ISE® North America Project Award Nominees 2019

Academic/Public Sector Category


360-Degree Cybersecurity
Executive Sponsor: Branndon Kelley, Senior VP & Chief Information Officer (CIO)
Project Team: Jared Price (CTO), Stephen Ivanko (Manager of Cyber Security), Steven Nusser (Senior Systems Administrator – Cyber Security)
Location: Columbus, OH

Cyberattacks are a growing challenge for the energy industry, potentially compromising critical infrastructure. Geopolitical disruption and monetary gain are powerful motivators. American Municipal Power (AMP), a nonprofit wholesale power supplier and services provider, set out to create 360-degree cybersecurity. AMP had invested heavily in perimeter and endpoint security, but Branndon Kelley, AMP’s CIO, knew that if an attacker bypassed its carefully crafted defenses, the threat would be hidden. AMP wanted to detect insider threats faster and with less effort.


City of Boston’s Identity Governance Program - Access Boston
Executive Sponsor: Greg McCarthy, CISO
Project Team: Gretchen Grozier (Project Manager for Identity and Access Management)
Location: Boston, MA

The City of Boston’s identity program was operating on a partially completed Oracle IDM infrastructure. A lot of customization had been done making upgrades too difficult to complete and the product was nearing end of life support. Outages and a lack of dedicated staff meant the city needed a secure and stable identity governance platform.

The city chose SailPoint for its new identity management platform to help enhance user experience, minimize the duplication of effort through streamlined provisioning and deprovisioning, and improve the security posture through effective and efficient identity lifecycle management, access control and account auditing.


AWS at Emory
Executive Sponsor: Rich Mendola, CIO
Project Team: Rich Mendola (Sr. Vice Provost and CIO), Brad Sanford (CISO), Steve Wheat (Chief IT Architect), Marc Overcash (Deputy CIO), John Ellis (Deputy CIO), John Connerat (Director), Joanna Green (Chief Business Officer), Paul Peterson (Cloud Engineer IV), Circe Tsui (Associate Director), Windell Cochran (Program Manager), Jimmy Kincaid (Communications Architect IV), Wayne Ortman (Director, Network Services), Amir Ali (Associate Director, Network Services), Nayef Smith (Manager, Network Monitoring), Alex Berry (Senior Network Analyst/Tech), Derrick Kelly (Lead Network Engineer), Dorian Hyndman (Manager, Network Engineering), Stephen Bottinelli (Senior Network Analyst/Tech), Tod Jackson (Technical Lead, IT Architecture), Tom Cervenka (Software Engineer IV), Kevin Hale Boyes (Software Engineer, Surge), Steve Brodeur (Software Engineer, Surge), Josh Vanderlinden (Software Engineer, Surge), Henry Lai (Software Engineer, Surge), Marc Nuar (Coordinator, Surge), Namrata Kakade (QA Engineer, Surge), Monica Crubezy (Director, Research Informatics), Sriram Chari (Director, IT Operations), Geoffrey Cestaro (Information System Analyst II), Chris Riddle (Cloud Solutions Engineer III), Patrick Maloney (Manager, Information Technology), Matt Hodgson (Manager, IT Services Management), Jeffrey Munyao (Lead Applications Dev/Analyst), Kevin Chen (Senior Manager, Information Technology), Yannan Lu (Enterprise Middleware Admin III), Keith Long (Enterprise Middleware Admin IV), Rohith Mandala (Enterprise Middleware Admin II), Alex Tudor (Enterprise Middleware Admin III), John Wang (Enterprise Middleware Admin IV), Joel Burke (Enterprise Middleware Admin IV), Kelly Bray (Applications Dev/Analyst IV), Richard Xing (Applications Dev/Analyst IV), Jamalh Lagrone (Enterprise Messaging Systems Engineer), Andy Efting (Manager, Enterprise Security), Derek Spransy (Manager, Enterprise Security), Zach Cox (Security Analyst II), George Wang (Software Engineer)
Location: Atlanta, GA

The Amazon Web Services at Emory (AWS at Emory) was an effort to create a secure cloud computing environment to serve as Emory University’s preferred and recommended cloud service for faculty-led computational needs. The service provides access to Amazon’s cloud computing services, including computing, storage, database, etc. within an environment that incorporates enhanced security controls to help ensure the safety and security of each cloud workload. The service is a multi-mission platform that can facilitate the advancement of science, education, and service across the University.


Justice of the Future
Executive Sponsor: Nicole Keaton Hart, Chief Information Officer
Project Team: Matthew Maierhofer (Assistant Chief Information Officer), Glenn Melendez (Deputy Chief Information Officer), Fulton County CJIS Policy Board, Fulton County Courts, Court Administration, & Court Technology Teams, Fulton County Sheriff’s Office, Fulton County Attorneys
Location: Atlanta, GA

The Justice of the Future program is an initiative designed to address an aging and outmoded technology infrastructure for 40+ Fulton county courtrooms and its dependent systems. It utilizes current and emerging technology to provide solutions for addressing life cycle processes, dated substructures, courtroom inefficiencies, changing communication patterns, standardizations, improved case load management, enhanced evidence presentation systems, improved judicial and juror communications, and digitized record storage systems. Implementation of these technological enhancements mitigate risk, reduce liability, enhance communication platforms and provide long-term economic and cost benefits to Fulton County, its citizens, partners and stakeholders.


Project: Superbowl/System Rebuild
Executive Sponsor: Nicole Keaton Hart, Chief Information Officer
Project Team: Nicole Keaton Hart (Chief Information Officer), Terrence Slaton (Chief Information Security Officer), Samira Brawner (Security Analyst), Dakota Stark (Security Analyst), Trey Thomas (Security Analyst), David Kellum (Security Analyst), Ed Johnson (Cybersecurity Program Manager)
Location: Atlanta, GA

FCIT Cybersecurity secures and defends against threats that would prevent dissemination of technology services and resources within FCG. However, its security systems were woefully inadequate and necessitated immediate and aggressive changes to ensure its cyber safety. FCIT began the process of implementing those changes in 2018. Fast-forward; 2019, Fulton County was host to Superbowl LIII. The pace of change now needed ramped up. FCIT’s network houses one of the most complete, well-equipped WebEOC implementation tools in the country. Fulton County needed to ensure the safety of the application to effectively support a central security platform for a broader audience.


Higher Education Cloud Vendor Assessment Tool (HECVAT)
Executive Sponsor: Jon Allen, Chief Information Security Officer & Interim Chief Information Officer, Baylor University
Project Team: Joshua Callahan (Information Security Officer and CTO, Humboldt State University), Susan Coleman (Peer Assessment Program Mgr./Lead Security Analyst, REN-ISAC), Charles Escue (Extended Information Security Manager, Indiana University), Brian Kelly (Director, Cybersecurity Program, EDUCAUSE), Nick Lewis (Program Manager – Security and Identity, Internet2)
Location: Waco, TX

The Higher Education Cloud Vendor Assessment Tool (HECVAT) project attempts to generalize higher education information security questions and issues regarding cloud services for consistency and ease of use. This enables sharing of information in the community to save each other time and speed the adoption of cloud services. The HECVAT group is a community project collaborating with EDUCAUSE, Internet2, and the REN-ISAC providing support. The work group is made up of a core team with sub-working groups with volunteers working on specific aspects of the project that the community has identified as a need and prioritized for deliverables for the community.


How the State of Arizona Uses a Unique Credit-Score Model for Cyber Risk Management to Reduce Vulnerabilities and Strengthen Statewide Cybersecurity Posture
Executive Sponsor: J.R. Sloan, Interim CIO
Project Team: Owen Zorge (Compliance & Privacy Officer), Jennifer Dvorak (Security Engineer), Dan Wilkins (Security Engineer), Hector Virgen (Security Operations Manager), Owen Zorge (Privacy & Compliance Manager), Chad Tom (Security Engineer), Jason Lednum (Security Engineer), Ken Dworshak (Security Engineer), Ed Yeargain (Security Analyst)
Location: Phoenix, AZ

Arizona is the sixth largest, 14th most populous U.S. state with over 7 million residents. Prior to this project, its 133 agencies lacked the ability to identify security issues statewide or plan to protect against cyber threats. This project describes a novel approach to cyber risk management, a credit-scoring system from RiskSense that significantly strengthened Arizona’s cybersecurity posture. The familiar 350-850 credit score model enables the office of the CISO to evaluate and communicate cyber risk within and across all of its agencies, boards and commissions. It enabled Arizona to avoid serious cyber attacks that impacted other states/enterprises.


SecureUVA
Executive Sponsor: Virginia Evans, Chief Information Officer (CIO)
Project Team: Virginia Evans (CIO), Dana German (Deputy CIO), Jason Belford (CISO), Michael Grinnell (Deputy CISO), Brian Davis (Director, IS Operations), Chris Ledvina (Director, IT Service Mgmt), Christy Joseph (Security Engineer), Claire LaBar (Communications Specialist), Clayton Lockhart (AVP, Enterprise Infrastructure), Cory Brant (Policy Analyst), Dale Dew (Project Manager), Dave Strite (AVP, User Experience & Engagement), Jasmin Perez (Communications Specialist), Jeff Collyer (Security Engineer), Jeremy Kong (InfoSec Analyst), Keith Donnelly (Director, Enterprise and Cloud Platforms), Keith Gearhart (Project Manager), Keith Moores (Director , Network, Telephony & Video Services), Kara Beth Glover (Fiscal Operations and Strategic Planning Analysis), Kelly Downey (Education & Awareness Sr. Analyst), Kris Celeste (Communications Specialist), Kylie Cuthbertson (InfoSec Liaison), Laura Drummond (Communications Specialist), Lucas Reynard (InfoSec Analyst), Marc Perdue (InfoSec Liaison), Margaret Gokturk (Sr. Policy Analyst), Marty Peterman (InfoSec Analyst), Michael Higginbotham (Project Manager), Ron Withers (Supervisor, Network Engineering), Sandy German (Director, Customer Communications & Outreach), Shana Fabio (Project Manager), Stacy Sties (InfoSec Liaison), Susie McCormick (AVP, Finance & Administration), Ted Gayle (Local Support Person Coordinator), Tim Tolson (Director, IT Policy), Tony Townsend (InfoSec Analyst), Tracy Smith (Director, Service Support Operations)
Location: Charlottesville, VA

As a result of a 2015 cyber breach, the UVA Board of Visitors authorized a funding package for a project to enhance the University’s information security program. SecureUVA, the name given to this initiative, was comprised of three dozen subprojects carried out over a three-year period. The goal of SecureUVA was to fundamentally decrease the cyber risk to the University’s data and IT resources through a combination of protection, detection, and response.

Commercial Category


Project Phalanx: Shifting Left in Application Security
Executive Sponsor: Almir Hadzialjevic, VP, Enterprise Risk and Security
Project Team: Jeremy Brooks (Lead Security Engineer, Application Security), Eric Simmons (Developer, Security Champion), David Nolan (Directory, Information Security), Kevin Leclair (Director, Software Engineering), Edwin Deliz (Manager, QA), Anthony Burk (Automation Engineer, QA), Alex Gonzalez (Automation Engineer, QA), Ashley Lee (Manager, Software Engineering), Cliff Jacobson (Manager, Software Engineering), Will Moore (Manager, Development Operations)
Location: Atlanta, GA

The Application Security team at Aaron’s partnered with QA, Development, and Development Operations to create a platform that enables the seamless integration of application security into Aaron’s S-SDLC and development technologies. This initiative focused on delivering faster feedback to the development teams by providing self-service processes and automation that drastically accelerate the discovery and remediation of application security defects.


Information Security Awareness Program Implementation
Executive Sponsor: John Kirkwood, Chief Information Security Officer
Project Team: Frank Steele (Senior Manager Governance & Compliance), Brenda Devine (InfoSec Awareness Analyst), Raj Pyakurel (InfoSec Analyst), Bruce Taylor (InfoSec Analyst)
Location: Phoenix, AZ

A new information Security Awareness Program was built during 2018 and 2019 to build upon the good will established during the 2017 Information Security Awareness month expos held throughout the corporate offices. To help increase the security culture of Albertsons the project team focused on three awareness areas, secure at Work, at Home and on the Road. The new year around program leads with monthly themes, computer-based training, lunch and learn classes, phishing campaigns and culminates with the annual exposition at four corporate campuses.


NIST Cyber Security Framework Maturity
Executive Sponsor: John Kirkwood, Chief Information Security Officer
Project Team: Frank Steele (Senior Manager Governance & Compliance), Justin Smith (Senior Manager Risk Management), Jerry Boyd (Senior Manager Security Transformation), Pep Barrameda (Senior Manager Incidence Response), Neil Pon (Senior Manager Information Security Services), Bruce Taylor (Infosec Analyst)
Location: Phoenix, AZ

The merger between Albertson and Safeway required a new, expanded information Security team be established. Management decided this was an opportunity to “get it right from the start.” The NIST Cyber Security Framework (CSF) controls, principles and objectives were foundational in creation of roles and responsibilities.

Over the past three years, the Information Security program has been assessed by external NIST maturity assessors as well as Internal Audit. The maturity of the Information Security program has continued to dramatically improve with most functions rated at “managed and measurable.” Along the way, processes have been re-engineered, playbooks created, accountabilities established, and ongoing metrics generated.


The Storm Threat Analytics Platform
Executive Sponsor: Brian Rexroad, VP, Security Platforms
Project Team: Cynthia Cama (AVP, Technology Security), Joe Harten (Director, Technology Security), Dan Sheleheda (Lead, Technology Security), James Pace (Principal Member of Tech Staff), Josh Anderton (Principal Technology Security), Steven Buznitsky (Principal Member of Tech Staff)
Location: Bedminster, NJ

The Storm threat analytics platform collects, processes and stores security data for AT&T’s internal enterprise. Its mission is to protect AT&T’s networks, employees and assets through security analysis. The Distributed Streaming Analytics (DSA) component provided the ability for Storm to use Open Source streaming technology to ingest and alarm on key security data in near-real time.


CyberSplash
Executive Sponsor: Joseph Gallagher, Sr. Director, Cybersecurity Governance, Risk and Compliance
Project Team: Patrick McGranaghan (Manager, Cybersecurity Awareness and Education), Matthew Markowitz (Sr. Analyst, Cybersecurity Awareness and Education), Laurence Ginsburg (Project Manager, Cybersecurity), Jayson Hurd (Principal Architect), Eric Sundberg (Sr. Architect), Brad Hein (Sr. Manager, Security Development), Alex Wheeldon (Security Developer), Teague Reese (Analyst 3, Cybersecurity Awareness and Education)
Location: Philadelphia, PA

CyberSplash is a cybersecurity education game that's transforming Comcast security at the employee level. The game provides fun, bite-sized, incentivized daily training to help employees better understand and remember cybersecurity concepts and practices. Employees can play on their company-issued computers and mobile devices. Each day, players face a new one-minute challenge. Correct answers earn badges, higher rankings on the leaderboard, and the opportunity to play for Splash Cash (in-game currency that can be redeemed for game enhancements). CyberSplash uses game elements to reward people for educating themselves and is revolutionizing Comcast's information security posture.


One McDermott
Executive Sponsor: Steve Moloney, Chief Information Security Officer
Project Team: Larry Buzzy (Cyber Operations Manager), Dave Naples (Cyber Risk Manager), Ian Darce (Cloud/AD Manager), Emil Nabiyev (Infrastructure Manager), Brent Paugh (Network Manager), Tamara Hartman (Communications Manager), John Shaull (Collaboration Manager) Tina Marcel (Sr Cyber Security Analyst), Trevor Butler (Cyber Security Analyst), Jeff Pawlowski (Sr Cyber Security Analyst), Michael Peterman (Sr Cyber Identity Specialist)
Location: Houston, TX

In 2018, McDermott began the journey to combine with Chicago Bridge and Iron. This combination brought vast scale in their business operations as they doubled in size. McDermott, a company with a leading security posture across the industry pre-merger, was faced with an elevated cyber risk during a time of high vulnerability within a new complex security and infrastructure environment. McDermott’s Cyber Security team successfully overcame the challenge to keep the company and its employees cyber safe while, at the same time, fully integrating security tools and operations in support of combining two companies.


Industrial Control System (ICS) Active Online Asset & Cyber Security Monitoring
Executive Sponsor: Josh Johansen, Industrial Control System (ICS) Management Program Engineer Lead
Project Team: Nana Appiah, Rob Wise, Phil Johnson, Josh Kolacsky
Location: Lithia, FL

Mosaic’s ICS environments within the Phosphates business unit suffer from a lack of up-to-date information regarding asset status and health, which is critical to making informed asset lifecycle decisions. Increasing cybersecurity threats also present potential risk to Mosaic without proper visibility within the ICS environment. Mosaic decided to implement the Indegy Industrial Cyber Security Suite for 360 degree visibility and control across both IT and operational technology (OT) environments. Indegy provides active online asset information along with real time alerts on unauthorized activities and errors to protect all processing plants, ensures compliance with policies and regulations, and shortens recovery time should errors occur.


Cybersecurity Awareness Month
Executive Sponsor: William (Bill) Boni, Senior Vice President, Digital Security
Project Team: Jana Drajpuch (Director), Nancy Kumbalek (Manager)
Location: Bellevue, WA

With the increasing complexity of cybersecurity ecosystems and the resulting impact on employees and customers, there is a critical need for enhanced cyber awareness among all organizations. As a result, T-Mobile’s Digital Security Organization (DSO) takes innovative strides to ensure that employees are first-line defenders against cybersecurity threats. The highlight of DSO’s employee awareness activities in 2018 was October’s Cybersecurity Awareness Month (CSAM) campaign for T-Mobile employees and strategic partners. CSAM events included speaking engagements with the FBI Cyber Security Task Force, University of Washington, and SHAPE Security. Additional creative and interactive events included an onsite security-themed escape room, phishing games, and group tours of T-Mobile’s Tech Experience lab. This month of activities featured two successful fairs with manned booths, merchandise, and helpful tips and tricks. These CSAM events attracted more than 1,800 participants.


Identify, Credential, and Access Management (ICAM)
Executive Sponsor: Dwaine Omyer, Vice President, Digital Security
Project Team: Koveh Tavakkol, Sr. Manager, Bob Lynn, Sr. Enterprise Information Security Manager, Anya Simonova, Project Manager, Deepak Mathur (Project Manager), Tony Huemiller (Sr. Manager), John Charlton (Manager), Jeff Colorossi (Sr. Manager), Dave Krueger (Principal Engineer), Aakash Tiwari (Sr. Engineer)
Location: Bellevue, WA

ICAM provides technology leadership, guidance, and governance for identity management products and capabilities at T-Mobile. Critical business objectives include identity management maturity, scalability, technology rationalization, operational effectiveness, and cost savings through a common strong-authentication customer experience. ICAM empowers identity risk through strong management controls, authentication, privileged access management, and access governance. The project implements an Un-carrier approach to digital security through the integration of all enterprise platforms to centralize identity controls. This allows toolset rationalization and expanded identity access management (IAM) capabilities ensuring full utilization of key technology platforms.

Financial Services Category


AccessHub
Executive Sponsor: Raghu Dev, Director – Identity and Access Management (IAM)
Project Team: Stan Sadykov (Architect), Angelo Cascio (VP – IAM), Maureen Granger, Harikishen Krishnanath, Indiran Thirumani
Location: New York, NY

AccessHub is a next-generation, centralized Identity and Access Management (IAM) implementation that aims to streamline IAM process (request, approvals, certifications, SoDs), with a focus on providing transparency, reducing risk and also providing a seamless user experience. It is a “one-stop” shop for all IAM Services: Requests, Approvals, Transfer, Provisioning, De Provisioning, Certifications, SoDs and Reconciliation. Users, managers, and access approvers will use the AccessHub user interface via an integrated Single Sign-on (SSO) feature to search a catalog, submit access requests, approve access requests for all required approval steps, and search/view the status of an access request.


Digital Executive Risk Committee (“Digital ERC”)
Executive Sponsor: Ryan Hallett, Deputy Chief Risk Officer
Project Team: John Steele (Senior Manager, Enterprise Risk Management), Sarah Stills (Enterprise Risk Analyst), Ben Davis (Enterprise Risk Analyst), Jonathan Chase (Enterprise Risk Analyst), Matt Cordle (Enterprise Risk Analyst)
Location: Jacksonville, FL

The Digital ERC project improves senior executive risk decision making by providing timely and accurate cyber risk information to members of Black Knight’s Executive Risk Committee (ERC) via interactive risk dashboards. Members of the ERC previously had to rely on static and often out-of-date PowerPoint slides to receive updates on the Company’s information security program to drive risk decision making. With the Digital ERC dashboards, ERC members can review real-time information (including drill-down capability) on the Company’s threat and vulnerability posture, security incidents, status of Identity and Access Management controls and the Security Awareness program.


Equifax Access Management Transformation
Executive Sponsor: Ganesh Krishnakumar, SVP, Identity and Access Management
Project Team: Todd Oxford (Sr. Director, Access Management), Nishad Sankaranarayanan (Sr. Director, IAM Architecture), Jaikumar Kovilakathum Parambil (Sr. IAM Architect).

Equifax made a commitment to transforming technology and security into industry-leading capabilities, investing an incremental $1.25 billion over three years. As part of the transformation, the Identity and Access Management team completed an ambitious project to create a centralized access management platform for seamless and secure authentication experiences for Equifax users globally. Over a 12-month period, the team built a centralized platform and implemented global solutions including upgrading MFA and migrating applications to a centralized SSO platform. Additionally, the team is sharing lessons learned from the project to drive a global conversation about a future with “no more passwords.”


Equifax Security Transformation
Executive Sponsor: Jamil Farshchi, Chief Information Security Officer
Project Team: Nick Oldham (Chief Privacy and Data Governance Officer), Russ Ayres (SVP, Security Build), Chris Klingenspor (SVP, Security Risk and Customer Security), Adam Tice (SVP, Cybersecurity), Ganesh Krishnakumar (SVP, Identity and Access Management), Steve Cosby (SVP, Product Security), Greg Baker (SVP, Physical Security and Investigations), Ahmad Douglas (SVP, Security Strategic Initiatives)
Location: Atlanta, GA

Equifax in 2017 suffered a significant cybersecurity incident, but emerged with new management committed to industry leadership in data security. In April 2018, incoming CISO Jamil Farshchi and his team launched the security strategy that would help to lead the company through the most significant transformation in its 100+ year history.

By focusing on culture in addition to our control and compliance capabilities, Equifax has increased the maturity of its security program and is building a stronger company. Equifax is also sharing lessons learned with the global cybersecurity community to advance how companies, governments, and individuals keep protect their data.


First Data Application Security Program
Executive Sponsor: Pam Gott, Vice President of Global Cyber Security & Fraud
Project Team: Neil Schloth (Manager, Application Security Team), John Van Houten (Security Engineer II), Saltworks Security Team Members
Location: Atlanta, GA

First Data develops software and systems that are used globally to manage credit card transactions globally. Security of these transactions is critical to the success of First Data’s business. By implementing a world class application security program that is fully integrated into the software development lifecycle, First Data ensured application are being developed in the most secure manner possible while not slowing the delivery of business value by development teams.


Automating Cybersecurity Operations with Robotic Decision Automation
Executive Sponsor: Eric Adams, CISO
Project Team: Kevin Bailey (Director, Global Cyber Defense)
Location: San Diego, CA

In the financial services industry, robust cybersecurity defenses are a must-have because the trustworthiness of end-to-end data protection is a core differentiator among competitors, as is the ability to meet stringent regulatory compliance standards. Yet Kyriba faced a challenge that is common across verticals: how to monitor a growing volume of network telemetry data and threat alerts to provide truly comprehensive coverage in a cloud-based environment. They integrated an intelligent automated software solution emulating expert human reasoning to achieve consistent and scalable monitoring of all security event logs.


SecurIT First
Executive Sponsor: Ron Green, Chief Security Officer
Project Team: Tim Taylor (Vice President, Project Management), David King (Vice President, Vulnerability Management), Poonam Verma (Vice President, Information Security Operations), Eric Gunn (Senior Analyst, Vulnerability Management), Donna Mattingly (Consultant, Project Management), Travis May (Director, Learning & Development), Brian Kruse (Director, Vulnerability Management), Jenn deBerge (Director, Communications), Tim Fowler (Manager, Vulnerability Management)
Location: O'Fallon, MO

While security systems can be programmed to safeguard exactly what we need them to protect, we cannot program the human. Mastercard created the SecurIT First education awareness program to foster a security mindset and encourage behaviors that will reduce risk. This custom program was also designed to meet compliance and legal requirements.


Cloudy with a Chance of SecOps
Executive Sponsor: Ricardo Lafosse, CISO
Project Team: Matthew Speakman (Security Analyst)
Location: Chicago, IL

This project highlights how Morningstar upskilled their demoralized SecOps team into a Hogwarts-worthy team of cloud automation wizards, utilizing AWS cloud transformation; taking a cloud-native first methodology; automation; and retooling for cloud.

Health Care Category

aetna
Adaptive Enablement in the Cloud
Executive Sponsor: Tim Tompkins, Executive Director and Chief Security Architect and Innovation, CVS Health
Project Team: Min-Hwei Liu (Director Information Security, Global Security and Resilience), Josh Atencio (Sr. Security Engineer), Jwan Campbell (Sr. Security Engineer), Kevin Karolefski (Security Engineer), Michael Graff (Security Advisor), Matt Weston (Security Advisor), Michael Casner (Security Engineer)
Location: Hartford, CT

Aetna’s Adaptive Enablement in the Cloud project reduces high risk behavior across cloud services by introducing friction when employees engage in risky behavior, making the safe path the easy path. In addition to reducing the risk of data exfiltration, this has enabled Aetna’s members to have a simpler and more secure way to access to their information and provides a world class user interface to interact with the organization while keeping Aetna’s business-critical sensitive PII and PHI data secure; allowing the business to focus on innovation and securely accelerating business. This strategy will expand into CVS Health as part of the acquisition of Aetna.


Ducking an Identity Crisis with Real-Time Fraud Alerting
Executive Sponsor: Tim Callahan, Senior Vice President, Global Security Officer
Project Team: Matthew Harper (Director, Cyber Crime Prevention), Adam Miller (Senior Consultant, Cyber Crime Prevention), Nic Clark (Cyber Crime Prevention Engineer), Hailey Armstrong (Cyber Crime Prevention Analyst), Veena Harish (Project Manager), Prabhas Singh (Consultant)
Location: Columbus, GA

Criminals are taking advantage of Aflac’s transition from a legacy serving model to a digital-first environment via Account Takeover (ATO) and other techniques. To protect Aflac policyholder data while enabling the digital transformation, Aflac leveraged in-place security technology (Splunk) and real-time channel/servicing data (call center, online, claims and client master) to create a flexible analytics platform that can flag suspicious activity in real time and alert business partners in fraud, claims operations and security to take corrective action. The project delivered real-time visibility across all aspects of Aflac core individual business units and ID validation infrastructure.


Quack Attack: Aflac’s Attack Emulation Program
Executive Sponsor: Tim Callahan, Senior Vice President, Global Security Officer
Project Team: DJ Goldsworthy (Director, Security Operations & Threat Management), Ben Harbin (Manager, Threat Management), Brad Allison (Manager, Enterprise Vulnerability Management), Steve McIntosh (Sr. Manager, Security Operations)
Location: Columbus, GA

Aflac’s Global Security Division recognizes the importance of effective security controls in today’s cyber environment. Unfortunately, as threats evolve security controls have trouble keeping up with the change. To avoid succumbing to the latest cyber-criminal scheme, Aflac established an attack emulation program: vCAST. This program combines cross functional teams with a security instrumentation platform to safely test the effectiveness of network, endpoint, and cloud controls using at-scale, real-world scenarios. Through such demonstration, Aflac’s Global Security team is able to clearly define an average time to defend against real attacks—thus highlighting opportunities to bolster capabilities and reduce the exposure window.


Project Mars
Executive Sponsor: Umesh Yerram, Chief Data Protection Officer
Project Team: Kumar Chandramoulie (Senior Director – Cyberdefense, Threat Intel and Vulnerability Mgmt), Cameron Hatzmann (Cybersecurity Intel and Forensics Lead), Marcus Guidry (Threat Intel Specialist), Vu Chu (Threat Intel Analyst), Mark Sakoian (Command Center Lead), Syed Ali (Cyber Operations Analyst), Nora Owulezi (Cybersecurity Analyst), Griffin Pasik (Cybersecurity Analyst), Samuel Stafford (Cybersecurity Analyst)
Location: Chesterbrook, PA

Not all threats are equal. Our Cyber Command Center required a better detection of post-compromise cyber adversary behavior. Unfortunately, Persistent threats takes many forms, from nation-state sponsored activities to intellectual property theft, to financially motivated actions. Project Mars is our next generation predictive Intel driven Cyber operations. Project Mars is developed by integrating Predictive Threat Intelligence, Forensics, Dark Web Crawling and threat hunt on our own Cyber Precog (SIEM) which ingests 1 Billion plus events a day from 45 data sources. Focusing on offensive Cybersecurity, we today ingest and analyze over 100 plus threat intelligence feeds, adopted MITRE Attack framework to hunt on our environment inclusive of threat actor TTP’s. Project Mars supports in detecting Nation State attacks, Insider threats, malicious activities and Frauds.


CVS-Aetna Acquisition Day 1-100 Rapid Access
Executive Sponsor: Kurt Lieber, Vice President, CISO, IT Infrastructure
Project Team: Sati Khurana (Sr. Director, Information Security), Nathan Harris (Architect Advisor) , Angelo Cuozzo (Director, Access & Identity Mgt.), Vishu Mandalika (Director, Information Security), Subhashini Natarajan (Project Manager), Abuarshad Saifudeen (Product manager), Victoria Oravits (Lead solution consultant), Susan Riewe (Lead solution consultant), Angelique Nix (Team Lead, Operations), Lisa Lang (Team lead, Operations)
Location: Phoenix, AZ

Typically, after M&A deal is closed, various key business areas of both organizations need rapid access to do their job in the newly merged organization. A Joint CVS and Aetna Security integration team led an over ten-month effort to ensure the business has appropriate and required cross company access on the first day (“Day 1”) of the acquisition deal close. This project ensured a ‘simple’ access request and fulfilment process was operational on the first day, ensuring an excellent end-user experience throughout the process and, at the same time, meeting all security and compliance requirements which are often overlooked in the early days of acquisitions.


Lilly Shield
Executive Sponsor: Meredith Harper, Vice President, Chief Information Security Officer
Project Team: Christopher Farr (Advisor, Information Security Awareness; Project Sponsor), Maryanne Wagner (Consultant, Workforce Security Awareness; Project Manager), Sonja Popp-Stahly (Consultant, Information Security Communications; Project Communications), Leslie Kahn (Advisor, Security Solutions Lead; Project Advisor)
Location: Indianapolis, IN

Lilly Shield is an online cybersecurity awareness program available to Eli Lilly and Company’s global workforce (employees and contractors). A voluntary program over and above Lilly’s mandatory information security training, it incorporates games, videos and educational modules to help employees learn how to protect their online information at home as well as on the job. Our belief, supported through the experience of participants, is that building awareness of personal security will result in more secure behaviors at work.


Business Resilience – Changing the Culture from Continuity to Resilient Enterprise
Executive Sponsor: Scott Pettigrew, VP and Chief Security Officer
Project Team: George Macrelli, Latasha Robinson, Tosha Terry-Lee
Location: Irving, TX

From Integration, to Automation, Compliance to Communication, the HMS Business Resilience Program is an integrated enterprise wide program that applies automation for monitoring world events, including HMS infrastructure technology, such as, servers, networks, and assets. It provides consistent Change Monitoring and Management by automating the updating of infrastructure changes for our Business Impact Analyses and Recovery Procedures. It allows us to demonstrate compliance with HITRUST, ISO, and SOC frameworks, which ensures the standardization of control information. This cultural shift positioned HMS in pursuing a ‘Resilient Enterprise’ designation from an international Continuity Program leader.


CERP-CERP, Listening to the Customer
Executive Sponsor: Scott Pettigrew, VP and Chief Security Officer
Project Team: George Macrelli, Brian Pannell, Clay Ramsey
Location: Irving, TX

The HMS Security Team realized the need to simplify Customer ‘Requests for Information’ during Customer Security Attestations, Audits, and new business. It was becoming apparent that there was a need improve the experience, by simplifying and enhancing our current process. The design required us to ensure that we could respond timely, accurately, and with consistent information. The Customer Engagement Request Portal (CERP), is a central portal for our Account Managers, and marketing teams to enter requests to help facilitate and manage requests for Security Information. The solution needed to, handle the volume of requests, ensure consistent responses to common requests with Information Intelligences, facilitate tracking and management, and offer analysis and reporting.


Email Authentication and Reporting Process
Executive Sponsor: Douglas Falduto, VP, Admin & Chief Security Officer
Location: Newark, NJ

It’s reasonable to expect that one can trust the legitimacy of an email sent from a recognized company if the 'From' field matches the company's domain name along with a familiar logo, slogan, and URL. However, this scenario is becoming increasingly unlikely in the age of cybercrime. A 2019 Agari Cyber Security report estimated that 22.9 phishing attacks are launched every minute of the day and are the conduit of 90% of all breaches. Horizon-BCBSNJ proactively deployed a robust email authentication process, leveraging the Domain Message Authentication Reporting & Conformance (DMARC) standard to safeguard our members from email domain spoofing.


Cyber-Immune Project
Executive Sponsor: Mark Leary, CISO
Project Team: Enoch Long (Cyber Ops Director), Shah Nawaz (Cloud & Data Center Engineering Director), Bhawesh Choudhary (Solution Design & Architecture Director)
Location: Tarrytown, NY

Regeneron’s “Cyber-Immune” project is the use of Robotic Process Automation to orchestrate defensive actions against cyber-attacks. In an increasingly interconnected world, infectious diseases can spread more quickly than in the past, seriously affect our health, and require new treatments that are safe, effective and easily deployed. Much like Regeneron’s focus to treat human infections, Cyber-Immune’s objective is to quickly identify, treat, and resolve malware attacks, such as viruses, with a solution that is automatic and can scale to address even the largest infections. The idea is a cyber-immune infrastructure is a self-healing system that adapts to environmental threats.


Cybersecurity Service Transformation Project
Executive Sponsor: Mark Leary, CISO
Project Team: Enoch Long (Cyber Operations Director), Diarmuid O’Sullivan (Cyber IR Manager), David Glosser (Threat & Vulnerability Manager), Keith Keimig (Security Monitoring Manager)
Location: Tarrytown, NY

Cybersecurity Service Transformation was a rapid capability building effort that transformed disparate, best effort security activities into an integrated, threat-driven, services-based cyber operational model. In the past, the company’s information security operations were a set of activities that were loosely interrelated, informationally siloed, and only based on measuring compliance to IT standards. The project’s objectives were: establish a new operational model that focused on cyber threats, rationalize a set of cyber services based on retained staff and managed security services mix, and optimize these cybersecurity services by measured performance and demonstrated value.