Aflac Deception Project
Executive Sponsor: DJ Goldsworthy, Sr. Manager Threat & Vulnerability, Aflac
Project Team: James Harris- Sr. Threat Management Consultant
Location: Columbus, GA
Despite a very mature security posture and high-end cybersecurity technology in their network, Aflac wanted to implement a deception based solution that would help them address a gap in their ability to early and accurately detect advanced threats that were inside their network. They adopted deception, and by deploying it comprehensively across their environment, have been able to flip the playing field and create an environment saturated with pitfalls that a threat actor now has to evade with 100 percent accuracy to evade detection.
Threat Intelligence System (TIS)
Executive Sponsor: Tim Callahan, SVP, Chief Information Security Officer, Global Security, Aflac
Project Team: DJ Goldsworthy – Director, Threat Intelligence, John D’Agostino – Threat Management Consultant, James Harris – Sr. Threat Management Consultant, Gareth Williams – Sr. Threat Management Consultant, Joshua Staples – Threat Management Engineer, Stephen McCamy – Sr. Threat Management Consultant, Ben Harbin – Sr. Threat Management Consultant
Location: Columbus, GA
In response to the increase in volume and velocity of new threats, Aflac embarked upon a mission to create a custom-built TIS that would be capable of consuming large amounts of threat data and, in turn, use that data to protect the environment and inform security decisions. Aflac built a system that not only tackles the daily operational feed of threat data, but provides key process automation and allows for system integration into the current security infrastructure for maximum use of the data.
Bank of America’s Identity and Access Management (IAM) Transformation Program
Executive Sponsor: Steve Schwartz, Identity & Access Management Executive, Bank of America
Project Team: Nathan Dany, Robert Burden, Brian Kaplow, Kate Taylor, Brian K Metzner with the Identity and Access Management Strategic Transformation Delivery team
Location: Atlanta, GA
In late 2015, Bank of America’s Global Information Security team began the implementation of a new program to transform identity and access management (IAM) and reduce overall risk across the enterprise. The new program streamlined 27 review systems into one and 20 request systems into one – resulting in an efficient, user-friendly access management program that makes it easier for users to make accurate and effective access request and review decisions.
Payment Card Security Project
Executive Sponsor: Stoddard Mankin, Director, Information Security, Children's Healthcare of Atlanta
Location: Atlanta, GA
Children’s Information Security believes that their pediatric patients and their families should focus on getting better today and healthier tomorrow, not worry about recovering from a data breach or stolen credit card. This project was initiated to ensure Children’s card-based payment processes are streamlined, risk-appropriate and reduce administrative overhead in complying with regulatory requirements. The project team assessed the current state of card-based payment processes, identified improvements needed, and deployed new technologies and strategic process changes throughout the organization.
The DOR APT Project
Executive Sponsor: Wes Knight, Information Security Officer, Georgia Department of Revenue
Project Team: Chris Austin, Information Security Analyst, Larry Faulkner, Information Security Analyst, Jan Gaines, Information Security Analyst, Thehao Ngo, Information Security Analyst [THEE-how No], Mark Sanders, Information Security Analyst, Wes Knight, Chief Information Security Officer, Steve Hodges, Chief Disclosure Officer
Location: Atlanta, GA
The main project for DOR in 2016 was to install an APT (Advanced Persistent Threat) protection system. One key goal of DOR is confidentiality of taxpayer information. Government networks and critical infrastructure around the world are under a constant state of attack. The APT protection system is a behavioral analysis engine that examines behavior of various systems to provide protection. Installing appliances into LAN infrastructures detects attempted compromises via email and infected media to prevent and respond to breaches. This solution was extremely complex and required appliances installed at 13 different offices and required assistance from multiple vendors including AT&T, IBM (NADC), FireEye, Microsoft, Presidio, GTA.
Home Depot Deception Project
Executive Sponsor: Sarath Geethakumar, Sr. Director IT Security, The Home Depot
Location: Atlanta, GA
The Home Depot’s growth strategy involves an active acquisition strategy. A key priority in their integration strategy is to establish visibility into the acquired entities networks to understand vulnerabilities that may exist. This retail organization was actively investigating and assessing the security controls of their broader affiliate organization, and focused on elevating and standardizing security controls and governance across these subsidiaries. The Home Depot Info Sec team proactively partnered with all acquisitions to elevate their security capabilities to industry cutting edge solutions by deploying advanced deception and early detection systems. This approach would help them collectively gain needed visibility to quickly detect cyber attackers. Specifically, as a part of deploying deception, they established the capabilities to detect hidden or time triggered malware that could move laterally across the affiliate networks, identify tactics being taken to compromise endpoints relying on stolen credentials to escalate privileges and compromise the environment. This proactive approach helped them develop a light weight but highly effective and scalable security strategy across distributed subsidiaries that helps protect the integrity of the environment to maintain high customer confidence, customer loyalty, and revenue generation intended from these acquisitions.
Active Threat Monitoring and Response
Executive Sponsor: Brian Philips, VP, IT and Information Security, Macy’s Systems and Technology
Project Team: Gene Casady , Manager, Threat Response, Lance Dortch, Systems Specialist, Threat Response, Stephen Seljan, Systems Specialist, Threat Response, Randy Farmer, Sr. Analyst, Threat Response, Nick Gibbs, Sr. Analyst, Threat Response, Stephen Mcvey, Threat Analyst, Jessica Pepper , Threat Analyst, Tony Richardson , Threat Analyst, Marvin Tyner, Threat Analyst, Joey Shotton, Sr. Threat Analyst, Brian Jordan, Threat Analyst, John Scarbrough, Threat Analyst, Heidi Rolleston, Threat Analyst
Location: Johns Creek, GA
Macy’s set out to establish and implement a Threat Monitoring and Response Center that would actively monitor and respond to security threats 24 hours a day, 7 days a week. This team would be tasked with implementing, tuning, and monitoring new technologies that would give them the ability to detect, alert, and respond to security threats in near real-time. This team would be staffed with the expertise needed to cover all technical aspects of threat detection, incident response, and malware forensics.
Moffitt Security Operations Center (SOC)
Executive Sponsor: Jennifer Greenman, VP of Information Technology and Chief Information Officer, Moffitt Cancer Center
Project Team: Dave Summitt, CISO, Hugh Percy, Spvr Cyber Security Ops, Dave LeClaire, Network Analyst II, Michelle Cherry, Cyber Sec Eng II, Justin Bailey, Cyber Sec Eng II, Kenn Finnis, Cyber Analyst II, Mark Fleeting, Tech Dev Lead, Sam Barco, Cyber Analyst Associate
Location: Tampa, FL
The Moffitt SOC is a two-phase project where the first phase is operations during business hours with the second phase being expanding to 24/7/365 coverage. The SOC is responsible for performance monitor and cyber security monitoring of Moffitt’s network, systems, applications and personnel. Since beginning operations, the SOC has issue over 800 incident tickets, handled 5 major performance incidents, 2 cyber-incidents and prevented over 12 major incidents.
Global Information Security Awareness Program (Communications & Training)
Executive Sponsor: Bob Varnadoe, Chief Information Security Officer, NCR
Project Team: Erin Filimon, Communications & Training – Global Information Security
Location: Duluth, GA
The Global Information Security Awareness Program (Communications & Training) is an enterprise-wide effort to educate and increase information security awareness for ~40,000 NCR employees and contractors. The program builds NCR employee awareness and engagement through training, email campaigns and marketing collateral.
Executive Sponsor: Steve Ferguson, Chief Information Officer, Technical College System of Georgia
Project Team: Steven Ferguson – Chief Information Officer, Charles McCants – IT Manager, Michael Clough – Information Security Specialist, Daniel Black – Director, Infrastructure Engineering
Location: Atlanta, GA
TCSG established a perimeter security system that enhanced the overall security for 22 colleges spanning 85 campuses. Firepower enhances security through multiple layers of the ASA’s Next Gen Firewall Platform. This architecture allowed TCSG and its colleges to no longer worry about TCP connection limit issues that were common in the previous system. Firepower increased flexibility with deploying devices and firewall monitoring locations. Firepower accomplishes all of this while still providing a familiar interface for TCSG college staff.
Identity & Access Management System Implementation
Executive Sponsor: Michael Reese, Director, Information Technology, University Health Care System
Project Team: Scott Bodolosky, Project Manager and IT Security & System Analyst, Wesley Black, Epic Security Coordinator, Vicki Heyman, Information Systems Analyst, Marilyn McDavid, IT Security Access Coordinator, Jerri Riddle, IT Service Operations Mgr, Ann Robinson, Database Analyst, Laura Tallent, HR Operations Spclst Ld, Terry Waters, Servers Systems Administrator, Terry Wilkinson, Database Analyst
Location: Augusta, GA
University Health Care System‘s (UHCS) UHCS Identity & Access Management System Implementation project was an ambitious undertaking. They wanted to find a way to ease the manual burden on their Identity & Access Management (IAM) and provisioning teams that was spending countless hours manually provisioning and de-provisioning applications at the expense of other projects. In addition, they wanted to keep an eye to the future and address their need for a faster and more comprehensive way to remediate audit findings, comply with federal regulations, and improve the information assurance program by disabling and enabling access to critical information through user role and status changes. Together with their consultant GCA Technology Services, they diligently worked to connect Micro Focus’ NetIQ Identity Manager solutions to their Active Directory, Kronos, Epic and Lotus Notes applications. In the end, they successfully navigated through some of the least friendly APIs in the business to complete the project in December 2016.