ISE® North America Leadership Summit and Awards 2016

Information Security Executive of the Year Awards

The ISE® North America Leadership Summit and Awards was held November 2016 in Chicago, IL. The awards recognize the information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security.

The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions.

Unique to the ISE® North America Awards, both executive and project divisions offer recognition within industry classification, including Commercial, Financial Services, Health Care and Academic/Public Sector.

ISE® North America Executive Award Winner 2016 - Commercial Category

Bill O'Hern

Bill O'Hern
Senior Vice President & CSO
AT&T
ISE® Northeast Executive Award Finalist 2016
ISE® North America Executive Award Winner 2016 - Commercial Category

Biography



ISE® North America Executive Award Winner 2016 - Academic/Public Sector Category

Medha Bhalodkar

Medha Bhalodkar
CISO, Enterprise IT Risk Officer
Columbia University
ISE® North America Executive Award Winner 2015 - Academic/Public Sector Category
ISE® North America Executive Award Winner 2016 - Academic/Public Sector Category
ISE® Northeast Executive Award Finalist 2018

Biography



ISE® North America Executive Award Winner 2016 - Health Care Category

Vikrant Arora

Vikrant Arora
Chief Information Security Officer
Hospital for Special Surgery
ISE® North America Executive Award Finalist 2014 - Health Care Category
ISE® Northeast Executive of the Year Award Winner 2016
ISE® North America Executive Award Winner 2016 - Health Care Category

Biography



ISE® North America Executive Award Winner 2016 - Financial Category

Craig  Froelich

Craig Froelich
Chief Information Security Officer
Bank of America
ISE® North America Executive: Financial Award Winner 2016
ISE® Southeast Executive of the Year Award Runner Up 2017
ISE® North America Executive: Financial Award Finalist 2017

Biography



ISE® North America Project Award Winner 2016 - Commercial Category

att
AT&T Identity and Access Management Platform
Executive Sponsor: Bill O’Hern, CSO, AT&T
Project Team: David Hulsey, Johannes Jaskolski, and Pete Galanis
Location: Dallas, Texas

AT&T security experts have built a proprietary technology that helps simplify and secure the authentication process. It is smartphone-centric, allowing one’s device to function as a key to gain access to both digital content and physical building access, instead of IDs, passwords, and badges. This technology can authenticate a user based on their location, their network, or even their physical characteristics, like fingerprints. These capabilities minimize both the work a user has to do to authenticate and the possible risk of an attacker being able to mimic an approved user to gain access to proprietary information.



ISE® North America Project Award Winner 2016 - Academic/Public Sector Category

Columbia University
Perimeterless Network Security
Executive Sponsor: Medha Bhalodkar, Chief Information Security Officer & AVP, Columbia University
Project Team: Chuck Eigen, Security Program Director, Alan Eiland, AVP, Portfolio Management Office, Joel Rosenblatt, Sr. Director Network Security, Anthony Johnson, Director, Infrastructure Engineering, Joseph Rini, Sr. Director, Infrastructure & Network Support Services, Frank O'Donnell, Mgr, Systems Administration, Aziz Usmani, Sr. Systems Engineer, Martin Wren, Sr. Security Systems Developer, James Bossio, AVP, Infrastructure Services, Alan Crosswell, AVP, Chief Technical Officer
Location: New York City, NY

Our “Perimeter less Network Security project” provides the University Network Infrastructure with Enterprise Zone architecture with Micro-Domain segmentation. This project achieved our prime goal of providing information security where needed, at the same time support the basic mission of the University of sharing of information in an open network to promote exchange of ideas and research. Columbia University is a blend of Corporate and ISP elements that as such, requires a security structure that covers these requirements. We also have strict security requirements for protecting our intellectual property and also applications such as payroll, human resources, financial and student records. Our goal in implementing this project was to improve our security posture by leveraging implementation of CUIT’s Converged Infrastructure project, while it was being designed, developed, and deployed, and support university mission to allow free exchange of information.



ISE® North America Project Award Winner 2016 - Health Care Category

change healthcare
TITAN - Threat Intelligence Tactical Analysis Network
Executive Sponsor: Haddon Bennett, CISO
Project Team: Jason Jones – VP Cyber Threat and Response, John Fellers – Cyber Threat Hunter, Robert Landry - InfoSec Engineer, Russ Lieneman- InfoSec Engineer, and Craig Ray- InfoSec Analyst
Location: Nashville, TN

Change Healthcare’s TITAN is a threat intelligence and analysis network which enables pro-active, threat-based defense, threat analysis, identification, and tracking. TITAN pulls threat intelligence from a variety of sources, stores incident data in a centralized repository, and enables research and analysis to help determine if seemingly isolated incidents are components of advanced persistent threats. When new threats are identified, TITAN disseminates this information to Change Healthcare’s internal security tools automatically. TITAN provides the context between threat intelligence and security incidents identified and logged to our SIEM. TITAN publishes threats identified internally to NH-ISAC, thus helping other member organizations consume targeted threat intelligence.



ISE® North America Project Award Winner 2016 - Financial Category

usbank
U.S. Bank Enterprise Tokenization Integration Project
Executive Sponsor: Jason Witty, CISO, U.S. Bancorp
Project Team: Michelle Guckeen, Project Manager, Thoralf Symreng, Manager Information Security Risk & Compliance, Carol Stennett, Information Security, Risk & Compliance Location: Naperville, IL

The goal of the Tokenization Project was to reduce the amount of sensitive cardholder data stored in U.S. Bank’s network, using tokenization technology that replaces the primary account number (PAN) with a surrogate value--the “token.” This was a highly complex development project that required mapping of data-flows between applications, partnership with multiple CIOs who had to change applications in specifically orchestrated sequences, and business process re-engineering to remove or reduce use-cases where business processes were formerly using real data that required significant protective controls around it. The result was a dramatic reduction in data that required protection.



ISE® North America People's Choice Award Winner 2016

V.Jay LaRosa V.Jay LaRosa
Vice President, Global Security Architecture
ADP
ISE® North America People's Choice Award Winner 2016
Biography

ISE® North America Luminary Leadership Award Winner 2016

Jim Routh

Jim Routh
Board Member, Advisor and Former CISO
Industry-Leading Enterprises
ISE® Northeast Executive Award Winner 2007
ISE® North America Executive Award Winner 2014 - Health Care Category
ISE® Northeast Executive Award Finalist 2014
ISE® Luminary Leadership Award Winner 2016

Biography


ISE® North America Executive Award Finalists 2016 - Commercial Category

John Graham

John Graham
CISO
EBSCO Industries
ISE® Southeast Executive Award Finalist 2012
ISE® Southeast Executive Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Commercial Category


Pritesh Parekh

Pritesh Parekh
VP & Chief Security Officer
Zuora
San Francisco, CA
ISE® West Executive Award Finalist 2016
ISE® North America Executive: Commercial Award Finalist 2016
ISE® West Executive Award Finalist 2017
ISE® North America Executive: Financial Award Winner 2017

Biography



ISE® North America Executive Award Finalists 2016 - Health Care Category

Connie Barrera

Connie Barrera
Corporate Director & CISO
Jackson Health System
ISE® Southeast People's Choice Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Health Care Category

Biography


Scott Pettigrew

Scott Pettigrew
VP, Chief Security Officer
HMS
Irving, TX
ISE® Central Executive Award Finalist 2014
ISE® North America Executive: Health Care Award Finalist 2014
ISE® Central People's Choice Award Winner 2015
ISE® Central Executive Award Winner Finalist 2015
ISE® Central Executive of the Year Award Winner 2016
ISE® Central People's Choice Award Winner 2016
ISE® North America Executive: Health Care Award Finalist 2016
ISE® North America Executive: Health Care Award Finalist 2017
ISE® North America Executive: Health Care Award Finalist 2019

Biography



ISE® North America Executive Award Finalists 2016 - Financial Category

Steve Jensen

Steve Jensen
Global Chief Information Security Officer
Aegon
ISE® North America Commercial Executive Award Finalist 2013
ISE® North America Financial Executive Award Finalist 2016
ISE® Central Executive Award Finalist 2017
ISE® East Executive Award Finalist 2023

Biography


Jason Lish

Jason Lish
Executive Vice President and Chief Security Officer
Alight Solutions
ISE® West Executive of the Year Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Financial Category
ISE® Central Executive Award Finalist 2018

Biography



ISE® North America Project Award Finalists 2016 - Commercial Category

best western
Best Western Business Transformation Project
Executive Sponsor: Harold Dibler, Managing Director, Business Technology, Best Western Hotels and Resorts
Project Team: Denise Tedeschi, Director, and Boyan Vassilev,Senior Manager
Location: Phoenix, Arizona

Best Western Hotels & Resorts (BW) upgraded its identity and access management capabilities from a home-grown account management system and an outdated SSO implementation to an industry leading Identity Management Suite and SSO/Web Access Management solution. Creating accounts is now streamlined and our members are getting the correct access right away which means they can run their operations without needing any account help from our IT department. BW put in place an industry-leading multi-factor authentication solution to protect one of its most important applications. BW can now able to see patterns in users' behaviors and tailor security policies around them in order to make it easier for its loyalty members to gain access to its services and be better protected at the same time.

cox automotive
Rugged DevOps
Executive Sponsor: John Sewall, Senior Manager Information Technology
Project Team: John Sewall, CAI, Manager Security Engineering, Scott Thole, CAI, Senior Security Engineer, Joe Aranbayev, CAI, Senior Security Engineer, Raj Rajagopalan, CAI, Quality Assurance Architect, Todd Bussey, Kelley Blue Book, Manager Production Engineering, Todd Grotenhuis, NextGear Capital, Senior Security Engineer, Brian Popiliski, VinSolutions, Director Production Engineering, Darren Ayre, CAI United Kingdom, Security Manager, David Hearns, Motors.co.uk, Director of Development, Scott Andrews, Australia, Director of Production Engineering
Location: Atlanta, GA

Cox Automotive implemented a comprehensive application security program, integrating cloud-based static application security testing and in-house dynamic application security testing with its agile software development lifecycle (SDLC). As a result, Cox Automotive reduced application security vulnerabilities by 20% in the first year while cutting the amount of application rework by 60% to accelerate more secure solutions into production. This also enabled the company to strengthen its competitive advantage and lower costs.

ISE® North America Project Award Finalists 2016 - Health Care Category

aetna
Assessment Security Knowledgebase (ASK)
Executive Sponsor: Jim Routh,Chief Security Officer, VP of Global Security, Aetna
Project Team: Mignona Cote – SR Director, Information Security, Jeannette Rosario, Director, Information Security, Jimmy Doctor, Manager, Information Security. James Ciampo , Information Security Engineer, and Glenda Lopez, SR Information Security Analyst
Location: Hartford, Connecticut

Aetna provides over 1,000 control responses weekly to regulators, auditors and customers. Constant hacks with increased media attention stimulate angst among stakeholders expecting protected health records. Over the past three years, Aetna has seen an 85% increase in security audit requests with each asking the same questions. To keep pace with the increase in requests, Aetna created the Assessment Security Knowledgebase (ASK). ASK is based on two critical parts: the Security Portal, an internet accessible portal presenting Aetna’s security capabilities, and the Audit Locker, an automated internal tool for auditors to validate security controls.

aetna
Inbound Email Protection
Executive Sponsor: Jim Routh, CSO, Aetna
Project Team: Susan Koski, Chief Data Protection Officer, Dave Crawford, Architect Advisor, Dave Corris, Engineer Advisor, Sean Kallaugher, Information Security Advisor, Peter Haines and Leesandro Rodriguez
Location: Hartford, Connecticut

Aetna created a breadth of solutions to greatly reduce inbound malicious email. At Aetna, we drove successive prevention layers that instituted efficiency and efficacy measures for each layer of control. As an example of success, Aetna’s own phishing campaign was thwarted by these solutions. Most companies rely on a standard solution (mail gateway to detect SPAM and malware. The second layer of control performed deeper inspection for suspicious links (URLs) or malicious attachments and blocked them. The third layer of control established policies to reject emails from invalid sending sources using DMARC (Domain-based Message Reporting and Conformance). The fourth layer of control blocked messages from newly observed domains. And, the fifth layer is in monitoring mode and providing deep analysis of the messages with trust scores that are continuously reviewed to establish future policy for blocking.

quest
Capture the Flag Hacker Challenge
Executive Sponsor: Vito Sardanopoli, Director of Cybersecurity Services and Governance, Quest Diagnostics
Project Team: Richard Menta –IT Security Communications and Training Manager, John Bennett – Manager of Application Security and Vulnerability Management, and Kyle Moyer - Application Security and Vulnerability Management
Location: Lyndhurst, New Jersey

In the past when we sat developers in a room for two days and trained them on secure coding techniques we found that improvement was modest. Not all of the developers used what was taught them and those that did slipped into old habits soon enough. We needed a creative, novel approach to engage developers to get them to both retain and continually use the techniques taught them. The solution was a Capture the Flag (CTF) event with a little something added. Many people like to play armchair quarterback and real quarterbacks get competitive live in front of a big crowd. Leveraging this fact we orchestrated a two-week Capture the Flag Challenge, where contestants try to break into a simulated web site under an added Super Bowl-like atmosphere. Each day, 835 IT staff received a sports update of scores and humorous “expert” analysis cheering on 63 developers competing for glory. Turning the competition into a water cooler event spurred the contestants, who reacted to the spotlight by pushing even harder for that extra edge. When you find out that the search for that extra edge drove 9 out of 10 of contestants to do additional outside research you know something is working.

ISE® North America Project Award Finalists 2016 - Financial Category

Elavon
SecurityON
Executive Sponsor: Phil Agcaoili, SVP
Project Team: Tom Phillips, Jason Witty, Michelle Stewart, Mark Gelhardt, James Edgar, Brent Comstock, Shane Cruze, Osiris Martinez, Clint Garrison, Michael Varno, Doug Dement, Andrew Kalat, Rodney Strader, and Shelbi Rombout.
Location: Atlanta, GA

SecurityON is a multi-year endeavor and consists of multiple projects to establish world class security, transform corporate culture to the culture of security, and to leverage a rich startup culture with the financial backing of the 4th largest bank in the United States. Borrowing from Elavon’s 2014 branding, BusinessON, and sharing the word “ON” from ElavON, the name SecurityON was chosen to inspire the organization towards a common shared vision to be world class.


Enterprise Vulnerability Management Program
Executive Sponsor: Jenna Gallagher, Senior Manager: Vulnerability Manager and Operational Assurance, PayPal
Location: Phoenix, AZ

Supporting the high-profile $50B eBay and PayPal split necessitated creating a fully self-contained infrastructure. To ensure worldwide data integrity and a secure environment, a decision was taken to implement a comprehensive vulnerability management process to minimize risk for the organization both during and after the transition. Blending technology and business considerations, the project culminated in the creation of a set of tiered remediation processes, full governance protocols, compensating controls, and SLAs. Deployed across a 130,000+ IP address infrastructure that was still being built, the project was completed on time despite executives slicing the time allocated to the phase by 70%.

suntrust
DR Next Project
Project Team: Mike Cook – Delivery Manager, Mary Simpkins – Project Manager, Mike Patel – BCRS Program Manager, and Richard McClure – BCDR Program Manager
Location: Atlanta, GA

DR Next supports a 5 year Business Continuity Program (BCP) Renovation roadmap addressing key deficiencies in response to a 2011 Federal MRA. The program was renovated to effectively comply with required supervisory guidance and provide assurance of essential recovery capabilities. It also heightens the recovery preparedness and operational excellence through broader testing, infrastructure flexibility, and administration optimization. DR Next key elements, including end-to-end transactional testing capabilities, consolidation of standards, application level recovery, and extended accessibility to DR environments were delivered. The bank’s overall risk management posture significantly improved resulting in closure of the 2011 MRA following an August 2015 Federal ECM audit.