ISE® West Project Award Nominees 2015

Tokenization of all Caesars PCI environment
Executive Sponsor: William Worthington, VP IT Security, CISO
Team Members: Team Members: Bobby Wilkins, Vaishali Caldwell, CJ Foster, Mukti Bhakta, Judi Evans, Sue Traynor, Brian Bunney, Alan Kennemar, Aaron Otte, Eric Williams, Swithin George, Komala Mekapati, Mike Rogers, Tyler Adams, Rebecca Davis, Marilyn Ellis-Visser, Raju Bade, Revathi Kannan, Elton Cassels, Manuj Bhatia, Greg O'Keefe, Jeanine Glass, Shaun Burnett, Galen Duff Luette Loop, Haamid Shaik, Minh Tran, Chad Becker and John Plough
Location: Las Vegas, NV

This project successful eliminated all credit card (CC) data in affected systems by deploying Point to Point encryption (P2PE) and Tokenization. Using these two solutions the affected systems no longer see, process, or store CC data, protecting Caesars from breach or theft of that data. P2PE encrypts the CC numbers at the swipe preventing any memory scrape risks and tokenization replaces actual CC data with a token, randomized 16-character alphanumeric representation of the CC data.

Application Security Program Management
Executive Sponsor: Jason Morton, Application Security Manager | Office of the CISO
Team Members: Tim Heimerl, Andrew Welsh, Matin Kahn, Bud Wilkinson, Manuela Robinson, Carla Lewis and Ben Kinsella
Location: Denver, CO

The project was focused on transforming how application security was managed for DaVita HealthCare Partners’ complex ecosystem. The goal was to move from a one-man operation into a fully integrated program, built on a single platform that could scale with the business needs.

By May, 2015, DaVita has brought the software development lifecycle (SDLC) for 18 applications under automated security assessment, trained 90 developers around the world, established a secure mobile program, put a system in place to ensure that all third-party application used by DaVita HealthCare Partners are secure, and actively monitors all 141 of the company’s associated websites.

Janus ElasticSearch Security Visualization Engine
Executive Sponsor: Joseph McComb, Director, Information Security
Team Members: Todd Garrison, Enterprise Security Specialist
Location: Denver, CO

Janus utilized Elasticsearch, Logstash and Kibana (big data technologies) to drive an internal security analytics program. The open source tools were used to pull in relevant security log information and provide an interface to rapidly search security relevant information. The project had zero dollar cost in software licensing and reduced incident response times by fifty percent.

Global PCI Standardization Project
Executive Sponsor: Jonathan Chow, Chief Security Officer & Senior Vice President
Team Members: Julie Yoo, Sal Hernandez, Clement Chen, Wahid Iqbal, Anthony Fabia and Michael Carrera
Location: Hollywood, CA

In a climate where risks around credit card data breaches are higher than ever, the Live Nation Security & Compliance Team was challenged with securing and maintaining PCI compliance for hundreds of millions of credit card transactions, and tens of thousands of assets in a vastly decentralized organization with multiple divisions operating around the globe. Having launched a successful program in North America that could be repeated year-over-year, the Live Nation team started an initiative to create a sustainable program framework, methodology, and processes to introduce to the company’s International markets for consistent application of policies, controls, and tools.

Fully Integrated Defense Operation (FIDO)
Executive Sponsor: Rob Fry, Sr. Security Architect
Location: Los Gatos, CA

Automated security incident response

Service Transformation Program
Executive Sponsor: Dave Estlick, VP, Technology Infrastructure & Enterprise Security, CISO
Location: Seattle, WA

The Service Transformation Program was implemented to enable scalability and foster agility in infrastructure and security. This broad initiative deals with security and core infrastructure components in a highly virtualized environment with the goal of standardization of commodity services around network and storage. The final phase will extend the program out of the private environment into the Cloud.

Implementing a Language-Based Secure Software Development Life Cycle
Executive Sponsor:Fares Alraie, Sr. Director of Product Security & Assurance, Visa
Location: Foster City, CA

Visa pioneered the creation of a full-scale secure software development life cycle (SSDLC) process through close collaboration between its security and application development practices and a range of hardware and software technologies. In addition to an iterative design, testing, and review process and traditional firewalls, the team sought to include runtime application self-protection (RASP). Specifically, they incorporated a built-in capability that improves security for applications and prevents threats in production environments. With Visa’s vision and the help of an application security technology company, effective runtime security was developed into several programming languages – protecting corporate assets and users across many applications.