Information Technology expert David Ulloa has nearly 30 years of industry experience and has dedicated the past ten years of his career to IMC Companies, the largest major drayage provider in the US. In his role as IMC Company’s CISO, he strives for security excellence. In addition to his tech expertise, David Ulloa also holds a doctorate degree in philosophy.
For each and every one of us in the cyber security space, we face all kinds of challenges every day. In an amazing combination of good planning and good luck, what could easily have been my greatest challenge turned out to be an unbelievably easy IT exercise.
What was this imminent challenge? Quickly deploying VPN to a fleet of more than 500 IMC Companies’ employees.
It was Wednesday, March 11, 2020, around noon, and I received a call from the CIO of IMC. “David, we need to deploy the new VPN Solution. Are we ready?” The coronavirus crisis was closing in, and the IT department feared that we would need to shutter the office doors within the next few days. Employees would need VPN access while working from home.
I was in the Caribbean on vacation at the time, but this was a non-issue. The answer was simple. “No problem at all, we just need to do a couple of clicks and the whole fleet will have it.” In minutes, the clicks were made, and just like magic, everyone had VPN access.
We had done a lot of work in the previous months and years to the point where we were able to “hit the ground running,” as they say. When local and state authorities officially announced the #StayHome decision, we were ready.
The next big challenge to improve our security posture: MFA amidst #WFH.
For some time, the CIO and I had multiple conversations about getting the Microsoft Azure MFA (Multi-Factor Authentication) in place. There were many legitimate reasons to hold off, but after multiple intrusion attempts, and a newly remote workforce, we had no choice but to implement MFA, conditional access, and geographically based access.
To our own surprise, the deployment process proceeded smoothly. We prepared easy-to-follow, step-by-step documentation to help users, and we took an in-phases deployment approach. And now, 100% of our 500+ users have MFA.
What other projects have really added value to your security in recent months?
Earlier this year, we also deployed our SOC (MDR/IR) solution. This allowed us to concentrate on remediating specific targets. It allowed us to stop one incident in a matter of mere seconds.
All-in-all, we were able to double up on our cyber security protection in just a few months. Getting all the different IT groups aligned for the new solution was the biggest challenge. To overcome this challenge, we took the “How do you eat an elephant?” approach (one bite at a time), which allowed us to bring the whole group to a place where the direction was mutually decided upon, trusted, and accepted.
What should the CISOs of the Cyber Talk audience take away from this?
Set your destination and plan out the journey, then take baby steps until you get there. There will be bumps on the way so surround yourself with other experts, either other partners or by getting involved in one of your local user or cyber security groups. Not one at your location? Then start it yourself, “If you build it they will come”.