- Job title of nominated professional: CISO
- Company (where nominated professional or team is working): Commonwealth of KY
- Website: http://chfs.ky.gov/os/oats/
- Company size (employees): 5000
In 3 bullets, summarize why this professional or team deserves recognition:
-doing the most with the least amount of resources, in the least amount of time
-brought level of maturity to a old program in two months that had not been in place for years
-continue to improve the processes, while building in missing processes
In less than 300 words, summarize the achievements of the professional or team in the nominated category
This team has operated for the past two years without Senior Security leadership. The team now has a CISO, and has added some staff.
The team has begun to create a mature security program, governance program, and contributing to the application development cycle in a manner that speeds up releases, production, and efficiencies. That plan is working towards taking a process that spanned many months down to weeks, or days.
The team has had to work backwards; many of the large projects they have tackled at once include policy review, and creation, governance, audit, and compliance program, risk management program, data classification, incident response, and baseline configuration programs.
A recent accomplishment took outstanding audit findings, some as old as two years, and resolved these findings by 80% in just two months.
The team continues to improve daily, and grow. The road-map to a mature security program lays in front of them, and the efforts so far has distinguished them as the clear Security Department of the Year.