Click here for the full PDF: Cybersecurity Case Study_Large Healthcare Company
Situation:
The client, a large healthcare company responsible for treating high-profile patients from around the globe, detected Nation States threats on their network. Their secure information includes sensitive patient data, medical research, and networked devices (i.e. medical devices). A breach could result in having control of life-dependent medical devices compromised or losing the confidentiality of patient data, which would be catastrophic. Therefore, the client needed to build an Information Security Program to protect their company’s network / infrastructure.
Assignment:
- Build an internal Enterprise Cybersecurity Program.
- Recruit and hire a Chief Information Security Officer (CISO).
- Recruit, hire, and lead the build-out of an internal, robust information security program and functionality.
Methodology:
From the onset of the project we forged a partnership among the CISO, hiring managers, the client’s talent acquisition team, and our firm. Then we proceeded to:
- Identify appropriate level of talent.
- Qualify according to skill and location.
- Introduce the opportunity and mission statement of the company.
- Make introductions and manage all interview processes from inception (introduction) to close (accepted offer /onboarding).
Result:
- Recruited and built a world-class, diverse, robust information security program, from the top-level down.
- Successfully placed a reputable, highly-capable Chief Information Security Officer (CISO).
- Delivered a program-build underneath the CISO in two waves.
First wave:
- Three months
- Hired Leaders and Direct Reports into CISO
- Recruited Directors to lead pillars of Information Security, including:
- Deputy CISO
- Architecture / Engineering
- Security Operations & Incident Response
- Red-Team, Medical Device (IoT) Security, and Security Research
- IT Security Governance, Risk & Compliance
- Security Project Management Office
- Identity & Access Management
Second wave:
- Six to nine months
- Hired professionals to support the growth of the program.
- Recruited Managers with domain subject matter knowledge to:
- Support Directors
- Spearhead development of capabilities within respective pillars
- Lead/Manage technical cybersecurity staff
- Recruited highly talented subject matter experts to engineer, deliver, and operate cybersecurity functions and capabilities.
Positions Filled:
- Manager, Security Operations Center
- Manager, Incident Response
- Manager, Red Team & Penetration
- Senior Penetration Tester
- Security Operations Engineer/Analyst
- Senior Security Architect
- Manager, Red Team & Penetration Testing
- Manager, Vulnerability Management
- Principal/Senior Information Security Engineer
- Principal/Senior Information Security Analyst
- Incident Response Engineer
- Identity & Access Management Engineer