The ISE® North America Leadership Summit and Awards were held November 15-16, 2017 at the Marriott Marquis Chicago in Chicago, IL. The awards recognize the information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security.
The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions.
Unique to the ISE® North America Awards, both executive and project divisions offer recognition within industry classification, including Commercial, Financial Services, Health Care and Academic/Public Sector.
ISE® North America Executive: Commercial Award Winner 2017
Michael Mangold
Vice President – Information Security
Tractor Supply Company
ISE® North America Executive: Commercial Award Winner 2017
Biography
ISE® North America Executive: Academic/Public Sector Award Winner 2017
David Evans
Systems Security & Research Officer
San Bernardino County Superintendent of Schools
ISE® West People's Choice Award Winner 2017
ISE® North America Executive: Academic/Public Sector Award Winner 2017
Biography
ISE® North America Executive: Health Care Award Winner 2017
Mignona Cote
Chief Security Officer
NetApp
ISE® Central People's Choice Award Winner 2017
ISE® Central Executive Award Finalist 2017
ISE® North America Executive: Health Care Award Winner 2017
Biography
ISE® North America Executive: Financial Award Winner 2017
Pritesh Parekh
VP & Chief Security Officer
Zuora
San Francisco, CA
ISE® West Executive Award Finalist 2016
ISE® North America Executive: Commercial Award Finalist 2016
ISE® West Executive Award Finalist 2017
ISE® North America Executive: Financial Award Winner 2017
Biography
ISE® North America Project: Commercial Award Winner 2017
Cyber Value at Risk
Executive Sponsor: Myrna Soto, Corporate SVP Chief Technology Risk Officer & Global CISO, Comcast
Project Team: Chuck Hudson, Executive Director
Location: Philadelphia, PA
Comcast’s Cyber Value at Risk program, executed using Bay Dynamics’ Risk Fabric platform, enables the company to continuously protect its most valued assets (data, systems and applications) by quantifying the impact of cyber risk based on actual threat and vulnerability data in the environment, and then prioritizing mitigation actions based on those activities that directly address the established risks. The platform automatically delivers relevant threat and vulnerability information to an array of stakeholders responsible for the involved mitigation and continuously measures how much risk is being reduced due to the actions taken. Importantly, Risk Fabric better enables the security team to direct their fixed resources at the most important, and potentially costly, exposures.
ISE® North America Project: Academic/Public Sector Award Winner 2017
Duo Two Factor Authentication Project
Executive Sponsor: Brad Sanford, CISO, Emory University
Project Team: Michael Chilcott, Sr. Security Specialist, Andy Efting, Manager, Elliot Kendall, Sr. Security Specialist, Vinh Nguyen, Security Specialist, Brad Sanford, CISO, Derek Spransy, Manager, Anne Marie Alexander, Sr. Manager, Joel Burke, Middleware Admin IV, Chris Alexander, Systems Admin IV, Darrell Durggin, Systems Admin IV, James Reed, Lead, Danny Bridges, Applications Integrator, Michael (Mo) Davidson, Manager, Kaven Moodley, Manager, Daniel Palmer, Applications Integrator, Dean Schuh, Manager, Vince Tran, Applications Integrator, Tom Vincent, Manager, Beth Broyles, Director, Lionel Clark, Assistant Director, Tom Kiel, Enterprise Solutions Architect, Natalie Mallard, Assistant Director, John Steskal, Virtualization Architect, Graydon Kirk, Project Manager II, Haniya Vaid, Project Manager, Gerry Hall, Middleware Admin III, Rose Harris, ITSM Specialist II, and Belinda Maaskant, Senior Manager
Location: Atlanta, GA
Emory’s Duo Two Factor Authentication Project was an aggressive effort to deploy two factor authentication to the entire Emory user community consisting of nearly 80,000 faculty, staff, students, and affiliated users, and to require the use two factor authentication for access to multiple enterprise class applications including VPN, Office 365, PeopleSoft Student, PeopleSoft HR, PeopleSoft Finance, Citrix Virtual Desktop, and Emory’s Shibboleth web single sign-on solution.
ISE® North America Project: Health Care Award Winner 2017
Distributed Controls: Managing Security differently Across 15 Organizations
Executive Sponsor: Jim Routh,Chief Security Officer, VP of Global Security, Aetna
Project Team: Mignona Cote - SR Director, Information Security, CISO PayFlex; CISO Phoenix Data Center Services, Jeannette Rosario, Directory, Global Security, Karen Barlow, Program Business Analyst, Glenda Lopez, Sr. Information Security Engineer
Location: Hartford, CT
As daunting as securing a Fortune 50 company, adding fourteen independently operated affiliates (subsidiaries) to the mix, stretches leadership and innovation. Resiliency to market demands, continuous change in threats and fourteen completely different companies ranging from financial services, international markets and consumer healthcare forces the Global Security Officer to manage fourteen security programs uniquely while leveraging core Aetna techniques and solutions. At Aetna, a model was developed to identify risks, measure maturity and implement solutions maintaining the unique DNA of each company while assuring the security as they operate within the boutique styles required for competitive advantage and speed to market.
ISE® North America Project: Financial Award Winner 2017
The Vulnerability Scoring Model (VxSx) Project
Executive Sponsor: Rohan Amin, Global CISO, JPMorgan Chase & Co.
Project Team: Dave Robinson – Managing Director, Martin Dawson – Executive Director, Venkat Seshadri – Executive Director, Graham Hill – Vice President, Andy Graham – Vice President
Location: New York, NY
Today organizations are faced with the constant threat of exploit through vulnerabilities in underlying technologies. As hardware and software vulnerabilities are discovered, firms have traditionally prioritized remediation efforts based solely on the criticality rating of the vulnerability. In a complex enterprise environment such as JPMorgan Chase, this approach falls short as it fails to consider business context of the targeted assets. The Vulnerability Scoring Model combines the criticality of the vulnerability (Vx) within the context of business impact at JPMorgan Chase (Sx) to quantify risk and set an informed, targeted remediation path.
ISE® North America People's Choice Award Winner 2017
Mignona Cote
Chief Security Officer
NetApp
ISE® Central People's Choice Award Winner 2017
ISE® Central Executive Award Finalist 2017
ISE® North America Executive: Health Care Award Winner 2017
Biography
ISE® North America Luminary Leadership Award Winner 2017
Peter Tippett
Founder & CEO
Healthcelerate
ISE® Luminary Leadership Award Winner 2017
ISE® North America Executive: Commercial Award Finalists 2017
Moriah Hara
CISO Board Advisor
Clearsky Fund-and Glilot Capital
ISE® Northeast Executive Award Finalist 2017
ISE® North America Executive: Commercial Award Finalist 2017
Biography
John Kelly
SVP and Global CISO
Elsevier
ISE® North America Executive: Commercial Award Finalist 2017
Biography
ISE® North America Executive: Health Care Award Finalists 2017
Joey Johnson
CISO
Premise Health
ISE® Southeast Executive of the Year Award Winner 2017
ISE® North America Executive: Health Care Award Finalist 2017
Biography
Roy Mellinger
Vice President & Chief Information Security Officer
Anthem, Inc.
ISE® Central Executive of the Year Award Winner 2017
ISE® North America Executive: Health Care Award Finalist 2017
Biography
Scott Pettigrew
VP, Chief Security Officer
HMS
Irving, TX
ISE® Central Executive Award Finalist 2014
ISE® North America Executive: Health Care Award Finalist 2014
ISE® Central People's Choice Award Winner 2015
ISE® Central Executive Award Winner Finalist 2015
ISE® Central Executive of the Year Award Winner 2016
ISE® Central People's Choice Award Winner 2016
ISE® North America Executive: Health Care Award Finalist 2016
ISE® North America Executive: Health Care Award Finalist 2017
ISE® North America Executive: Health Care Award Finalist 2019
Biography
ISE® North America Executive: Financial Award Finalists 2017
Rohan Amin
Global CISO
JPMorgan Chase & Co.
ISE® Northeast Executive of the Year Award Winner 2017
ISE® Northeast People's Choice Award Winner 2017
ISE® North America Executive: Financial Award Finalist 2017
Biography
Craig Froelich
Chief Information Security Officer
Bank of America
ISE® North America Executive: Financial Award Winner 2016
ISE® Southeast Executive of the Year Award Runner Up 2017
ISE® North America Executive: Financial Award Finalist 2017
Biography
Jason Witty
Managing Director, Global Chief Information Security Officer
JPMorgan Chase & Co.
ISE® Central People's Choice Award Winner 2014
ISE® North America People's Choice Award Winner 2014
ISE® North America Executive: Financial Award Finalist 2017
ISE® Central Executive of the Year Award Winner 2018
ISE® Central People's Choice Award Winner 2018
Biography
ISE® North America Project: Commercial Award Finalists 2017
Next Generation Single Sign-On Program
Executive Sponsor: JoAnn Velez, Director, Electronic Security, Seagate Technology
Project Team: Hardik Sancheti (Senior Manager, Identity Management Infrastructure), Michael Hunter (Senior Manager, eSecurity), and Ragini Ramalingam (eSecurity Program Manager)
Location: Cupertino, CA
The NextGen Single Sign-On (SSO) program replaced Seagate’s previous SSO infrastructure to support Seagate’s zero trust security model. The project was necessary because the previous SSO infrastructure was vulnerable to a malicious insider who could acquire users’ SSO cookie in a “watering hole” attack. The project replaced Seagate’s SSO infrastructure with a secure platform that supports risk-based authentication and robust federation. The infrastructure was deployed across two data centers and two disaster recovery sites and included migrating over 150 applications and 50 federations (SSO across two or more domains / companies) with positive impact to Seagate’s business.
OneOps Security Framework
Executive Sponsor: Adam Ely, Vice President & Deputy CISO, Walmart
Project Team: Flavio Domingos, Luis Ocegueda, Brian Fennimore, Sruthin Parayil, Bhaskar Annamalai, Lev Khusid, Khushboo Lohia, and Niyati Gandhe
Location: San Francisco, CA
Walmart operates one of the largest cloud environments and leverages the open source tool OneOps to manage applications and operating systems. The OneOps Security Framework is an integration that allows applying security best practices and configurations to any application or operating system automatically at deployment to save time while meeting security and compliance requirements. The OneOps security framework is available to all industry users of OneOps through WalMart’s open source initiate.
ISE® North America Project: Health Care Award Finalists 2017
Threat Intelligence System (TIS)
Executive Sponsor: Tim Callahan, SVP, Chief Information Security Officer, Global Security, Aflac
Project Team: DJ Goldsworthy – Director, Threat Intelligence, John D’Agostino – Threat Management Consultant, James Harris – Sr. Threat Management Consultant, Gareth Williams – Sr. Threat Management Consultant, Joshua Staples – Threat Management Engineer, Stephen McCamy – Sr. Threat Management Consultant, Ben Harbin – Sr. Threat Management Consultant
Location: Columbus, GA
In response to the increase in volume and velocity of new threats, Aflac embarked upon a mission to create a custom-built TIS that would be capable of consuming large amounts of threat data and, in turn, use that data to protect the environment and inform security decisions. Aflac built a system that not only tackles the daily operational feed of threat data, but provides key process automation and allows for system integration into the current security infrastructure for maximum use of the data.
Project Gateway
Executive Sponsor: Mike Towers, VP, CISO, Allergan
Project Team: Vadim Parizher – Exec Dir, Enterprise Architecture – Leadership/Design, Bill Thornton – VP, R&D/HR IT – HR, Sandy Dalal – Director, I&AM Services – I&AM, Elma Benevenga – Program Mgt, Dan Coan – Infrastructure, Gigi Lai – Data Management
Location: Rockaway, NJ
After 30+ acquisitions and divestitures in a 3 year period, the team at Allergan sought to completely rebuild, from the ground up, their entire identity & access management platform. This also included updating associated business processes for new hires onboard, contingent worker onboarding, baseline entitlements, provisioning/deprovisioning and access request/approval. Rather than pick an existing, incumbent solution and migrate over, the Allergan team decided to basically throw everything away and start over.
Next Generation Authentication
Executive Sponsor: Talvis Love, SVP eCommerce, Enterprise Architecture & CISO, Cardinal Health
Location: Dublin, OH
A significant number of high profile security breaches have occurred recently, primarily due of stolen identities, causing a negative impact on reputation of the organization and resulting in huge financial penalties. In response to these threats, a comprehensive and layered approach to security and authentication is required to protect sensitive information and systems. The Next Generation Authentication project implemented a multi-factor authentication solution to address gap of identities being compromised and securing access to Cardinal Health’s applications and network.
[A.M.O.S.] Asset Management on Steroids
Executive Sponsor: Scott Pettigrew, VP, Chief Security Officer, HMS
Project Team: Scot Miller, Vice President, CISO, Kory Anderson, Manager, Security Operations, Sidd Kunche, Sr. IT Project Manager
Location: Irving, TX
Identity is the foundation of security. Without identifying the assets in their institution, leaders are forced to make generalized assumptions to apply security as a blanket instead of using a risk-based approach. An oversimplified view of asset management establishes a CMDB (Configuration Management Database), but AMOS (Asset Management on Steroids) goes beyond this by ensuring consistency of information for risk management, business operations reporting, and procurement services. This is not a “one-and-done” project. AMOS is a program that forces groups to document their processes, eliminate information silos, and establish standards. Ultimately, HMS will lower risk, save money, and meet compliance objectives.
ISE® North America Project: Financial Award Finalists 2017
Going Agile, Securely
Executive Sponsor: Todd Fennell, VP, Information Security, American Express
Location: Phoenix, AZ
Cloud services are an integral part of American Express’s IT strategy – especially for their move to an agile development methodology. Security needed to support the business by enforcing cloud security policies globally and providing a secure collaboration solution. By implementing a cloud access security broker (CASB), American Express tangibly reduced their risk from Shadow IT and securely enabled a standard cloud-based collaboration platform for thousands of developers.
The Cybersecurity Service Desk
Executive Sponsor: Rohan Amin, Global CISO, JPMorgan Chase & Co.
Project Team: Vincent Infantino (Cybersecurity Service Delivery), John Wyatt (Service Desk Manager, Chelsea Weng (Generalist), John Rafer (Generalist), Simon Ahsan (Generalist), James Kho (Generalist), Michael Bobby (Performance and Metrics)
Location: New York, NY
JPMorgan Chase continues to make Cybersecurity awareness a priority, and as a worldwide leading financial services firm, an innovative approach has been adopted to ensure that Cybersecurity is at the forefront of every employee’s considerations. Through the Cybersecurity Service Desk project, the firm created an internal tool for employees that serves as a single point of contact providing educational materials about cyber safety, ways for employees to get help for cyber-related questions or incidents and enabling an easy way for employees to escalate issues.