ISE® West Project Award Nominees 2022

AT&T Chief Security Office Threat Analytics Ecosystem Optimization
Executive Sponsor: William O’Hern, Senior Vice President and Chief Security Officer
Project Team: Bill O'Hern - SVP and CISO, Cynthia Cama - AVP Cybersecurity, Joe Harten - Director-Cybersecurity, Sam Alexander - Principal Member of Tech Staff, Steven Buznitsky - Principal Member of Tech Staff, Philip Carrington - Principal-Cybersecurity, Christopher Derocco - Senior-Cybersecurity, Blake Essing - Principal-Cybersecurity, Eric Fermon - Principal-Cybersecurity, James S Fogarty - Principal-Technology Security, Corey Kluesner - Professional-Cybersecurity, Julie A Leith - Principal-Cybersecurity, Victor Liu - Principal-Technology Security, James Pace - Principal Member of Tech Staff, Pranav Pandya - Principal-Cybersecurity, Joan Salavedra - Principal-Technology Security, Michael A Stair - Lead Member of Technical Staff, Robert D Thorman - Lead-Cybersecurity, Laura J Velez-Kohler - Associate Director-Cybersecurity, Josh Anderton - Principal-Cybersecurity, William Kwok - Principal-Technology Security, Joan Mills - Principal Member of Tech Staff, Manjula Muniswamy - Principal-Cybersecurity, Narada R Walker - Senior-Cybersecurity, David Yelavich - Senior-Cybersecurity, Kim L Withers, Lead Member of Technical Staff
Location: Middletown, NJ

Resource, cost and efficiency optimization of the AT&T CSO Threat Analytics Platform in order to more effectively collect, process and analyze security threat data for the AT&T Enterprise. Platform was re-architected for efficiency as well as integrate user behavior analytics.

Developer Driven Security Remediation
Executive Sponsor: Adam Fletcher, Chief Security Officer
Project Team: Adam Fletcher - Chief Security Officer, James Chiappetta - Senior Vice President, Cybersecurity, Austin Paradis - Analyst, Cybersecurity, Christopher Surage - Vice President, Cybersecurity, Rahul Sharma - Associate, Cybersecurity
Location: New York, NY

Blackstone’s security remediation was decentralized, manual, and involved chasing developers. Alerts were often low-fidelity, duplicative, and lacked context. The team solved this by correlating and reporting to drive effective vulnerability remediation.

Simple Plan with Execution Precision: Data Classification & Enterprise Onboarding and Transitions
Executive Sponsor: Robert Pace, Vice President, Information Security and Chief Information Security Officer
Information Security Project Team: Robert Pace - Vice President, Information Security and Chief Information Security Officer, Evan Lund - Manager Security, Daryl Hykel - Manager Compliance, Samuel Asare - Security Engineer I, Patrick McElroy - Security Engineer I, Jonathan Perry - Security Engineer I
Infrastructure Project Team: Brian Pannell - Sr. Director Enterprise Infrastructure, Jason Myers - Sr. Manager Enterprise Infrastructure, Elise Sammarco - Director Support Services, Jonathan Travis - System Administrator III, Roland Gomez - Manager Support Services, Tanner Gwinn - Manager Enterprise Applications, Cassandra Ruggles - Analyst II Enterprise Applications, Paul Donarine - ServiceNow Developer
Location: Dallas, TX

(A) Strategic approach centered upon having a user-friendly and security sound process for data classification. (B) Strategic approach center upon having a user-friendly, lean and security sound process for onboarding, offboarding and transitions.

Enhanced Consequences Model for Users with Repeat Failures of Educational Phishing Campaigns
Executive Sponsor: Jane Harper, Associate VP - IS Risk Management & Business Engagement
Project Team: Meredith Harper - CISO / VP Information Security, Steve Fry - Executive VP HR, Jane Harper - Associate VP IS Risk Management, Jade Kas - Associate VP HR, Pankaj Choudry - Sr. Director HR, David Frazier - Associate Director HR
Location: Indianapolis, IN

Securing Information and systems is one of the biggest challenges we face in today’s digital environment. Phishing continues to be a major tactic used by hackers to gain access to information and systems that can then be exploited for profit. The ability of our workforce to identify phishing messages is the best defense to protect against the loss, theft or disclosure of Confidential Information, so we created an educational phishing program in 2017. The program deploys simulated phishing campaigns to the workforce and tracks the number of employees who fail (click on a link or attachment). In 2020 the Information Security Education and Development team wanted to reduce the number of employees who repeatedly failed educational phishing campaigns, driving the creation of a project to enhance consequences for users with repeat failures.

Zero Trust
Executive Sponsor: Jason Smola, Enterprise Security & Infrastructure Architect
Project Team: Ramesh Pendela - Lead Cloud & Network Security Engineer, Steven Garcia - Senior Endpoint Engineer, Natalie Charles - Director of Technical Project Management, Alex Arango - Head of Cyber Threat Management
Location: Austin, TX

The Zero trust project enabled us to secure our technology environment with the core principle "never trust, always verify"; designed to eliminate the traditional security risks with the "least privilege access" model.

ServiceTitan Smart Trust Center
Executive Sponsor:Cassio Goldschmidt, Chief Information Security Officer
Project Team:Cassio Goldschmidt - CISO, Parastoo Sanadi - Director Compliance, Paul Intrarakha - Sr. Principal Architect, Levon Isajanyan - Incident Response and Threat Prevention Engineer II, Tarun Patel - Sr. Systems Engineer II, Andrew Engelbert - Enterprise Security Architect
Location: Studio City, CA

ServiceTitan Smart Trust Center is a public-facing portal that provides an easy way for customers to obtain information related to privacy, security, and compliance as well as to subscribe to security notifications.

Cloud Security Remediation
Executive Sponsor: Mike Towers, Chief Digital Trust Officer
Project Team: Mike Towers - Chief Digital Trust Officer, Bob Durfee - Head of Digital Engagement and DevSecOps, Venki Thyagarajan - Leader of DevSecOps
Location: Lexington, MA

Takeda is going through a cloud transition and has modernized 100s of applications. With that, cloud vulnerabilities grew from 0-6M alerts in 18 months. The security team needed to reduce noise and make it easy for developers to take action.