ISE® Northeast Project Award Nominees 2020

Milestone 0
Executive Sponsor: Bill O’Hern, Senior Vice President and Chief Security Officer
Project Team: Rebecca Finnin (Director – Cybersecurity), Amy Zwarico (Lead Member of Technical Staff), Samantha Kossey (Sr. Specialist – Cybersecurity), Christine Liu (Principal – Cybersecurity)
Location: Middletown, NJ

Milestone 0 redefines how AT&T introduces security requirements to applications. In large corporations, application teams may invest considerable time and effort to negotiate the volume and complexity of security requirements. They may deal with a lack of a centrally maintained list of security solutions, finding the right security SME for their projects, complexity of application architecture, and interpreting shared cloud responsibility. Milestone 0 allows all the application teams across the company to operate under a repeatable, self-service model to achieve security compliance by providing relevant requirements and available tooling solutions for automated enforcement based on users’ answers to simple questions.

Project Risk Illumination
Executive Sponsor: Sudhanshu Kairab, Vice President, Cybersecurity Governance, Risk and Compliance
Project Team: Joseph Gallagher (Sr. Director, Cybersecurity Governance, Risk and Compliance), Saugat Sindhu (Program Transformation Lead, KPMG); Project Team Members: Kelly Russell (Sr. Manager, Third Party Security Assurance), Deep Patel, Manager (Third Party Security Assurance), Mark Bunge (Director, Cybersecurity Governance, Risk and Compliance), Haris Mohiuddin (Analyst, Third Party Security Assurance), Matt McGrath (Sr. Analyst, Third Party Security Assurance), Mahendra Churman (Attorney, Legal and Privacy), Walker Allen (Sr. Director, Comcast ServiceNow Product Manager), Jerry Hahn (Engineer, Comcast ServiceNow Support), Devakumar Sarangabani (Solutions Architect, KPMG)
Location: Philadelphia, PA

Project Risk Illumination was a transformative initiative to bring supply chain exposures to light, enabling clear risk based decision making through harmonized engagement across cybersecurity, legal, privacy and business stakeholders. Comcast leverages over 3000 Third Party suppliers in the delivery of diverse products and services to its Consumers. Given the expanding cybersecurity and privacy landscape, coupled with dependencies on Third Parties, this project was initiated to not only optimize technology solutions to illustrate risk factors associated with Third Parties, but also to enable cross-functional perspectives from all key stakeholders with real-time integrated self-service portals and dashboard reporting.

Refinitiv NextGen Security Operations Transformation
Executive Sponsor: Patrick Sullivan, Head of Security Operations
Project Team: Thomas Willbye (Project Manager), Michael Sviben (Director - Offensive Security Operations), Corinne Bertolino (Director - Threat & Vulnerability Management), Jack Radigan (Director - Threat Detection Operations), Donna Goddard (Director - Data Loss Prevention), Will McGregor (Director - Cyber Incident Response Team), Bappa Dey (Director - Cyber Threat Intelligence), Madhu Nadig (Manager - Security Platform Services)
Location: Hoboken, NJ

In October 2018, Thomson Reuters (TR) divested Refinitiv in a $17 billion transaction with Blackstone which split the cyber security function and resulted in coverage gaps for both companies. To enable this transaction, Refinitiv’s Head of Security Operations, Patrick Sullivan, led the NextGen Security Operations Transformation Program to rapidly build and enhance Refinitiv’s solutions and capabilities. Over the course of 21 months, Refinitiv established a robust Cyber Security Operations function, building 3 global Security Operations Centers (SOCs), and maturing capabilities across Security Monitoring, Incident Response, Digital Forensics, Offensive Security, Threat Detection, Vulnerability Management, Data Loss Prevention, and Cyber Threat Intelligence.

COVID-19 Cybersecurity – Protect the Patient
Executive Sponsor: Mark Leary, CISO
Project Team: Enoch Long (Cyber Operations Director), Gregg Cortese (Technology Risk Director), Stephen Huvane (Engineering Director), Jeff Bayzk (IT Operations Director), Diarmuid O’Sullivan (Cyber IR Manager), David Glosser (Threat & Vulnerability Manager), Keith Keimig (Security Monitoring Manager), Christopher Filor (Security Analyst), Henry Howland (Security Intern)
Location: Tarrytown, NY

Regeneron’s “COVID-19 Cybersecurity – Protect the Patient” program was initiated to protect against cyberthreats that could potentially disrupt COIVD-19 research, clinical trials and drug manufacturing operations. Regeneron’s investigational COVID-19 antibody cocktail thrust the company into the epicenter of a global pandemic. This heightened visibility increased hostile nation-state threats to Regeneron’s IT operations and employees were bombarded with COVID-19 social engineering attacks. Information security immediately pivoted to a multifaceted program to increase public-private collaboration on cyber threat intelligence, improve the cybersecurity posture to protect a newly remote workforce and secure the COVID-19 value chain, and strengthen our vendor engagements and technology supply chain.

Cyber_Exec_Protect – Executive Protection in Cyberspace
Executive Sponsor: Mark Leary, CISO
Project Team: Enoch Long (Cyber Operations Director), Diarmuid O’Sullivan (Cyber IR Manager), David Glosser (Threat & Vulnerability Manager), Keith Keimig (Security Monitoring Manager), Christopher Filor (Security Analyst), Henry Howland (Security Intern)
Location: Tarrytown, NY

"Cyber_Exec_Protect – Executive Protection in Cyberspace" was a burst project to protect our top-level senior executives’ digital persona. Previously, except for our CEO and his staff, Regeneron executives only enjoyed protective controls while on-premise, or connected through VPN, at the same level as any other employee. Due to Regeneron’s increased public visibility and media exposure, cybersecurity operations realized a new level of protection was required. Today, our top senior executives benefit from an integrated, comprehensive set of identity monitoring and protection, cyberspace monitoring and alerting, dedicated cyber incident response, and optional home protection unique to the industry.

UNDP Cybersecurity Response to COVID Crisis
Executive Sponsor: Paul Raines, Chief Information Security Officer
Project Team: Alexey Kuzmenko (Security Analyst), Sandra Jourdain (Security consultant), Yerim Fall (Security Analyst)
Location: New York City, New York

The cybersecurity unit took actions that allowed UNDP to continue to meet its global mission of providing humanitarian assistance to developing countries despite working remotely. Just prior to the crisis they tested and improved the business continuity plan to ensure the organisation was prepared. During the crisis they defended the organisation against numerous hacking attacks, wrote policies to support working remotely, provided cybersecurity training to employees on the new work situation, worked with law enforcement authorities on a criminal case against a criminal hacker group and supported UNDP’s digital transformation through cybersecurity assessments of new systems and applications.