Information Security Awareness Program Implementation
Executive Sponsor: John Kirkwood, Chief Information Security Officer
Team Members: Frank Steele (Senior Manager Governance & Compliance), Brenda Devine (InfoSec Awareness Analyst), Raj Pyakurel (InfoSec Analyst), Bruce Taylor (InfoSec Analyst)
Location: Phoenix, AZ
A new information Security Awareness Program was built during 2018 and 2019 to build upon the good will established during the 2017 Information Security Awareness month expos held throughout the corporate offices. To help increase the security culture of Albertsons the project team focused on three awareness areas, secure at Work, at Home and on the Road. The new year around program leads with monthly themes, computer-based training, lunch and learn classes, phishing campaigns and culminates with the annual exposition at four corporate campuses.
NIST Cyber Security Framework Maturity
Executive Sponsor: John Kirkwood, Chief Information Security Officer
Team Members: Frank Steele (Senior Manager Governance & Compliance), Justin Smith (Senior Manager Risk Management), Jerry Boyd (Senior Manager Security Transformation), Pep Barrameda (Senior Manager Incidence Response), Neil Pon (Senior Manager Information Security Services), Bruce Taylor (Infosec Analyst)
Location: Phoenix, AZ
The merger between Albertson and Safeway required a new, expanded information Security team be established. Management decided this was an opportunity to “get it right from the start.” The NIST Cyber Security Framework (CSF) controls, principles and objectives were foundational in creation of roles and responsibilities.
Over the past three years, the Information Security program has been assessed by external NIST maturity assessors as well as Internal Audit. The maturity of the Information Security program has continued to dramatically improve with most functions rated at “managed and measurable.” Along the way, processes have been re-engineered, playbooks created, accountabilities established, and ongoing metrics generated.
Cybersecurity Awareness Month
Executive Sponsor: William (Bill) Boni, Senior Vice President, Digital Security
Team Members: Jana Drajpuch (Director), Nancy Kumbalek (Manager)
Location: Bellevue, WA
With the increasing complexity of cybersecurity ecosystems and the resulting impact on employees and customers, there is a critical need for enhanced cyber awareness among all organizations. As a result, T-Mobile’s Digital Security Organization (DSO) takes innovative strides to ensure that employees are first-line defenders against cybersecurity threats. The highlight of DSO’s employee awareness activities in 2018 was October’s Cybersecurity Awareness Month (CSAM) campaign for T-Mobile employees and strategic partners. CSAM events included speaking engagements with the FBI Cyber Security Task Force, University of Washington, and SHAPE Security. Additional creative and interactive events included an onsite security-themed escape room, phishing games, and group tours of T-Mobile’s Tech Experience lab. This month of activities featured two successful fairs with manned booths, merchandise, and helpful tips and tricks. These CSAM events attracted more than 1,800 participants.
Identify, Credential, and Access Management (ICAM)
Executive Sponsor: Dwaine Omyer, Vice President, Digital Security
Team Members: Koveh Tavakkol, Sr. Manager, Bob Lynn, Sr. Enterprise Information Security Manager, Anya Simonova, Project Manager, Deepak Mathur (Project Manager), Tony Huemiller (Sr. Manager), John Charlton (Manager), Jeff Colorossi (Sr. Manager), Dave Krueger (Principal Engineer), Aakash Tiwari (Sr. Engineer)
Location: Bellevue, WA
ICAM provides technology leadership, guidance, and governance for identity management products and capabilities at T-Mobile. Critical business objectives include identity management maturity, scalability, technology rationalization, operational effectiveness, and cost savings through a common strong-authentication customer experience. ICAM empowers identity risk through strong management controls, authentication, privileged access management, and access governance. The project implements an Un-carrier approach to digital security through the integration of all enterprise platforms to centralize identity controls. This allows toolset rationalization and expanded identity access management (IAM) capabilities ensuring full utilization of key technology platforms.
Vuclip Deploys Wallarm for API Protection and Attack Detection
Executive Sponsor: Jishnu Kinwar, VP of Technical Operations
Location: San Jose, CA
Vuclip Inc. implemented AI-powered application security provider Wallarm's technology to scan for vulnerabilities, detect attacks, and protect its API. Wallarm’s easy setup took Vuclip from zero to full protection in under an hour by blacklisting malicious IPs and bad actors and whitelisting those it grants free access to streaming bandwidth, without confusing the two. Wallarm does this with almost zero false positives and it scales with existing systems, including Vuclip's NGINX farm, so that Vuclip can focus more on creating great content and less on security threats.