RH-ISAC BLOG

We Need to Be All In

Author: Suzie Squier, Executive Director, RH-ISAC

By: Suzie Squier, Executive Director, RH-ISAC

Whether it was working with legal counsel to determine what information can be shared, or in internal discussions with his team, “being all in” was Publix vice president of IS architecture and security Steve Wellslager’s mantra for his efforts in increasing Publix’ sharing within the RH-ISAC community. Steve opened the RH-ISAC’s second of four regional workshops, sharing with the room that Publix was one of the founding members of the RH-ISAC and has been committed to the organization from the beginning.

Steve’s address was followed later in the program with senior manager of IT security Rick Rampolla’s outstanding presentation on how Publix is transforming from a compliance-based security operations center (SOC) to a threat intel-based SOC. We’ve asked Rick to reprise his presentation in a future Cyber Thursday webinar, so stay tuned for details. It is a journey that started with taking a step back to determine, as Rick explained, “what threat intelligence means to us.” It wasn’t a total reversal of their current operations, but a step-by-step process focused on their requirements, which incorporated sharing with the RH-ISAC within their workflow.

“We were consumers of RH-ISAC data for a long time,” explained one Publix team member, “but Rick’s philosophy is that we need to be good stewards to our community and our industry.” During the transformation, Publix came up with an approach that not only got important threat information into their SEIM, but also allowed the team to share what they were seeing with the RH-ISAC community. In writing their report, their listserv contribution is ingested directly into the RH-ISAC Enclave, which, in turn, feeds directly into their SEIM integration. Now, their workflow shares strengthen their environment while simultaneously sharing important information to other RH-ISAC members.

As is usually the case when bringing RH-ISAC members together, the workshop provided a great opportunity to meet with other members in the area, share insights, and allowed the RH-ISAC analysts and team to deepen their awareness of retail’s unique challenges. Thank you to our sponsor, Symantec, and to Publix for hosting this event. Two more workshops remain – this Thursday, June 7, at Target headquarters in Minneapolis, and June 28 at Sally Beauty’s headquarters in Dallas. If you’re nearby and haven’t registered yet, I encourage you to visit our site for more information or email events@RH-ISAC.org to register.