise Security Arch), Rongzhong Zheng (Dir, IT Security Operations), Ronak Zaveri (Manager, IT Relationship Mgmt), Niraj Patel (Manager, Security Architecture), Dhiraj Chotrani (Cyber Security Analyst), Meghna Thakrar (Business Systems Analyst), Abdullah Oudeh (Infrastructure Analyst), Brian Lentini (Infrastructure Analyst), Ghias Minto (IT Security Analyst)
Location: Newark, NJ
Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) continuously seeks to advance its cyber security posture, and recently implemented the “Domain Security Platform” which automatically identifies, monitors and blocks potentially malicious, newly registered external domains and websites likely to pose an elevated risk to Horizon BCBSNJ. Project objectives were to reduce Horizon BCBSNJ’s visible attack surface to “unclassified” domains, and thus reduce the risk of malware infection, credential exploitation and data exfiltration to and from those sources.
Faster and More Secure with Cloud
Executive Sponsor: Douglas Falduto, VP, Admin & Chief Security Officer, Horizon Blue Cross Blue Shield of New Jersey
Project Team: Damon Becknel (Chief Information Sec Officer), Alan Leung (Dir, Enterprise Security Arch), Niraj Patel (Mgr, Security Architecture), Ghias Minto (IT Security Analyst), Frederick Kampf (Mgr, Sales IT Admin), Ronak Zaveri (Mgr, IT Relationship Mgmt), Christian Fry (Business Systems Analyst), John Fischer (Mgr, Enterprise Architect), Vishal Talak (Technology Architect)
Location: Newark, NJ
Horizon Blue Cross Blue Shield New Jersey moved to the cloud so its IT team could focus on providing better products faster, instead of managing infrastructure operations. The team has always been focused on providing the most secure solutions possible instead of accepting check-box compliance. They deployed Salesforce as their CRM and AWS as their IaaS provider, but realized they had critical security requirements that called for a dedicated cloud security solution. The security team deployed a CASB as a single control point for Shadow IT, Salesforce, and AWS – turning raw cloud data into risk-based actionable insights.
Moffitt Security Operations Center (SOC)
Executive Sponsor: Jennifer Greenman, VP of Information Technology and Chief Information Officer, Moffitt Cancer Center
Project Team: Dave Summitt, CISO, Hugh Percy, Spvr Cyber Security Ops, Dave LeClaire, Network Analyst II, Michelle Cherry, Cyber Sec Eng II, Justin Bailey, Cyber Sec Eng II, Kenn Finnis, Cyber Analyst II, Mark Fleeting, Tech Dev Lead, Sam Barco, Cyber Analyst Associate
Location: Tampa, FL
The Moffitt SOC is a two-phase project where the first phase is operations during business hours with the second phase being expanding to 24/7/365 coverage. The SOC is responsible for performance monitor and cyber security monitoring of Moffitt’s network, systems, applications and personnel. Since beginning operations, the SOC has issue over 800 incident tickets, handled 5 major performance incidents, 2 cyber-incidents and prevented over 12 major incidents.
Novartis Deception Project
Executive Sponsor: Jeff Moore, Global Head of Security, Novartis Institutes for BioMedical Research
Project Team: Eric Gunter (Senior Security Engineer)
Location: Cambridge, MA
Despite a very mature security posture and high-end cybersecurity technology in their network, NIBR wanted to implement a deception based solution that would help them address a gap in their ability to early and accurately detect advanced threats that were inside their network. They are adopting deception, and by deploying it comprehensively across their environment, they will also be able to make a potential attacker’s job much more difficult.
Quest Diagnostics Privileged Account Management (PAM)
Executive Sponsor: David Dulong, Executive Director, Infrastructure and Operations and Security, Quest Diagnostics
Project Team: Dennis Walsh – Director of Identity and Access Management, Krishna Meruga – Sr. Project Manager, Cory Donovan – Lead IT Security Specialist, Phil Rubbo – Sr. IT Security Specialist, Amit Patel – Sr. IT Security Specialist, Omar Radi – Lead IT Security Specialist, Bob Wilkinson - Sr. IT Security Specialist, Jim Gover - Lead IT Security Specialist
Location: Lyndhurst, NJ
End-user accountability: It’s a good thing, particularly now that privileged access to critical systems, apps, and data is not just limited to their own people on their on-premises networks. The cloud is standard operating procedure for most businesses now, plus consultants and third party organizations are a constant presence as they manage elements of their environment. PAM was built to give Quest Diagnostics firmer control of privileged accounts as well as greater visibility into the day-to-day use of these accounts, regardless of user. It also streamlined account maintenance with automated account provisioning and lifecycle management. Most importantly, the cloaks of anonymity that for all intents and purposes obfuscated the activities of staff and hired outsiders were stripped away. Every hand that touches their systems is now observable and accountable.
Winning Business Buy-in Through Tailored Incident Response Tabletops
Executive Sponsor: David Dulong, Executive Director, Infrastructure and Operations and Security, Quest Diagnostics
Project Team: Richard Menta – Lead IT Security Specialist
Location: Lyndhurst, NJ
The team at Quest Diagnostics establish tailored business incident response exercises. These special tabletops are notable because their secondary goal is to train their security team for a specific type of attack. Their primary goal is to engage the decision makers in the business whose buy-in is critical to their ongoing initiatives. In these scenarios they simulate a breach that shuts down a piece of the business and then ask the business to make difficult decisions. It is hard to remain complacent when you are asked to make an immediate and critical decision, even in a simulation. This stimulates buy-in from that sector of the business, motivating needed change and establishing added goodwill with the security team.