The ISE® North America Leadership Summit and Awards was held November 13-14, 2019 at the InterContinental Chicago Magnificent Mile in Chicago, IL. The awards recognized the information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security.
The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions.
Unique to the ISE® North America Awards, both executive and project divisions offer recognition within industry classification, including Commercial, Financial Services, Health Care and Academic/Public Sector.
ISE® North America Executive: Academic/Public Sector Award Winner 2019
Erik Decker
Chief Information Security & Privacy Officer
The University of Chicago Medicine
ISE® North America Executive: Academic/Public Sector Award Winner 2019
Biography
ISE® North America Executive: Commercial Award Winner 2019
Kim Keever
CISO and Senior Vice President of Security, Analytics & Technology Services
Cox Communications
ISE® Southeast Executive Award Winner 2019
ISE® North America Executive: Commercial Award Winner 2019
Biography
ISE® North America Executive: Financial Award Winner 2019
Marc Crudgington
CISO, SVP Information Security
Woodforest National Bank
ISE® Central Executive Award Finalist 2019
ISE® North America Executive: Financial Award Winner 2019
Biography
ISE® North America Executive: Health Care Award Winner 2019
Mark Leary
CISO
Regeneron Pharmaceuticals
ISE® Southeast Executive Award Winner 2010
ISE® Northeast Executive Award Winner 2019
ISE® North America Executive: Health Care Award Winner 2019
Biography
ISE® North America Project: Academic/Public Sector Award Winner 2019
AWS at Emory
Executive Sponsor: Rich Mendola, CIO
Project Team: Rich Mendola (Sr. Vice Provost and CIO), Brad Sanford (CISO), Steve Wheat (Chief IT Architect), Marc Overcash (Deputy CIO), John Ellis (Deputy CIO), John Connerat (Director), Joanna Green (Chief Business Officer), Paul Peterson (Cloud Engineer IV), Circe Tsui (Associate Director), Windell Cochran (Program Manager), Jimmy Kincaid (Communications Architect IV), Wayne Ortman (Director, Network Services), Amir Ali (Associate Director, Network Services), Nayef Smith (Manager, Network Monitoring), Alex Berry (Senior Network Analyst/Tech), Derrick Kelly (Lead Network Engineer), Dorian Hyndman (Manager, Network Engineering), Stephen Bottinelli (Senior Network Analyst/Tech), Tod Jackson (Technical Lead, IT Architecture), Tom Cervenka (Software Engineer IV), Kevin Hale Boyes (Software Engineer, Surge), Steve Brodeur (Software Engineer, Surge), Josh Vanderlinden (Software Engineer, Surge), Henry Lai (Software Engineer, Surge), Marc Nuar (Coordinator, Surge), Namrata Kakade (QA Engineer, Surge), Monica Crubezy (Director, Research Informatics), Sriram Chari (Director, IT Operations), Geoffrey Cestaro (Information System Analyst II), Chris Riddle (Cloud Solutions Engineer III), Patrick Maloney (Manager, Information Technology), Matt Hodgson (Manager, IT Services Management), Jeffrey Munyao (Lead Applications Dev/Analyst), Kevin Chen (Senior Manager, Information Technology), Yannan Lu (Enterprise Middleware Admin III), Keith Long (Enterprise Middleware Admin IV), Rohith Mandala (Enterprise Middleware Admin II), Alex Tudor (Enterprise Middleware Admin III), John Wang (Enterprise Middleware Admin IV), Joel Burke (Enterprise Middleware Admin IV), Kelly Bray (Applications Dev/Analyst IV), Richard Xing (Applications Dev/Analyst IV), Jamalh Lagrone (Enterprise Messaging Systems Engineer), Andy Efting (Manager, Enterprise Security), Derek Spransy (Manager, Enterprise Security), Zach Cox (Security Analyst II), George Wang (Software Engineer)
Location: Atlanta, GA
The Amazon Web Services at Emory (AWS at Emory) was an effort to create a secure cloud computing environment to serve as Emory University’s preferred and recommended cloud service for faculty-led computational needs. The service provides access to Amazon’s cloud computing services, including computing, storage, database, etc. within an environment that incorporates enhanced security controls to help ensure the safety and security of each cloud workload. The service is a multi-mission platform that can facilitate the advancement of science, education, and service across the University.
ISE® North America Project: Commerical Award Winner 2019
CyberSplash
Executive Sponsor: Joseph Gallagher, Sr. Director, Cybersecurity Governance, Risk and Compliance
Project Team: Patrick McGranaghan (Manager, Cybersecurity Awareness and Education), Matthew Markowitz (Sr. Analyst, Cybersecurity Awareness and Education), Laurence Ginsburg (Project Manager, Cybersecurity), Jayson Hurd (Principal Architect), Eric Sundberg (Sr. Architect), Brad Hein (Sr. Manager, Security Development), Alex Wheeldon (Security Developer), Teague Reese (Analyst 3, Cybersecurity Awareness and Education)
Location: Philadelphia, PA
CyberSplash is a cybersecurity education game that's transforming Comcast security at the employee level. The game provides fun, bite-sized, incentivized daily training to help employees better understand and remember cybersecurity concepts and practices. Employees can play on their company-issued computers and mobile devices. Each day, players face a new one-minute challenge. Correct answers earn badges, higher rankings on the leaderboard, and the opportunity to play for Splash Cash (in-game currency that can be redeemed for game enhancements). CyberSplash uses game elements to reward people for educating themselves and is revolutionizing Comcast's information security posture.
ISE® North America Project: Financial Award Winner 2019
SecurIT First
Executive Sponsor: Ron Green, Chief Security Officer
Project Team: Tim Taylor (Vice President, Project Management), David King (Vice President, Vulnerability Management), Poonam Verma (Vice President, Information Security Operations), Eric Gunn (Senior Analyst, Vulnerability Management), Donna Mattingly (Consultant, Project Management), Travis May (Director, Learning & Development), Brian Kruse (Director, Vulnerability Management), Jenn deBerge (Director, Communications), Tim Fowler (Manager, Vulnerability Management)
Location: O'Fallon, MO
While security systems can be programmed to safeguard exactly what we need them to protect, we cannot program the human. Mastercard created the SecurIT First education awareness program to foster a security mindset and encourage behaviors that will reduce risk. This custom program was also designed to meet compliance and legal requirements.
ISE® North America Project: Health Care Award Winner 2019
Cyber-Immune Project
Executive Sponsor: Mark Leary, CISO
Project Team: Enoch Long (Cyber Ops Director), Shah Nawaz (Cloud & Data Center Engineering Director), Bhawesh Choudhary (Solution Design & Architecture Director)
Location: Tarrytown, NY
Regeneron’s “Cyber-Immune” project is the use of Robotic Process Automation to orchestrate defensive actions against cyber-attacks. In an increasingly interconnected world, infectious diseases can spread more quickly than in the past, seriously affect our health, and require new treatments that are safe, effective and easily deployed. Much like Regeneron’s focus to treat human infections, Cyber-Immune’s objective is to quickly identify, treat, and resolve malware attacks, such as viruses, with a solution that is automatic and can scale to address even the largest infections. The idea is a cyber-immune infrastructure is a self-healing system that adapts to environmental threats.
ISE® North America People's Choice Award Winner 2019
Amanda Fennell
Chief Security Officer
Relativity
ISE® Central People's Choice Award Winner 2019
ISE® North America People's Choice Award Winner 2019
Biography
ISE® North America ISE® Luminary Leadership Award Winner 2019
Wes Knight
Chief Information Security Officer
Georgia Department of Revenue
ISE® Southeast People's Choice Award Winner 2018
ISE® Luminary Leadership Award Winner 2019
Biography
ISE® North America Executive: Commercial Award Finalists 2019
John Kirkwood
VP IT, Chief Information Risk and Security Officer
Albertsons Companies
ISE® West Executive Award Finalist 2018
ISE® West Executive Award Finalist 2019
ISE® North America Executive: Commercial Award Finalist 2019
Biography
Tammy Klotz
Director of Information Security
Versum Materials
ISE® Northeast Executive Award Finalist 2019
ISE® North America Executive: Commercial Award Finalist 2019
Biography
Dwaine Omyer
Vice President, Digital Security Organization
T-Mobile
ISE® West Executive Award Finalist 2019
ISE® North America Executive: Commercial Award Finalist 2019
Biography
ISE® North America Executive: Financial Award Finalists 2019
Kevin Gowen
Chief Information Security Officer
Synovus
ISE® Southeast Executive Award Finalist 2019
ISE® North America Executive: Financial Award Finalist 2019
Biography
Ricardo Lafosse
CISO
Morningstar, Inc.
ISE® Central Executive of the Year Award Winner 2019
ISE® North America Executive: Financial Award Finalist 2019
Biography
ISE® North America Executive: Health Care Award Finalists 2019
Jairo Orea
Chief Information Security Officer
Kimberly-Clark
ISE® Central Executive Award Finalist 2019
ISE® North America Executive: Health Care Award Finalist 2019
Biography
Scott Pettigrew
VP, Chief Security Officer
HMS
ISE® Central Executive Award Finalist 2014
ISE® North America Executive: Health Care Award Finalist 2014
ISE® Central People's Choice Award Winner 2015
ISE® Central Executive Award Winner Finalist 2015
ISE® Central Executive of the Year Award Winner 2016
ISE® Central People's Choice Award Winner 2016
ISE® North America Executive: Health Care Award Finalist 2016
ISE® North America Executive: Health Care Award Finalist 2017
ISE® North America Executive: Health Care Award Finalist 2019
Biography
ISE® North America Project: Academic/Public Sector Award Finalists 2019
Higher Education Cloud Vendor Assessment Tool (HECVAT)
Executive Sponsor: Jon Allen, Chief Information Security Officer & Interim Chief Information Officer, Baylor University
Project Team: Joshua Callahan (Information Security Officer and CTO, Humboldt State University), Susan Coleman (Peer Assessment Program Mgr./Lead Security Analyst, REN-ISAC), Charles Escue (Extended Information Security Manager, Indiana University), Brian Kelly (Director, Cybersecurity Program, EDUCAUSE), Nick Lewis (Program Manager – Security and Identity, Internet2)
Location: Waco, TX
The Higher Education Cloud Vendor Assessment Tool (HECVAT) project attempts to generalize higher education information security questions and issues regarding cloud services for consistency and ease of use. This enables sharing of information in the community to save each other time and speed the adoption of cloud services. The HECVAT group is a community project collaborating with EDUCAUSE, Internet2, and the REN-ISAC providing support. The work group is made up of a core team with sub-working groups with volunteers working on specific aspects of the project that the community has identified as a need and prioritized for deliverables for the community.
SecureUVA
Executive Sponsor: Virginia Evans, Chief Information Officer (CIO)
Project Team: Virginia Evans (CIO), Dana German (Deputy CIO), Jason Belford (CISO), Michael Grinnell (Deputy CISO), Brian Davis (Director, IS Operations), Chris Ledvina (Director, IT Service Mgmt), Christy Joseph (Security Engineer), Claire LaBar (Communications Specialist), Clayton Lockhart (AVP, Enterprise Infrastructure), Cory Brant (Policy Analyst), Dale Dew (Project Manager), Dave Strite (AVP, User Experience & Engagement), Jasmin Perez (Communications Specialist), Jeff Collyer (Security Engineer), Jeremy Kong (InfoSec Analyst), Keith Donnelly (Director, Enterprise and Cloud Platforms), Keith Gearhart (Project Manager), Keith Moores (Director , Network, Telephony & Video Services), Kara Beth Glover (Fiscal Operations and Strategic Planning Analysis), Kelly Downey (Education & Awareness Sr. Analyst), Kris Celeste (Communications Specialist), Kylie Cuthbertson (InfoSec Liaison), Laura Drummond (Communications Specialist), Lucas Reynard (InfoSec Analyst), Marc Perdue (InfoSec Liaison), Margaret Gokturk (Sr. Policy Analyst), Marty Peterman (InfoSec Analyst), Michael Higginbotham (Project Manager), Ron Withers (Supervisor, Network Engineering), Sandy German (Director, Customer Communications & Outreach), Shana Fabio (Project Manager), Stacy Sties (InfoSec Liaison), Susie McCormick (AVP, Finance & Administration), Ted Gayle (Local Support Person Coordinator), Tim Tolson (Director, IT Policy), Tony Townsend (InfoSec Analyst), Tracy Smith (Director, Service Support Operations)
Location: Charlottesville, VA
As a result of a 2015 cyber breach, the UVA Board of Visitors authorized a funding package for a project to enhance the University’s information security program. SecureUVA, the name given to this initiative, was comprised of three dozen subprojects carried out over a three-year period. The goal of SecureUVA was to fundamentally decrease the cyber risk to the University’s data and IT resources through a combination of protection, detection, and response.
ISE® North America Project: Commercial Award Finalists 2019
The Storm Threat Analytics Platform
Executive Sponsor: Brian Rexroad, VP, Security Platforms
Project Team: Cynthia Cama (AVP, Technology Security), Joe Harten (Director, Technology Security), Dan Sheleheda (Lead, Technology Security), James Pace (Principal Member of Tech Staff), Josh Anderton (Principal Technology Security), Steven Buznitsky (Principal Member of Tech Staff)
Location: Bedminster, NJ
The Storm threat analytics platform collects, processes and stores security data for AT&T’s internal enterprise. Its mission is to protect AT&T’s networks, employees and assets through security analysis. The Distributed Streaming Analytics (DSA) component provided the ability for Storm to use Open Source streaming technology to ingest and alarm on key security data in near-real time.
Identify, Credential, and Access Management (ICAM)
Executive Sponsor: Dwaine Omyer, Vice President, Digital Security
Project Team: Koveh Tavakkol, Sr. Manager, Bob Lynn, Sr. Enterprise Information Security Manager, Anya Simonova, Project Manager, Deepak Mathur (Project Manager), Tony Huemiller (Sr. Manager), John Charlton (Manager), Jeff Colorossi (Sr. Manager), Dave Krueger (Principal Engineer), Aakash Tiwari (Sr. Engineer)
Location: Bellevue, WA
ICAM provides technology leadership, guidance, and governance for identity management products and capabilities at T-Mobile. Critical business objectives include identity management maturity, scalability, technology rationalization, operational effectiveness, and cost savings through a common strong-authentication customer experience. ICAM empowers identity risk through strong management controls, authentication, privileged access management, and access governance. The project implements an Un-carrier approach to digital security through the integration of all enterprise platforms to centralize identity controls. This allows toolset rationalization and expanded identity access management (IAM) capabilities ensuring full utilization of key technology platforms.
ISE® North America Project: Financial Award Finalists 2019
AccessHub
Executive Sponsor: Raghu Dev, Director – Identity and Access Management (IAM)
Project Team: Stan Sadykov (Architect), Angelo Cascio (VP – IAM), Maureen Granger, Harikishen Krishnanath, Indiran Thirumani
Location: New York, NY
AccessHub is a next-generation, centralized Identity and Access Management (IAM) implementation that aims to streamline IAM process (request, approvals, certifications, SoDs), with a focus on providing transparency, reducing risk and also providing a seamless user experience. It is a “one-stop” shop for all IAM Services: Requests, Approvals, Transfer, Provisioning, De Provisioning, Certifications, SoDs and Reconciliation. Users, managers, and access approvers will use the AccessHub user interface via an integrated Single Sign-on (SSO) feature to search a catalog, submit access requests, approve access requests for all required approval steps, and search/view the status of an access request.
Equifax Access Management Transformation
Executive Sponsor: Ganesh Krishnakumar, SVP, Identity and Access Management
Project Team: Todd Oxford (Sr. Director, Access Management), Nishad Sankaranarayanan (Sr. Director, IAM Architecture), Jaikumar Kovilakathum Parambil (Sr. IAM Architect).
Equifax made a commitment to transforming technology and security into industry-leading capabilities, investing an incremental $1.25 billion over three years. As part of the transformation, the Identity and Access Management team completed an ambitious project to create a centralized access management platform for seamless and secure authentication experiences for Equifax users globally. Over a 12-month period, the team built a centralized platform and implemented global solutions including upgrading MFA and migrating applications to a centralized SSO platform. Additionally, the team is sharing lessons learned from the project to drive a global conversation about a future with “no more passwords.”
ISE® North America Project: Health Care Award Finalists 2019
Quack Attack: Aflac’s Attack Emulation Program
Executive Sponsor: Tim Callahan, Senior Vice President, Global Security Officer
Project Team: DJ Goldsworthy (Director, Security Operations & Threat Management), Ben Harbin (Manager, Threat Management), Brad Allison (Manager, Enterprise Vulnerability Management), Steve McIntosh (Sr. Manager, Security Operations)
Location: Columbus, GA
Aflac’s Global Security Division recognizes the importance of effective security controls in today’s cyber environment. Unfortunately, as threats evolve security controls have trouble keeping up with the change. To avoid succumbing to the latest cyber-criminal scheme, Aflac established an attack emulation program: vCAST. This program combines cross functional teams with a security instrumentation platform to safely test the effectiveness of network, endpoint, and cloud controls using at-scale, real-world scenarios. Through such demonstration, Aflac’s Global Security team is able to clearly define an average time to defend against real attacks—thus highlighting opportunities to bolster capabilities and reduce the exposure window.
Project Mars
Executive Sponsor: Umesh Yerram, Chief Data Protection Officer
Project Team: Kumar Chandramoulie (Senior Director – Cyberdefense, Threat Intel and Vulnerability Mgmt), Cameron Hatzmann (Cybersecurity Intel and Forensics Lead), Marcus Guidry (Threat Intel Specialist), Vu Chu (Threat Intel Analyst), Mark Sakoian (Command Center Lead), Syed Ali (Cyber Operations Analyst), Nora Owulezi (Cybersecurity Analyst), Griffin Pasik (Cybersecurity Analyst), Samuel Stafford (Cybersecurity Analyst)
Location: Chesterbrook, PA
Not all threats are equal. Our Cyber Command Center required a better detection of post-compromise cyber adversary behavior. Unfortunately, Persistent threats takes many forms, from nation-state sponsored activities to intellectual property theft, to financially motivated actions. Project Mars is our next generation predictive Intel driven Cyber operations. Project Mars is developed by integrating Predictive Threat Intelligence, Forensics, Dark Web Crawling and threat hunt on our own Cyber Precog (SIEM) which ingests 1 Billion plus events a day from 45 data sources. Focusing on offensive Cybersecurity, we today ingest and analyze over 100 plus threat intelligence feeds, adopted MITRE Attack framework to hunt on our environment inclusive of threat actor TTP’s. Project Mars supports in detecting Nation State attacks, Insider threats, malicious activities and Frauds.
Business Resilience – Changing the Culture from Continuity to Resilient Enterprise
Executive Sponsor: Scott Pettigrew, VP and Chief Security Officer
Project Team: George Macrelli, Latasha Robinson, Tosha Terry-Lee
Location: Irving, TX
From Integration, to Automation, Compliance to Communication, the HMS Business Resilience Program is an integrated enterprise wide program that applies automation for monitoring world events, including HMS infrastructure technology, such as, servers, networks, and assets. It provides consistent Change Monitoring and Management by automating the updating of infrastructure changes for our Business Impact Analyses and Recovery Procedures. It allows us to demonstrate compliance with HITRUST, ISO, and SOC frameworks, which ensures the standardization of control information. This cultural shift positioned HMS in pursuing a ‘Resilient Enterprise’ designation from an international Continuity Program leader.