Cybersecurity

A leading North America financial service organization wanted to understand how its technical security architecture and capabilities compared against best-practice controls used among cross-industry security leaders. We conducted an analytic assessment of control effectiveness across the bank’s full technology landscape to identify 90-plus areas that warranted deeper analysis. We then worked with a deeply technical external partner to create and execute hands-on validation tests for each area that was considered a potential risk to the bank. The results uncovered vulnerabilities and many previously unreported insights about the effectiveness of cyber controls throughout the institution’s technology landscape.

Following a cyber breach, we helped a Latin American bank’s digital transformation get back on track by rapidly training each of its agile squads in hands-on secure software development and delivery. We worked with a technical training partner to quickly provide quality assurance to existing code and halt the introduction of new vulnerabilities into the bank’s technology. With the bank’s digital transformation team, we helped restore confidence in the agile process and embedded new secure ways of working in the bank’s software development and deployment operating model.

To address shortcomings identified in both the security of external products and the effectiveness of its internal security function, we helped a European enterprise software company modernize its strategy and transform its security operating model across all business units. We worked with leaders across the organization to analyze current cyber working models, design a new service catalog and delivery processes, and define a multiyear transformation plan. Alongside the organization’s digital transformation team, our experts helped design and implement several high-impact initiatives like security product rationalization and automation of security processes.

After a series of successful cyberattacks against key operational technology assets, we helped a Southeast Asian oil and gas company assess its cybersecurity gaps, build internal capabilities, roll out appropriate safeguards, and establish a corporate cybersecurity program spanning both the information technology and operational technology environments. We worked alongside its experts to design and build advanced cybersecurity solutions, establish a cybersecurity team of 20-plus full-time-equivalent employees, and shift the organization’s culture to one of cybersecurity safety across risk, technology, and operations.

As a part of a digital transformation, we helped the new chief information security officer and digital leaders of a Latin American oil and gas company develop a holistic cybersecurity program. Using our Digital Resilience Assessment, we created a baseline and benchmarked cybersecurity maturity, and then we conducted a rapid Cyber Risk Insights assessment to identify critical assets, understand information and operations controls, and measure residual digital risk exposure across the value chain. To assist with implementation, we partnered with leadership to design key initiatives and to build capabilities within the team.

Faced with competitive threats across its product portfolio, a global cybersecurity product and service organization wanted to develop a business case for a new end-to-end platform in a lucrative and fast-growing segment of the cybersecurity market. Working in short sprints, we codeveloped a novel and strategic approach across functions to build a next-generation solution. As the product transitions from ideation to development, we remain a sounding board and market advisor, bringing our outside-in perspective to threats, competitors, enhancements, and go-to-market opportunities.

In the wake of a suspected cyber event, a North American healthcare organization realized it needed to formalize management-level escalation processes to better prepare executives for major events. We helped it develop a set of criteria for classifying incidents as well as a set of policies for escalation and notification. Then, we worked with a cross-functional team to construct a realistic simulation of a major cyber event. After running the simulation, the organization developed a cyber-communication strategy, identified several initiatives for crisis preparedness, and put protocols in place to better handle future cyber events.