top of page
  • Bgsf

Case Study: Large Healthcare Company

Division LJ Kushner & Associates, Professional Division, Whitepaper

November 10, 2020

Situation: The client, a large healthcare company responsible for treating high-profile patients from around the globe, detected Nation States threats on their network. Their secure information includes sensitive patient data, medical research, and networked devices (i.e. medical devices). A breach could result in having control of life-dependent medical devices compromised or losing the confidentiality of patient data, which would be catastrophic. Therefore, the client needed to build an Information Security Program to protect their company’s network / infrastructure.


  • Build an internal Enterprise Cybersecurity Program.

  • Recruit and hire a Chief Information Security Officer (CISO).

  • Recruit, hire, and lead the build-out of an internal, robust information security program and functionality.


From the onset of the project we forged a partnership among the CISO, hiring managers, the client’s talent acquisition team, and our firm. Then we proceeded to:

  • Identify appropriate level of talent.

  • Qualify according to skill and location.

  • Introduce the opportunity and mission statement of the company.

  • Make introductions and manage all interview processes from inception (introduction) to close (accepted offer /onboarding).


  • Recruited and built a world-class, diverse, robust information security program, from the top-level down.

  • Successfully placed a reputable, highly-capable Chief Information Security Officer (CISO).

  • Delivered a program-build underneath the CISO in two waves.

First wave:

  • Three months

  • Hired Leaders and Direct Reports into CISO

  • Recruited Directors to lead pillars of Information Security, including:

    • Deputy CISO

    • Architecture / Engineering

    • Security Operations & Incident Response

    • Red-Team, Medical Device (IoT) Security, and Security Research

    • IT Security Governance, Risk & Compliance

    • Security Project Management Office

    • Identity & Access Management

Second wave:

  • Six to nine months

  • Hired professionals to support the growth of the program.

  • Recruited Managers with domain subject matter knowledge to:

  • Support Directors

  • Spearhead development of capabilities within respective pillars

  • Lead/Manage technical cybersecurity staff

  • Recruited highly talented subject matter experts to engineer, deliver, and operate cybersecurity functions and capabilities.

Positions Filled:

  • Manager, Security Operations Center

  • Manager, Incident Response

  • Manager, Red Team & Penetration

  • Senior Penetration Tester

  • Security Operations Engineer/Analyst

  • Senior Security Architect

  • Manager, Red Team & Penetration Testing

  • Manager, Vulnerability Management

  • Principal/Senior Information Security Engineer

  • Principal/Senior Information Security Analyst

  • Incident Response Engineer

  • Identity & Access Management Engineer

3 views0 comments


bottom of page