ISE® West Project Award Nominees 2020

Phishing Protection Plan
Executive Sponsor: Cassio Goldschmidt, Head of Information Security/Sr. Director
Project Team: Nikolai Klyukach (St. Tech PM), Paul Intrarakha (Security Architect), Chetan Bhatnagar (Dir Corp Sys & Insights), Steve Shamaly (IT Ops Manager), Tarun Patel (Sr. Application Admin), Tristan Wilson (Sr. Application Admin), Dana Michels (Associate General Counsel)
Location: Glendale, CA

Phishing Protection Plan is a multifaceted and innovative program enacted to protect the business and raise employee awareness about fraudulent attempts to obtain sensitive information. Phishing Protection Plan reinvented how ServiceTitan employees participate in phishing tests; completely redesigned company training; brought a renowned social engineer to test their process; and enhanced automated defense with state-of-the-art services.

Third-Party Risk Management Automation
Executive Sponsor: Dwaine Omyer, Vice President, Digital Security
Project Team: Manoj Chulki (Sr. Manager), Sujin Surendran (Sr. Analyst), Swarnika Mehta (Program Manager), Andi Cescolini (Project Manager), Shreyas Verma (Project Manager), Kristy Hornland (Sr. Analyst), Dan Quigley (Sr. Analyst), Susan Brye (Sr. Director), Chris Wallace (Director), Kirk Hartman (Sr. Manager), David Howard (Sr. Manager)
Location: Bellevue, WA

The Third-Party Risk Management (TPRM) automation project is a transformational initiative to automate, centralize, and modernize T-Mobile’s TPRM program using RSA Archer eGRC platform. Previously, TPRM processes were highly manual and laborious for third parties and T-Mobile analysts, often a bottleneck in the procurement/contractual process. The project objectives were to: Automate TPRM lifecycle through third-party initiation, due diligence, ongoing monitoring, and termination; streamline process to assess and manage third-party risks through twelve unique assessments spanning multiple risk-domains; enhance speed and scalability of TPRM processes; and enhance third-party and internal user experience throughout all phases of TPRM.

Zero Trust and Software Defined Perimeter (ZT/SDP)
Executive Sponsor: Dwaine Omyer, Vice President, Digital Security
Project Team: Aryan Taheri (Principal Architect), Scott Lewis (Principal Engineer), Erik Rudd (Director), Koveh Tavakkol (Sr. Manager), Michael Zwarts (Principal Engineer), Bob Lynn (Sr. Manager), Fredrik Lindstrom (Security Architect), Joel Burt (Project Manager)
Location: Bellevue, WA

T-Mobile’s Zero Trust and Software Defined Perimeter (ZT/SDP) initiative is about evolving our security culture and controls from an archaic “Castle Walls” perimeter-based strategy to a next generation security strategy where we intentionally assume our adversary is already inside the castle—on the network—and yet we should be able to strip away any tactical advantage the adversary would have. Achieving this game changing Defense in Depth requires a Software Defined Perimeter where we can cloak our end user applications to a stealth mode, invisible and unreachable by attackers even if they knew the IP addresses of applications.