The stakes have never been higher. This blog post features insights from top industry leaders, including a CEO and a CISO, who share their experiences on impactful projects. The first expert discusses implementing comprehensive defense for a healthcare provider, while the final insight covers designing a secure cloud architecture for a client. Discover six unique perspectives on overcoming challenges in the cybersecurity realm.
- Implementing Comprehensive Defense for Healthcare Provider
- Uncovering Vulnerabilities in Network Through Penetration Test
- Rapid Risk Reduction for Ransomware
- Reducing Phishing Attacks for Healthcare Client
- Developing Secure Framework for E-Commerce Platform
- Designing Secure Cloud Architecture for Client
Experts Discuss Cybersecurity Projects that They are Proud of
Implementing Comprehensive Defense for Healthcare Provider
One cybersecurity project that stands out was implementing a comprehensive defense system for a mid-sized healthcare provider. With sensitive patient information at stake, we needed to secure the network while ensuring compliance with HIPAA standards. We developed a series of internal policies, rigorous training sessions, and multiple levels of technical controls. This involved extensive work with their IT team and regular hands-on training with employees to cover phishing detection, secure login practices, and secure file-sharing protocols. Knowing we were protecting highly sensitive data gave our team added focus and motivation.
The main challenge came from the volume of threats targeting healthcare, especially with AI-powered phishing attempts and ransomware attacks on the rise. As bad actors became more aggressive, we faced the constant pressure of monitoring and updating defenses. Another challenge was educating non-technical staff to recognize and avoid social engineering tactics; for example, we needed to show how one overlooked phishing email could lead to a major breach. Staying on top of new tricks that attackers might use was critical, and it became a team effort to implement quick updates and proactive employee awareness campaigns.
What I learned from this project is that employee education and readiness are as important as the tech we implement. The human layer is a common entry point for attacks, so training and engagement must stay high. Regular simulation exercises and staying vigilant to new threats are essential to prevent complacency. In cybersecurity, there’s little downtime, but staying alert and fostering a proactive team culture can make all the difference.
Elmo Taddeo
CEO, Parachute
Uncovering Vulnerabilities in Network Through Penetration Test
One project that stands out was a penetration test we conducted for a client confident in their network security after years of prior testing. This engagement required our team to simulate a cyberattack to identify any hidden vulnerabilities. Initially, our testing across various channels revealed only minor issues. But, as we conducted an on-site wireless scan, we uncovered a significant gap: a misconfigured copier/printer connected to the network.
The copier had an unsecured hard drive holding years of sensitive documents, accessible without any authentication. This small, overlooked device provided a pathway allowing deeper penetration into their network. From this point, we could access otherwise secure systems, revealing a substantial vulnerability the client hadn’t anticipated.
The biggest challenge was ensuring that our testing didn’t disrupt the client’s operations while providing a thorough assessment. As part of the process, we kept everything running smoothly, but it highlighted the importance of examining every endpoint and device, no matter how “insignificant” it may seem.
This experience taught us the power of vigilance and thoroughness. We worked with the client to secure all network endpoints and establish continuous monitoring practices. I’m proud of the outcome because it reinforced our commitment to “trust nothing, verify everything” and underscored the value of deep, ongoing assessments that go beyond the surface for our client.
Trevor Horwitz
Ciso, TrustNet
Rapid Risk Reduction for Ransomware
Yes, when I first arrived at my company as their Chief Information Security Officer (CISO) the cybersecurity team was in disarray. Team members were unhappy, disgruntled and leaving in their droves.
As a result, when it came to cybersecurity some of the basics had been neglected—especially protection against ransomware. Ransomware is a debilitating attack that can render organizations crippled for months, and for London’s water supplier, this could be disastrous. As such, we needed to address the ransomware risk quickly and efficiently.
With other water companies being hit constantly by ransomware attacks, the real challenge was time. We didn’t have the luxury of waiting to scope out a project (2-6 weeks), mobilize project resources (1-3 weeks), and then execute a project (3-6 months). We had to reduce risk immediately.
As such, we created what I now term Ransomware “Rapid Risk Reduction.” Designed to be spun up and closed down within only 6 weeks, we created a list of the ransomware specific controls we needed to implement and executed them through 5 agile sprints. This was a huge challenge as the organization was not used to working in an agile manner and so this was a significant cultural shift. We overcame this by issuing comms from the executive asking people to prioritize the initiative and by assigning a dedicated “Sprint Manager” who could keep a tight oversight on each of the sprints.
The result? We managed to implement a high number of technical controls across end-user devices and, at the network level, to drastically reduce the risk posed by ransomware—and we did so in only 6 weeks. Not only did this help their cybersecurity quite significantly, but it galvanized the team and made them gel together at what was quite a difficult time.
Jonny Pelter
Chief Information Security Officer (Ciso) and Founder, CyPro
Reducing Phishing Attacks for Healthcare Client
One cybersecurity project I’m particularly proud of involved helping a mid-sized healthcare client reduce phishing attacks. They had previously suffered data breaches and needed stronger employee training, email filtering, and a responsive incident plan.
The main challenges were employee resistance to phishing training and compatibility issues with their legacy systems. To increase engagement, we tailored training to their team and highlighted the real-world impact of phishing. For the legacy systems, we worked with vendors to customize solutions like advanced email filtering and multi-factor authentication.
This approach led to a 40% increase in reporting suspicious emails and no further phishing-related breaches, reinforcing the value of combining employee awareness with tailored technology solutions.
Mark London
President/CEO, Verity IT
Developing Secure Framework for E-Commerce Platform
One cybersecurity project I’m particularly proud of involved developing a robust security framework for a client’s newly launched e-commerce platform. The project’s goal was to integrate layered security measures while ensuring smooth user experiences-no small feat in a space where convenience and security often clash.
A major challenge was securing user data without slowing down the site or introducing barriers to purchases. To overcome this, our team implemented multi-factor authentication and end-to-end encryption while optimizing the site’s infrastructure to handle these additional security protocols without performance dips. We also conducted extensive vulnerability assessments, identifying and patching potential entry points before launch.
The outcome was a seamless, secure platform that instilled customer trust while protecting critical data. This experience reinforced the importance of balancing security with usability, and it highlighted the value of collaboration between cybersecurity and development teams in delivering a user-friendly, secure product.
Shehar Yar
CEO, Software House
Designing Secure Cloud Architecture for Client
One cybersecurity project I’m particularly proud of involved designing and implementing a secure cloud architecture for a client migrating their critical services to a cloud environment.
The main challenge was ensuring that the architecture met strict compliance standards while accommodating the client’s need for scalability and ease of access. I had to strike a balance between stringent security controls and the agility the client required, which was no small feat given the complexity of their operations.
To overcome this, I employed a layered security approach, incorporating identity and access management (IAM), multi-factor authentication (MFA), and data encryption both in transit and at rest. Regular threat simulations and continuous monitoring allowed us to proactively identify and mitigate potential vulnerabilities.
Ultimately, we achieved a secure, compliant, and scalable solution that exceeded the client’s expectations and strengthened their overall cybersecurity posture.
Chinyelu Karibi-Whyte
Cyber Security Consultant, Cyb-Uranus Limited
