Case Study: Large Healthcare Company
Division LJ Kushner & Associates, Professional Division, Whitepaper
November 10, 2020
Situation: The client, a large healthcare company responsible for treating high-profile patients from around the globe, detected Nation States threats on their network. Their secure information includes sensitive patient data, medical research, and networked devices (i.e. medical devices). A breach could result in having control of life-dependent medical devices compromised or losing the confidentiality of patient data, which would be catastrophic. Therefore, the client needed to build an Information Security Program to protect their company’s network / infrastructure.
Build an internal Enterprise Cybersecurity Program.
Recruit and hire a Chief Information Security Officer (CISO).
Recruit, hire, and lead the build-out of an internal, robust information security program and functionality.
From the onset of the project we forged a partnership among the CISO, hiring managers, the client’s talent acquisition team, and our firm. Then we proceeded to:
Identify appropriate level of talent.
Qualify according to skill and location.
Introduce the opportunity and mission statement of the company.
Make introductions and manage all interview processes from inception (introduction) to close (accepted offer /onboarding).
Recruited and built a world-class, diverse, robust information security program, from the top-level down.
Successfully placed a reputable, highly-capable Chief Information Security Officer (CISO).
Delivered a program-build underneath the CISO in two waves.
Hired Leaders and Direct Reports into CISO
Recruited Directors to lead pillars of Information Security, including:
Architecture / Engineering
Security Operations & Incident Response
Red-Team, Medical Device (IoT) Security, and Security Research
IT Security Governance, Risk & Compliance
Security Project Management Office
Identity & Access Management
Six to nine months
Hired professionals to support the growth of the program.
Recruited Managers with domain subject matter knowledge to:
Spearhead development of capabilities within respective pillars
Lead/Manage technical cybersecurity staff
Recruited highly talented subject matter experts to engineer, deliver, and operate cybersecurity functions and capabilities.
Manager, Security Operations Center
Manager, Incident Response
Manager, Red Team & Penetration
Senior Penetration Tester
Security Operations Engineer/Analyst
Senior Security Architect
Manager, Red Team & Penetration Testing
Manager, Vulnerability Management
Principal/Senior Information Security Engineer
Principal/Senior Information Security Analyst
Incident Response Engineer
Identity & Access Management Engineer