03

Organization:   Sallie Mae
Industry:   U.S. Based Financial (Loan Services)
Size:   1,200+ employees
Environment:   Legacy and Hybrid Public Cloud (Azure & AWS)
Summary:

The client wanted to migrate and become a "cloud-first" (i.e., 100% public cloud) environment.  However, Sr. Mgmt. had major concerns about the risks due to little experience with public cloud and limited security resources.

  • No security strategy for migration and management of security controls of new corporate enterprise within the public cloud.
  • The company had limited personnel to manage and monitor security posture company-wide.
Actions:
Throughout 12 months, we led the development of a new security strategy, designed a migration methodology and implemented services and solutions to meet the goals of the strategy.
  • 100% completion of migration into Azure and AWS with HA and emergency failover.  Vendor lock-in preventions implemented.  Ensuring PCI, SOC, and ISO compliance.
  • 300% improvement in security posture.  Designed services (SOC-as-a-Service, Security Review-as-a-Service, etc.) based on CSA CCM v3.1, NIST CSF, and SAN best practices.
  • Implemented Dome 9 security and developed a configuration management process.
  • Deployed LogRhythm NextGen SIEM cloud service.  Hired and trained SOC personnel.
  • Integrated multiple systems via secure API to Archer for compliance monitoring.
  • 300% improvement in Administrative Controls.  Design various processes, policies, standards, and guidance.
  • Developed new changed management via ServiceNow that used automation and modern questionnaires with auto ticketing between teams and management.
  • Designed a security architecture review process for cloud applications, new platforms, and environments.
SOCIAL MEDIA
  • LinkedIn
  • Twitter
Copyrights  2020 by CyberSEC Geek, Inc. All Rights reserved