|
Security Awareness
|
 |
Vigilance Award for
Information Security |
| "Protecting
things of value from harm." |
 |
2007 Recipients
Greg Brown
Greg Brown
has been selected for the VIGILANCE AWARD for
Information Security as a result of his efforts to
take action to significantly reduce information
security risk and to actively promoting an
information security-sensitive culture. As a
software developer on Smart Meter, he goes above
and beyond his current responsibilities to ensure
that application development and integrations are
secure, including compensating controls when a
particular solution won't completely solve the
problem. He ensures that end to end security is
achieved. He provides information security
assistance to other portions of the Smart Meter
program outside of his scope or responsibility. He
helped select Technology security vendors,
security SOW reviews, security evaluations of
technology solutions, etc. Greg has led security
collaboration forums consisting of multiple
organizations and project teams to discuss
security topics and share materials developed
across team boundaries. He continually promotes
security to other Smart Meter teams and educates
them on the important roles non-security
professionals play. For example, he integrated
into the Smart Meter business architecture team
the Information Owner role (responsible for
classifying company information) which they
originally did not perceive as their
responsibility. He has also helped them define
processes to identify Information Owners and
perform information classification
correctly.
Josh Gerber
Josh
Gerber, an IT Architect, has been selected as a
result of his efforts to recognize an opportunity
to protect company information security assets,
take action to significantly reduce an information
security risk, and actively promote an information
security senstive culture. Josh understood that
Smart Meter security issues represented
significant seriously threats to our customers,
company, San Diego, and the country and these
threats were compounded by multiple software
components (LAN, HAN, CPU) and remote disconnect
functionality, which, if unchecked, could be used
to cause wide-scale blackouts. After alerting his
management, he took the initiative to investigate
these issues and communicate them to employees and
vendors. He made contacts in this specific
security area in order to begin a dialogue with
security experts in the field. He convinced Smart
Meter management to hire experts in the security
field. He co-authored a white paper on the threats
to raise awareness of the issues. He held special
security meetings with each vendor finalist to
ensure they understood our concerns and would take
action to alleviate them. Josh went against
conventional wisdom to support increasing the
amount of security review of our Smart Meter
solution. He has also reached out to other
utilities and raised awareness with SCE and
PGE.
Dave Inglehart
Dave
Inglehart has been selected for his work to
recognize an opportunity to protect company
information assets, take action to significantly
reduce an information security risk, and to
actively promote an information security sensitive
culture. Dave is a Senior Infrastructure
Technologist who is involved in most all projects
concerning the use of Active Directory (AD). He
asks security-specific questions of every project
that relies on AD in order to ensure they provide
the appropriate protection necessary to protect
the company's enterprise infrastructure. He asks
hard questions and provides secure solutions. When
a client wanted to integrate with AD in a
particularly insecure fashion, he approached it
from a "big picture" information security
perspective and did not allow them to jepardize
the company's enterprise infrastructure. He
volunteered to work with the client on a soluton
that would minimize the company's risk while
allowing the client to meet its bsuiness needs.
Dave recognizes when projects require attention
from Information Security and coordinates those
efforts with IS. Dave promotes the value of
information security and brings disparate teams
together to solve security-related problems. He
carries that information security mindset to every
project he works on, frequently speaking to
information security topics when talking to other
groups.
Murali Vasudevan
Murali Vasudevan has been selected because
of his ability to recognize an opportunity to
protect company information assets, take action to
significantly reduce an information security risk,
and actively promote an information security
sensitive culture. During the implementation of
consolidator functionalities for the eServices
applications for both SCG and SDGE utilities,
Murali played a major role in ensuring that
protecting residential customer information was
the highest priority. Murali is an avid advocate
for secure online applications. He leads by
example, taking action to reduce information
security risk for both newly developed
functionality as well as operational aspects of
systems already in production. Murali defined and
implemented BMC security rules to protect the My
Account Online Bill Pay applications from threats
by making sure the BMC tool reviews log files and
database records and notifies IT support groups of
suspicious activities. Murali keeps himself
informed of security trends and then applies and
promotes this knowledge to his design and
implementation work at Sempra. He never hesitates
to share his knowledge of latest practices in web
application security with his team to ensure
systems are less vulnerable to security attacks.
Murali conducts design and code reviews with
developers and makes sure that they follow robust
design and implementation from a security
perspective.
|
| |
| |
| |
|
iProtect SE
Contents
|
|
|
|
| | |
[ News | Community/Events
| Org Charts/ Directory | Policies | Forms | Human Resources / Career Ops | Online
Ads | Help]
