We Need to Be All In

By: Suzie Squier, Executive Director, R-CISC

Whether it was working with legal counsel to determine what information can be shared, or in internal discussions with his team, “being all in” was Publix vice president of IS architecture and security Steve Wellslager’s mantra for his efforts in increasing Publix’ sharing within the R-CISC community. Steve opened the R-CISC’s second of four regional workshops, sharing with the room that Publix was one of the founding members of the R-CISC and has been committed to the organization from the beginning.

Steve’s address was followed later in the program with senior manager of IT security Rick Rampolla’s outstanding presentation on how Publix is transforming from a compliance-based security operations center (SOC) to a threat intel-based SOC. We’ve asked Rick to reprise his presentation in a future Cyber Thursday webinar, so stay tuned for details. It is a journey that started with taking a step back to determine, as Rick explained, “what threat intelligence means to us.” It wasn’t a total reversal of their current operations, but a step-by-step process focused on their requirements, which incorporated sharing with the R-CISC within their workflow.

“We were consumers of R-CISC data for a long time,” explained one Publix team member, “but Rick’s philosophy is that we need to be good stewards to our community and our industry.” During the transformation, Publix came up with an approach that not only got important threat information into their SEIM, but also allowed the team to share what they were seeing with the R-CISC community. In writing their report, their listserv contribution is ingested directly into the R-CISC Enclave, which, in turn, feeds directly into their SEIM integration. Now, their workflow shares strengthen their environment while simultaneously sharing important information to other R-CISC members.

As is usually the case when bringing R-CISC members together, the workshop provided a great opportunity to meet with other members in the area, share insights, and allowed the R-CISC analysts and team to deepen their awareness of retail’s unique challenges. Thank you to our sponsor, Symantec, and to Publix for hosting this event. Two more workshops remain – this Thursday, June 7, at Target headquarters in Minneapolis, and June 28 at Sally Beauty’s headquarters in Dallas. If you’re nearby and haven’t registered yet, I encourage you to visit our site for more information or email events@r-cisc.org to register.