ISE® East Project Award Nominees 2022

Duke University Hospital
Clinical Workstation 2.0, Phase 1 (CW2)
Executive Sponsor: Don Phillips, Product Management for Managed Devices – Senior Manager
Project Team: Don Phillips (Product Management for Managed Devices - Senior Manager), Allen Coleman (IT Director), Karen Rourk (Associate Chief Health Information Officer), Jason Hill (Team Lead for Product Management), Walter Stone (Project Manager), Kelly Riggan (IT Director Customer Service Center), Krystal Greenhaw (Associate Director - Epic Design and Identity & Access Management), Kathy Pettiford (IT Director Customer Service Center), Angela D. Cozart (MSN, RN-BC, Nursing Informatics System Specialist II), Dan Bruno (Chief Operating Officer), LaDonna Worrell (Sr. Director, Customer Service Center), Eric Poon (MD MPH, FACMI Chief Health Information Officer), Greg Conaway (Technical Team Lead for Device Engineering)

Clinical workstation environment—including the sunsetting of a previous SSO utility that was no longer meeting the organization's needs. This was a large-scale project for Duke University Hospital (health delivery organization/HDO), a full-service tertiary and quaternary care hospital that ranks among the nation's best.


Fairfax County Virginia
Zero Trust Secure Remote Access
Executive Sponsor: Michael Dent, Chief Information Security Officer
Project Team: Michael Dent (CISO), Jeffrey Porter (DIT Program Director), Mike Palacios (IT Networks Program Director), Dave Sudduth (Sr. Information Security Analyst), Charlie Gore (IT Security Program Director), Eric Knight (Sr. Information Security Analyst), Edgardo Negron (Sr. Information Security Analyst), Francis Bustamante (Sr. Network Security Engineer), John Rudolf (Sr. Systems Engineer & Project Manager), Yuri Varzari (Sr. Network Engineer)

Fairfax has adopted to a Zero Trust model and leveraging its already proven Defense-in-Depth Cybersecurity approach to detect and stop threats where data moves in the Hybrid Cloud Infrastructure and its mobile workforce. COVID-19 hit the world in January 2021 forcing everyone to work remotely and making Zero Trust reach a heightened level of importance for Fairfax. Supporting 10,000 remote workforce and a hyper-converged private cloud and public cloud infrastructure expanded the threat landscape. Fairfax deployed best-in-class Zero Trust solutions such as Secure Access Service Edge (SASE), multi-factor authentication, Micro-segmentation and high-performance backup and ransomware recovery immutable platform for the hybrid cloud.


Jack Henry
Modern Endpoint Detection and Response
Executive Sponsor: Yonesy Núñez, Corporate Information Security Officer, Global Security Officer
Project Team: Ryan Dasso (Senior Information Security Engineer), Curtis Conatser (Advanced Information Security Engineer), Paul King (Advisory Cyber Security Engineer), Andrew Lamb (Senior Cyber Security Engineer), Ian Cox (Cyber Security Engineer), Ryan Alves (Advanced Cyber Security Engineer), Josh Meadows (Senior Cyber Security Engineer), Justin Austin (Manager of Cyber Security Operations), Chris Dillard (Senior Manager of Endpoint Security), Keith Schoenefeld (Head of Cyber Security Fusion Center), Matt Whisman (Head of Security Engineering and Identity Management)

The project implemented a modern endpoint detection and response solution to provide enhanced protections across Windows, Linux, and Mac systems.


Jack Henry
Threat & Vulnerability Management Solution Implementation
Executive Sponsor: Yonesy Núñez, Corporate Information Security Officer, Global Security Officer
Project Team: Joe Nicholas (Information Security Engineer), Joseph Terrell (Information Security Engineer), Joshua Miller (Cyber Intelligence Analyst), Katie Mayhue (Information Security Engineer), Lorie Best (Cyber Security Engineer), Michael Myers (Strategic Program Manager), Robert Ponsar (Senior Manager Information Security), Ryan Halstead (Senior Manager Information Security), Zak Crowley (Information Security Manager)

To implement a Threat and Vulnerability Management solution to aggregate information obtained from a variety of information sources, while integrating risk processing to provide information in prioritizing risk.


Eli Lilly and Company
ISO 27001 Certification for the Digital Health Organization
Executive Sponsor: Jane Harper, Associate VP – IS Risk Management & Business Engagement
Project Team: Dr. Reginald Ramsey (PhD, MBA, CISA, Associate Director), Jane Harper (Associate Vice President), Roxanne Lockhart (Senior Director)

In this new healthcare era, patients, and healthcare practitioners (HCPs) expect more information, support, and value than ever before. To meet these demands, Lilly Digital Health is dedicated to helping connect Lilly directly with patients in a meaningful way through technology. This mission will contribute to our organizational goal of helping 49 million patients in 2022. The certification process required close partnership between Lilly Digital Health and Information Security, with more than 30 individuals who collaborated cross-functionally, the combined team prepared for three audits that reviewed Lilly's Digital Health information security processes, documentation, governance, risks and more.


Eli Lilly and Company
Lilly Shield
Executive Sponsor: Jane Harper, Associate VP – IS Risk Management & Business Engagement
Project Team: Maryanne Wagner, Associate Director - IS Education & Development, Steven Seifert, Associate Director - Security Analytics

Lilly Shield is a voluntary online cybersecurity awareness program available to Lilly’s global workforce (employees and contractors) that supports our "Enable and Protect" motto. Over and above Lilly’s mandatory information-security training, the program's self-paced modules incorporate games, videos and educational modules to help employees learn how to protect their online information at home as well as on the job. Our belief, supported through the experience of participants, is that building awareness of personal security will result in more secure behaviors at work. The growth of this voluntary program is a tribute to on-the-ground enthusiasm for this innovative learning mechanism.


Truist
Product Support Center of Excellence
Executive Sponsor: Xavier Ashe, SVP, Cybersecurity Operations – Head of Production Support CC
Project Team: The Center of Excellence is a matrix of teams comprised of 240 individuals from the following departments: Cyber Operations Service Management, Cyber Threat Intelligence Services, Cyber Threat Scenario Management Services, Cyber Threat management & Strategic Services, Cyber Development & Innovation Services, Cyber Security Domain boundary Services, Endpoint EDR Security Services, Cyber Fusion Center Services, Cyber Payment Security Services

The Production Support Center of Excellence focuses on efficiency, and effective policy and governance compliance standards.


Unqork
IAM Transformation Phase 1
Executive Sponsor: Marcos Christodonte, Chief Information Security Officer
Project Team: Marcos Christodonte II (CISO), Daniel Wood (Head of Product Security), Scott Belisle (Principal Security Architect), Jin Su (Security Engineer), Gina Apresa (Sr Security Project Manager), Brittney Robertson (IT Manager), Michael Lynch (IT Manager), Mika Eldritch (IT Support)

Through this project, Unqork wanted to implement a zero trust architecture, and eliminate passwords, implement device-level authentication, and couple that authentication with device posture checks.


Victoria's Secret and Co
Victoria's Secret & Co. Identity and Access Management Separation
Executive Sponsor: JB Craft, Senior Manager, Cybersecurity Technology Operations and Identity and Access Management
Project Team: JB Craft (Senior Manager), PWC (Consulting Firm), Dave Schott (PMP, Contract Project Manager, Kforce), Joe Blanton (Senior Security Engineer), Melanie Backus (Senior Security Analyst), Chris Birnbrich (Lead Engineer), Justin Kuhn (Engineer 1), Corey Place (Engineer 2), Tyrell Jackson (Engineer 1)

VS&Co. separation from LBrands included the creation of two distinct public companies, an IPO, and a stock name change, while ensuring compliance with all applicable legal regulations so all work qualified under a tax-free designation.


Victoria's Secret and Co
Victoria's Secret.com Incident Response
Executive Sponsor: Jeff Sauer, Senior Manager, Cybersecurity Incident Response and Operations
Project Team: Reliaquest (Managed Service Provider), Josh VanAusdale (Senior Analyst), Julie Gregory (Senior Analyst), Erik Andresen (Lead Analyst), Nick Kraffert (Lead Analyst), Justin Lute (Analyst 3), Raymond Akoson Akotarh (Analyst 3), Brad Mead (Analyst 2), Jenn Ratliff (Analyst 2), Cassie Watkins (Analyst 2 ), Ava Heidorn (Analyst 1)

Given the media attention and business significance of separating two Fortune 500 Brands, the Victoria's Secret CIRC (computer incident response center) team was inundated with an attack frequency and volume the company has never seen.