Search Results

Division BGSF, Professional Division May 13, 2021 Read here!

Division Professional Division, Whitepaper November 11, 2020 Read the full pdf here: EDR – White Paper – PART 1 Migrating On-Premise Application to the Cloud I am sitting at my desk after leaving our leadership meeting where we discussed many key initiatives for the following quarter. My boss, the CEO has instructed me to lower our overall SGA within my area (Information Technology). As I sit at my desk and ponder some ideas, I remember reading some articles about the labor and capital expense savings by migrating key applications to the cloud, specifically ERP applications. As I start to search the web for some key information, I quickly become overwhelmed with all of the content related to “cloud” and savings. The amount of content and trying to decipher what is real and what is sales related was overwhelming and daunting. This event occurred over a year ago and we have since migrated our ERP (PeopleSoft) application to the cloud. I committed to write an article that simply outlines the project and the items to consider before jumping into such a project. This article will outline: Criteria to determine if Cloud Migration is viable: Identify your current costs – internal labor costs, hardware costs as well as software licensing Determine if the application you plan on moving has any restriction to running in the cloud (Licenses, Technology limitations, etc…) Ensure the Cloud you move to will have the ability to verify “Usage” as well as SLA and downtime compensation Does the Cloud solution offer you the same or better DR (disaster recovery)? Data Location (Will the location of the data violate any internal policies?) In addition to the key points above, it is very important for the organization to consider prior to migrating any application to the cloud is determining the KPI’s(Key Performance Indicators) for how to measure successful criteria. Some of these KPI’s are Hardware and Labor Cost Savings, Performance, and application maintenance. These KPIs can be used not just for the initial migration but to benchmark the criteria, one month, one quarter, or even one year after the migration. Data points are always valuable, especially when you are asked the question, what were the benefits of migrating these applications to the cloud? Identify your current internal labor costs: Current application and infrastructure costs, which include the direct and indirect costs of using and maintaining your application can be difficult and very expensive. The direct costs cover hardware and software (including physical servers), software licenses, maintenance contracts, warranties, supplies, material, spare parts, network bandwidth, storage and database capacity, all labor, and facilities. The indirect costs include loss of revenue and productivity resulting from any outages or downtime. This step is essential to fully understand the business case for cloud adoption and make an apples-to-apples cost comparison. These indirect costs are harder to quantify but creating a way to measure these will help you and the organization as more and more applications get migrated to the cloud. Determine if the application you plan on moving has any restriction to running in the cloud: Not all applications within your enterprise are candidates for cloud migration. Some of these applications have software licensing limitations, like that of the Oracle Database Engine. Oracle certifies certain cloud providers with the hosting and licensing certifications. For example Amazon (AWS), Microsoft (Azure), Rackspace, and Oracle (OCI) are all Oracle Database certified cloud providers, regardless of BYOL (Bring your Own License) or if you purchase your license from one of these providers. The inverse of this is hosting a BYOL within CenturyLink which is not a certified OracleDatabase Cloud hosting provider. It is very important to validate and confirm the Cloud provider you are migrating to is certified to host and run the applications you are considering prior to moving them. Not all cloud provider allows customers to bring their own license (BYOL), some require the purchase of their subscription for key pieces of software. The cost of license violations is much more costly after the fact than spending the time to ensure you are not violating and license agreements. Ensure your cloud provider has the ability to verify, usage performance, and uptime SLA with downtime compensation Most cloud providers today have the ability to measure usage of resources (CPU, Disk, Memory, Network) in order to determine billing and reporting. In our experience of finding the right cloud provider, it was clear that the top tier-1 cloud providers all had the ability to measure usage and each provider had their own unique industry-standard SLA’s with downtime credits and compensation. The tier-one providers are: Amazon Microsoft Azure Oracle (OCI) Google We found the ability to measure and report the usage allowed us to script streamline the days, hours, and times certain applications were up and running. This permitted us to take full advantage of bringing applications off-line when not needed, hence saving us a great deal of cost each month. This exercise took a few months to perfect as well as striking a balance of what applications needed to be available during what periods of time. The cost savings for us was reduced by over 35% annually. Does the Cloud solution offer you the same or better DR (Disaster Recovery)? Disaster recovery is something every organization requires, especially for their tier-1 applications. The cost for an organization to design, maintain, test, and support disaster recovery is great. This cost is driven from the design of ensuring three areas of Disaster Recovery are achieved as well as the labor cost to test and maintain this structure: Data Location (Will the location of the data violate any internal policies?) While security remains top of mind of most CIO’s and CEO’s, the location of data is rising in prominence as a barrier or concern for cloud adoption. These concerns stem in part from the difficulty of visibility into data transit and storage. Customers might want to know where exactly their data is residing so they can retrieve it quickly —and also for legal implications, which we’ll get into momentarily. With many clouds, because of the way cloud storage works, data might be spread over several servers or storage arrays, and even between multiple data center facilities. This makes it hard for even the provider to identify exactly where data is stored. But while transparent, cloud service providers might be forthcoming with their infrastructure design details and maintain their security through a strong web of compliance standards and data security best practices, there remain legal entanglements to the storage of data in the cloud. Some organizations have internal data policies in conjunction to legislation the restricts certain data to cross international borders. Some of these policies have large financial penalties if data privacy and data locations are violated. The best way to ensure your data is not in violation of internal policies or international Laws is to locate your data containers in specific regions(Locations). This can be controlled in all of the tier-1 cloud providers. Data Location (Will the location of the data violate any internal policies?)As your organization goes through the rationale of considering the migration of applications to the cloud, I would suggest speaking to peers who have undergone this exercise as well as an organization that specializes in these types of projects. I wrote this article in conjunction with our partner Momentum Solutionz who helped us with the project. Many organizations do not put enough stock in the benefits of working with an organization that brings experience to the table, like in golf. I would prefer to have my playing partner putt before me so I can see the speed and break of the greens, which allows me to have a better chance of being successful with my putt. Momentum Solutionzspecializes in advising and assisting organizations with their journey to the cloud, we can generally reduce project time and cost by 35% by leveraging our been-there-done-it experience. Please sign up for a more detailed conversation and allow us to assist you and your organization with this journey.

Division LJ Kushner & Associates, Whitepaper November 11, 2020 Read the full pdf here: Cybersecurity Case Study_Global Financial Tech Company Situation: This client’s product is vital to the global financial services industry and operates on a complex private network. Our financial systems rely on the integrity of this client’s data in order to run, therefore customer data protection, information accuracy, and availability/reliability are paramount to the company’s success. After placing their Chief Information Security Officer (CISO), this global financial technology company, based in New York City, engaged us to continue to build out their Information Security Program including an Information Security Operations Center (ISOC) Team. Search / Assignment We worked with the CISO to understand his vision for the ISOC Team and the needs for each role, including an overall leader, individual team lead, and experienced analysts with various skillsets: ISOC Director – An experienced leader who can strategically build-out and advance the ISOC function, communicate up through the C-level, as well as earn the confidence of the ISOC Team. ISOC Team Lead – The most technical member of the team required to not only have the technical depth within threat detection and incident response but also convey a level of maturity for management. Experienced ISOC L2, L3, and L4 Analysts – The analysts monitor and analyze activity on networks, servers, endpoints, databases, applications, websites, and other systems, looking for anomalous activity that could be indicative of a security incident or compromise. To do this well, we require various skills/knowledge in the ISOC space, including but not limited to: Triage of Detection Alerts Forensics – Host and Network Proactive Threat Hunting Malware Analysis / Reverse Engineering Incident Response Threat Intelligence / Indicators of Compromise Automation/Programming Skills (generally Python) Methodology From the onset of the project we forged a partnership among the CISO, hiring managers, the client’s talent acquisition team, and our firm. Then we proceeded to: Identify the appropriate level of talent for each role. Qualify a shortlist according to skill and location; introduce opportunity and company. Make introductions to CISO and existing ISOC Team for initial interview / assessment. Manage further interview processes from inception(introduction) to close (accepted offer / onboarding). Result: Over a six month period, we placed the ISOC Director, an ISOC Team Lead, and five experienced ISOC Analysts with various technical skills. The majority of the team is still in place and successfully operating the program four years later.

Division BGSF, Professional Division, Whitepaper November 11, 2020 Read the full pdf here: EDR – White Paper – PART 2 As I lay awake in bed with the smell of the Pacific Ocean air blowing through the house, my phone and iPad simultaneously start to alarm. I pick up my phone to find a local alert notifying the locals of imminent fires blowing with the Santa Ana winds, it says in bold, “Take Shelter or Leave the Area.” As a CIO of a large technology company I jump into immediate action, the fires are far away from my home, but moving directly toward our data center and I think about the key operational and revenue systems under my purview. I start to put a plan together in my head; who do I call into the office, where is our DR and business continuity plan? Oh, wait a second, we migrated all of our key operational systems to the cloud last year, we no longer have a data center here in the Valley. What a sigh of relief, when it comes to our systems. Let me tell you about our journey to the cloud, hopefully, you can gain some insight and benefit from our experiences. Our decision to migrate our tier-1 based applications were based on a couple of key factors. As a side note, a majority of these applications were from Oracle, this will eventually have a bend toward our cloud provider, stay tuned. Some of these factors were: Hardware refresh costs as well as the flexibility to have High-Availability (HA) and Disaster Recovery in different regions of the United State. Our hardware refresh cycle is approximately every 3-5 years based on the software requirements as well as the features and capabilities needed by the business. The average cost for our tier-1 based applications hardware is in excess of 2.5 million dollars not counting the effort to install and configure these software stacks. Additionally, there are other soft costs taken into consideration before we embarked upon the Cloud migration; downtime, as well as business disruptions such as (Testing Cycles). A substantial amount of research was conducted prior to our decisions to start our cloud migration journey in order for our decision to be based on an objective fact versus that of subjective emotions. By migrating to a cloud environment, it is clear that we would save 2.5+ million each hardware refresh cycle. The way a cloud provider manages these hardware refreshes is generally zero interruption and impact on the applications that are running. This is achieved by most cloud providers by way of and use of “Containerization” of the hardware layer. Containerization is defined as a form of operating system virtualization, through which applications are run in isolated user spaces called containers, all using the same shared operating system (OS). A container is essentially a fully packaged and portable computing environment. Containerization in turn reduces and, in most cases, eliminates the need for testing of the applications due in part by the presentation of the VM’s under a container. Our next step in our decision process was to determine which cloud provider we should consider for our application migration. We decided to engage a partner to create a matrix and comparison to help us determine which cloud provider can give us the most flexibility, features, and costs savings. Our partner was able to achieve this task in under three weeks, once we defined the criteria and weighting. Based on the objective scoring outlined below Oracle (OCI) was the cloud vendor that was selected. Our next step in our journey was to develop a business case with an ROI that contained both hard and soft costs related to the benefits of the migration. After this business case was developed, we socialized and submitted it to the CFO for budget approval. Once approved our next step was to identify a trusted advisor/consultancy that is versed in these kinds of projects, this step in ours and anyone’s journey is the most important component. This relationship with your partner is like a marriage, as you want to make sure you identify an organization that has the (Skills, References, and more over a similar work culture). Before you identify an organization to assist with the cloud migration some key components that should be considered as part of this selection are: Application(s) being migrated experience Detail Project Management experience Cloud Provider (AWS, Azure, OCI, etc..) experience Clear and well-defined SOW with measurable and obtainable objectives Our partner/consultancy selection took some time, but once we landed on the selected partner our next series of steps were driven around the typical “Project Management Activities”. I have always had a philosophy of 75% planning and 25% execution of a large project. Based on these objectives it was time to kick the project off. Changes we experienced as part of our journey included the roles and responsibilities of each of my staff. Though this was expected, it was still a large organizational change. Based on new functions, I would suggest that as part of the change management component of your project that these new roles and responsibilities be outlined and understood. Some examples of these changes were based on the creation and management of environments. Where this function used to be divided up by area (Server, Storage, Network, Database & Application), there are significant changes as to who creates and manages each of these areas in a cloud environment. You can divide these functions as you previously did, but it is no longer necessary based on how environments are provisioned and deprecated. As an example, with Oracle OCI, and the use of their Cloud Manager tool a PeopleSoft or E-business administrator has the ability to provision or clone an entire environment Compute, Database, Network, Storage and Application) with relative ease. As with this one example, it is highly encouraged that these new capabilities and functions be mapped put and assigned accordingly. With our case, we created new policies to ensure the separation and management of these functions. This allowed us to take full advantage of these features while ensuring we adhered to our corporate policies. Our organization has benefited in many ways by deploying these applications to the cloud. Some key capabilities we would have not otherwise had: High Availability, Disaster Recovery in different parts of the United States as well as better performance and analytics. Another benefit that we achieved as a byproduct of this project was increased resource capacity. This was not an expected result, but the ease of provisioning, managing, and maintaining these environments with delivered cloud tools has allowed for our resources to take on additional tasks. The average capacity increase by resource was about 22%, some resources had a higher capacity increase and some lower. This along with the benefits, some still being discovered, we concluded that this decision was not only a wise one from capabilities and cost savings perspective, but also from a business differentiator by giving us a competitive edge. Our next journey, soon to come will be leveraging some key PaaS (Platform as a Service) capabilities to increase our integration feature and functions of our on-premise, third-party, and cloud-based applications, stay tuned….

Division LJ Kushner & Associates, Professional Division, Whitepaper November 10, 2020 Click here for the full PDF: Cybersecurity Case Study_Large Healthcare Company Situation: The client, a large healthcare company responsible for treating high-profile patients from around the globe, detected Nation States threats on their network. Their secure information includes sensitive patient data, medical research, and networked devices (i.e. medical devices). A breach could result in having control of life-dependent medical devices compromised or losing the confidentiality of patient data, which would be catastrophic. Therefore, the client needed to build an Information Security Program to protect their company’s network / infrastructure. Assignment: Build an internal Enterprise Cybersecurity Program. Recruit and hire a Chief Information Security Officer (CISO). Recruit, hire, and lead the build-out of an internal, robust information security program and functionality. Methodology: From the onset of the project we forged a partnership among the CISO, hiring managers, the client’s talent acquisition team, and our firm. Then we proceeded to: Identify appropriate level of talent. Qualify according to skill and location. Introduce the opportunity and mission statement of the company. Make introductions and manage all interview processes from inception (introduction) to close (accepted offer /onboarding). Result: Recruited and built a world-class, diverse, robust information security program, from the top-level down. Successfully placed a reputable, highly-capable Chief Information Security Officer (CISO). Delivered a program-build underneath the CISO in two waves. First wave: Three months Hired Leaders and Direct Reports into CISO Recruited Directors to lead pillars of Information Security, including: Deputy CISO Architecture / Engineering Security Operations & Incident Response Red-Team, Medical Device (IoT) Security, and Security Research IT Security Governance, Risk & Compliance Security Project Management Office Identity & Access Management Second wave: Six to nine months Hired professionals to support the growth of the program. Recruited Managers with domain subject matter knowledge to: Support Directors Spearhead development of capabilities within respective pillars Lead/Manage technical cybersecurity staff Recruited highly talented subject matter experts to engineer, deliver, and operate cybersecurity functions and capabilities. Positions Filled: Manager, Security Operations Center Manager, Incident Response Manager, Red Team & Penetration Senior Penetration Tester Security Operations Engineer/Analyst Senior Security Architect Manager, Red Team & Penetration Testing Manager, Vulnerability Management Principal/Senior Information Security Engineer Principal/Senior Information Security Analyst Incident Response Engineer Identity & Access Management Engineer

Division BGSF, IT, Professional Division, Whitepaper July 30, 2020 Overview The shortage of experienced cyber security professionals is a key risk factor that impacts organizations of all sizes and all industries. It is estimated that by 2021, there will be a global need for between 3.5 and 4 million cyber security professionals (ISC^2). Currently, it is reported that in the United States, there are more than 500,000 open cyber security roles (cyberseek.org). The talent gap centers on the specialized technical skills that comprise the core functions of most corporate information security programs. The positions include, but are not limited to, security architecture, security engineering, product security, security operations, vulnerability management, and threat hunting. The ability of a Chief Information Security Officer (CISO) to attract and retain these technical security specialists is a core factor in determining the success of their cyber security program and their viability as an effective leader. The CISO is Ultimately Responsible The responsibility for the hiring and retention of cyber security talent lies with the Chief Information Security Officer (CISO). The CISO needs to develop an organizational culture where recruiting is important at all levels of their team. A CISO has the ability to both design program-wide standards as well as baselines for the assessment and evaluation of new talent that can be universally applied to all cyber security roles. These standards may be tangible or intangible. Tangible baselines may include technical ability, experiences, or education. Intangible standards may include communication skills, the ability to get along with others, or personality traits. In addition, the CISO and their leadership team can create certain interview protocols and processes that will ensure that anyone interviewing for a position within their organization is handled in a way that provides for a positive candidate experience. This can include things like candidate communication, response time, and sharing of feedback. The creation and implementation of standards sends an organizational signal that recruiting is important and that results will be measured. Ultimately, participation in the hiring process should be incorporated in performance reviews and be given strong consideration when determining promotions and incentive compensation. Job Descriptions and Resumes A large majority of cyber security positions go unfilled because of poor alignment between the posted job description and the way that the cyber security professional represents themselves on their resume. CISO’s and hiring managers need to remember that they are attempting to hire the best cyber security professionals for their positions and their teams, not the best resume writers. At the same time, a majority of cyber security job descriptions are extremely plain and come across as “laundry lists” of requirements and do not provide any true impetus for cyber security professionals to have any interest in applying for them. The CISO should encourage their team to think of job descriptions as their “Marketing Document.” Ideally the job description should enable the hiring manager to provide both context and insight on the benefits of the opportunity and the information security program. The hiring manager should attempt to understand the point of view of the applicant and the types of things that would be appealing to them as part of the role. These can include exposure to new technologies, the importance of security to the core business, the capabilities of the existing team, work-life balance, and career path. By incorporating these elements of the role into the actual job description, it will pique the interest of cyber security professionals who may find these things lacking in their current position. Once they demonstrate interest, you now have the opportunity to evaluate if they would be good matches. Work Closely with Your HR and Talent Acquisition Team The most successful cyber security recruitment processes rely on strong teamwork. The three elements of a winning team include an engaged hiring manager, a qualified pool of cyber security candidates, and a competent recruitment function. Considering that cyber security is such a unique skill set, it is essential that the CISO and the cyber security hiring managers take some time to help educate their internal team on the specific skills for which they are searching. In addition, it is also helpful to share specific companies that have people with these skills and cyber security professional organizations to which these people belong. Providing the internal recruitment team with this knowledge should enable them to better assess and screen talent, which ultimately will maximize the CISO’s and hiring team’s time and reduce frustration. If internal recruitment does not succeed, they are the ones that will best understand the company’s policies for the engagement of external recruitment firms. CISO’s should work with the internal recruitment team to refer them in the direction of Cyber Security recruitment specialists who are known for their success in the recruitment of cyber security talent. Generalist technology search firms more than likely do not have the industry reach, cyber security relationships, or the cyber security subject matter knowledge to be effective. Run An Interview Process As If You Were The Applicant If the job description is the marketing document, the interview process becomes your sales tool. This is your opportunity to demonstrate to your cyber security applicant what it is like to work as part of your cyber security function. It is important that the candidate walks away from the interview process with an accurate understanding of the office environment, the team culture, and the capabilities of the team that they will be joining. The CISO’s involvement in the interview process provides an indication of the importance of talent. It also provides a strong indication of the organization’s commitment to the cyber security function and visibility that all team members will have to senior leadership. In addition, the CISO and the hiring managers should clearly define the roles of the interviewers and what skills each person will be assessed during the process. It is best to put the candidate through some generic real-world scenarios that will determine how they solve problems and think on their feet. The chosen scenario should be a problem that the candidate is comfortable in solving. By placing a cyber security professional in this type of environment, in front of a small panel of team members, they will receive an accurate impression on how problems are solved and how the team interacts. This will give the panel the opportunity to see the candidate “in action” and should provide a sense of how they communicate and accept feedback. When the interview is concluded, it is essential that the candidate receive feedback quickly. Best practices would be within two days. Once the feedback is communicated, the candidate should either receive an offer or rejection within a short period of time. The longer decisions are delayed the less chance that the candidate will remain interested in the position, so this is imperative. Retention is the Best Form of Recruitment CISO’s can never take for granted that their team members will continue to work for them. Hiring is just one part of the equation; retaining your talent is the most important. High organizational turnover can make future recruiting difficult as cyber security professionals are skeptical by nature, and a revolving door of security talent can indicate that the work environment is not conducive to success. It is important for CISO’s to remember that their team members have choices, and their best team members have more choices. Once they are hired and are performing, they need to be continually “recruited” in order for them to be retained. Continuous recruitment begins with transparent communication about elements of work that are important to your team members. This can include providing career development, learning opportunities, and future financial growth. In addition, an increased sensitivity to work-life balance, flexibility, and quality of life are often more significant than increased compensation. If your team feels good about how they are treated, the work that they are doing, and what their future holds as part of the cyber security program, they will become the best recruiting tools that a CISO can possibly have. When they speak with their industry peers at cyber security conferences or on private message boards, they will be advocates. When new positions become available there should be a good supply of applicants, based on the brand that has been created. Conclusion The recruitment of cyber security professionals will remain a challenge as long as there is a significant delta between the supply of qualified talent and the demand for these resources. CISO’s and cyber security leaders need to invest the time, energy, and resources to create and implement good processes for the hiring and retention of cyber security talent. Successfully doing so will better position them to protect their organizations and excel in their careers

Division American Partners, Professional Division, Science and Technology June 12, 2020 Client Challenge: Move a Fortune 500 top 10 Multinational Retail Corporation to Enterprise Planning Cloud American Partners was tasked with guiding our client, who operates a chain of discount department stores and grocery stores, to migrate their environment to the Oracle Enterprise Cloud Platform. ACTIONS AND SOLUTIONS DELIVERED: American Partners identified two highly qualified consultants who quickly became integrated members of the client’s workforce solution. As of February 2020, the consultants are leading the client team, integrating their current Oracle EPM footprint, and providing day to day support. This migration forced the consultants to look at the application in a new view: Conversion to Hybrid mode Dimensional Optimization Process and Calculation Improvements for new functionality Applied Resources: automation, metadata, optimization, and training RESULTS: Automation – We have redesigned their automation standards for cloud based and on-premise automation to utilize a common framework, drive standard syntax and reporting. We have utilized this framework to develop new automation for: New SAP load to Cloud Application Centralized extract of EDMCS dimensionality Import or new Metadata to Cloud Application Import and refresh of metadata to many on-premises applications. Metadata – Prior to American Partners, the client started an EDMCS implementation. Unfortunately, the project was not tested, which resulted in the vision not being realized. The American Partners team revamped the implementation to ensure “best practices” and drove governance change within the organization. Starting with the package dimension we have modified the original implementation to do the following: Established a tiered workflow so that non-technical users can maintain changes to the rollup Applied proper security to not allow deletes or renames of member names Hierarchical integrity for shared rollups Dynamic property assignments for downstream applications Standardized extract process Optimization – American Partners is looking at methods to improve the current applications to address: Performance Maintenance Usability Training – American Partners consultants provide daily or weekly training on support techniques and best practices regarding new technology within the client’s platform.

Division June 9, 2020 Client Challenge: Donovan & Watkins (DonWat) was approached by a Houston commercial litigation firm to provide e-discovery document review services for one of their oil & gas clients. This project was to provide a team of attorneys to review and tag thousands of documents for a breach of a master construction agreement. The firm did not have the space or resources to support a project of this scale. Our client needed DonWat to identify qualified resources and provide work space with equipment within a very short time frame. Identified Resources: DonWat began the proven process of identifying experienced document review attorneys by utilizing their extensive database and relationships in the industry. The huge database retained is an enormous asset for projects such as this. DonWat was able to identify twelve attorneys as well as one lead attorney to manage the team and be the single point of contact to the firm’s partner in charge. Action and Solutions Delivered: Within one week, the needed consultant attorneys were placed at a secure work space with all of the technology and equipment needed to support the team. Since there is little room for error in document reviews, a team lead was added to perform quality control work, in order to cover all of the bases. This group of attorneys delivered on the scope of work within the time constraints as well as on budget. Supplies provided: 12 DonWat emails, 12 Surface Pros, 24 monitors, 12 docking stations, and 12 keyboards. All Surface Pros had Microsoft Office Suite installed. Results: The office space provided was conducive to comfortable and efficient work by providing state-of-the-art technology, office supplies, amenities, and security measures. The team established an organized document review process that made it easy for the client to oversee. The team lead administered the quality control needed, assigned workloads, and gave prompt feedback to the managing attorney of the project. After several weeks, the Houston firm requested more attorneys to help tackle the influx of documents being turned over by the opposition. Through the year, the team lead managed the ebb and flow of documents and the size of the team. The DonWat team had committed to the project until completion. The client won the case!

Division BG Creative, Professional Division May 8, 2020 Client Challenge: A global Fortune 500 firm prompted BG Creative to help put together their CEO’s number one initiative; establishing a global digital acceleration team. The firm’s objective includes to not only have a stronger presence in their eCommerce vertical, but engage and enrich their consumer’s journey from a 360 degree perspective. The expectation is for the firm to be elevated to a Fortune 100 within three years with this lofty initiative. Identified Resource: The initial request included finding a Senior Front-End Developer. We were tasked with this challenge after two firms and internal talent acquisition was unable to provide the right talent. Two weeks and one submittal later, an offer was extended – opening the door for a trusted partnership. The firm has continued to engage our expertise and our guidance in identifying the proper talent. Actions & Solutions Delivered: Key hires have included: Global Director of Digital Growth, Senior Director of Content, Senior Director of Digital Optimization, Senior Manager of Conversion Excellence, a team of Digital Product Managers and a content team, with requests for user experience and graphic design needs along the way. Results: BG Creative has played a vital role in the development of this team. Our consultants have given the firm full capabilities to tackle their initiative. The progress of their digital acceleration team has extended over to their sales team to be equipped with the proper resources to grow their business and drive traffic through their digital presence. It has allowed our client to succeed in conquering their aggressive initiative and raising the bar in their digital aspirations.

Division InStaff, Light Industrial Division March 30, 2020 Client Challenge: Specifically, this company needed Instaff to: Ensure their daily need of their daily workforce, up to 150 temporary workers, would be met Quickly and efficiently manage the transition of any existing temporary employees Improve overall management of their temporary workforce Actions & Solutions Delivered: Instaff called for a meeting at once between the operations departments of both companies to devise an implantation plan of the new staffing services along with a strategy on transitioning employees. Directly after these meetings, a directive was rolled out to have InStaff up and running for this client in less than two weeks. Results: InStaff was able to establish an effective temporary staffing solution for this client and had this plan operating within ten business days. With this solution in place, InStaff: Met the clients daily fluctuating staffing needs Reduced attendance and turnover issues without onsite program Provided continued, daily staffing services support from our local office Our client knows that with InStaff, not only are their needs in the Lake County area met daily, but as they grow, they can count on InStaff to be right by their side.

Division Extrinsic, Professional Division March 10, 2020 Client Challenge: Extrinsic’s client, a nonprofit organization in North Carolina, were informed that their Workday HRIS Manager was leaving for another opportunity. They reached out to Extrinsic to find a qualified consultant to cover the current vacancy until they identified a full-time resource. They needed a consultant who could quickly fill in for the former HRIS Manager, bridge the gap and allow the client to stay on track with their current projects. Identified Resource Extrinsic identified a specialized Workday HRIS Manager with over 14 years of HRIS experience and eight years of hands-on Workday experience. He has led over four Workday Implementations and is an expert in the Core HR modules, business processes, Security and Report Writing. With over five years of experience as an HRIS Manager, he has experience leading and managing full lifecycle implementations, system enhancements and rolling out new functionalities. Actions and Solutions Delivered Extrinsic’s HRIS consultant was brought on to support both the functional and technical aspects of Workday. He was able to manage a number of initiatives independently, freeing up time for the client’s internal team to continue to support a global project rather than expanding their focus to include providing coverage for the vacant HRIS Manager position. The client praised the consultant, noting that he was successful in fulfilling their needs, very responsive and a knowledgeable Workday resource.

Division BGSF, Extrinsic, Professional Division February 7, 2020 Client Challenge The Director of IT Applications for a respected Healthcare provider in North Carolina was in urgent need of upgrading their Kronos timekeeping system seeking additional functionality and needed to work under a tight budget relative to commercial counterparts. Identified Resource Extrinsic identified a specialized consultant with 15 years of KRONOS experience. This resource was actually a former Kronos employee and a certified 8.0 upgrade consultant by Kronos. He had extensive Workforce Connect/WIM programming experience on interfaces. Just as important as his technical skills, he was adept at working with customers to understand needs and business goals. Actions & Solutions Delivered The Extrinsic consultant had a project plan laid out, initiated scoping and documented his process along the way. He implemented additional functionality and lowered usage costs as the system was ported through telephones instead of time clocks. This resulted in cost savings to not have to buy time clocks by integrating this new version of Kronos into the phone system. This saved on equipment and more importantly training costs of staff. The project was completed 25% below budgeted costs.