Safety chief: Michael Lashlee, CSO
In 2022 Mastercard launched its Safety Convention Initiative to emphasise the significance of safe coding practices. The purpose was to show software program builders to create safer, resilient software program by embedding security inside the software program growth lifecycle.
Based by the corporate’s Safety Champions, members of the Safe Software program Improvement Lifecycle group, and the Enterprise Safety Enablement Guild, the initiative — a periodic occasion — engages builders by way of hands-on experiences resembling interactive coding challenges and stay assault simulations to boost their safe coding expertise and lift their consciousness of safe software program growth lifecycle ideas.
Moreover, it fosters collaboration between the software program growth group and security groups, promotes shared accountability for security, builds technical experience, and drives cultural change.
“The largest profit is scaling the tradition of security by offering an all-hands-towards-secure-coding interactive studying expertise,” says Swarali Kulkarni, lead product proprietor at Mastercard.
Kulkarni notes that the convention covers a variety of matters, from government briefings and trade insights to workshops and aggressive tournaments, “making a well-rounded and impactful expertise for everybody concerned.”
The initiative leans on Safe Code Warrior and Cyberange coaching platforms to ship a gamified expertise, which has each measurable and required minimal time commitments (two days, with three to 4 hours every day). The platforms assist greater than 50 programming languages and supply a spread of metrics to evaluate safe coding accuracy, monitor studying hours, observe the variety of code flaws resolved, and extra.
To this point, there have been 5 conferences, every attended by greater than 400 individuals from Mastercard’s software program growth group. Every convention is particularly tailor-made for packages inside Mastercard that categorical curiosity in taking part, Kulkarni says.
Penn Drugs modernizes it menace detection program
Group: Penn Drugs
Challenge: Cyber Menace Detection Overhaul
Safety chief: Julian Mihai, CTO
Penn Drugs had put in a top-of-the-line security data and occasion administration (SIEM) resolution practically a decade in the past, however the security group acknowledged a number of years in the past that the on-premises system may now not match the pace at which assaults now evolve.
“Now threats can change by the hour, so detection in a short time is paramount immediately. That was the motive force to rethink and retool our detection know-how,” says CTO Julian Mihai.
Mihai and his group carried out a brand new cloud-based SIEM resolution in 2024, deploying an revolutionary constellation of MITRE ATT&CK fashions to information strategic and tactical path of the menace detection program.
“It was a whole redesign, and the whole lot that was legacy was decommissioned,” Mihai says.
Jesse Whyte, director of cybersecurity protection, says the initiative required modifications not solely within the know-how however in individuals and processes, too. Safety workers needed to be skilled to undertake a “menace intelligence first” strategy that targeted on evolving threats and tips on how to use new menace intelligence for detection.
The security group additionally needed to implement the fitting governance to stop unnecessarily quarantining a important system. And so they had to make sure the egress pipelines may assist the amount of knowledge going to the cloud-based SIEM resolution.
“The largest problem was managing spend, [as a] fashionable SIEM options license is predicated on the quantity of knowledge that’s ingested. We wanted to create a data-ingestion layer that supplied alternatives for us to prune knowledge because it entered the information lake, all whereas growing the general consumption and managing the run-rate of the challenge,” Whyte explains.
The cloud-native SIEM resolution and Penn Drugs’s modernized security operations have delivered spectacular outcomes. The group now works seamlessly with its managed security service supplier to make sure 24/7 protection — and it has been freed to “work increased within the stack,” Whyte says, as AI and automation deal with routine incidents and duties.
Critically, the security group’s time to detect and time to include have been drastically slashed, with PennMed reporting enhancements of greater than 550% for every.
Group: TIAA
Challenge: HUNT (Hyper-Automated Unified Community Menace Looking)
Safety chief: Sastry Durvasula, Chief Working, Data, and Digital Officer
Safety leaders at TIAA formally evaluate and refresh their priorities yearly as a part of the corporate’s 3-year-old Cyber 2.0 initiative. In 2024, they determined to deal with enhancing their use of synthetic intelligence to counter cyberthreats that have been more and more fueled by AI.
The consequence: a brand new functionality referred to as Hyper-Automated Unified Community Menace Looking.
HUNT reduces the danger of undetected threats utilizing revolutionary AI and machine studying fashions with a 60-minute most detection time. It’s constructed on current business instruments with tailor-made telemetry assortment that consolidates suspicious exercise throughout TIAA’s cloud infrastructure.
HUNT goes after what Sastry Durvasula, TIAA’s chief working, data, and digital officer, calls “sleeper cells” — these threats that disguise in an setting, sending alerts again to menace actors and ready for them to activate an assault.
Durvasula, who oversees security, factors out how troublesome these threats are to detect and the way a lot guide work has historically been wanted to establish them in an enterprise setting. Durvasula and his group noticed AI as key to lowering that guide work and boosting effectiveness and effectivity.
With no business resolution that met TIAA’s wants out there, TIAA constructed its personal.
TIAA groups designed the software in 2024, constructing and coaching the AI/ML fashions to search for patterns that point out threats. HUNT, which sits on high of current instruments and makes use of trade instruments, together with MITRE ATT&CK framework, notifies an analyst when it detects a menace so the analyst can deactivate the menace.
Rolled out in early 2025, HUNT now reduces the time and assets wanted to detect and remediate. “It considerably strengthens our cyber posture,” Durvasula says, including that he and his group plan so as to add extra automation and intelligence, together with generative AI, with the purpose of utilizing agentic AI to totally automate menace detection and response.
Walmart enlists AI to proactively establish branded phishing websites at scale
Group: Walmart
Challenge: Phishface
Safety chief: Jerry Geisler, EVP and CISO
Figuring out true threats from the big quantity of alerts is a problem acquainted to most security capabilities. To handle this, Walmart’s Cyber Intelligence (CI) group created Phishface, a proprietary phishing detection machine studying mannequin skilled to establish webpages visually just like Walmart-branded login pages.
“The amount and inflow of brand-abuse web sites that have been manually processed by the CI group is what initiated the challenge,” says Jason O’Dell, vice chairman of security operations.
The CI group constructed a mannequin that might ingest a feed of domains/web sites and establish business-branded web sites that might be additional fed into detective controls. As soon as the POC was accomplished, the CI group transferred Phishface to the SecOps Dev group.
“The first operate of the challenge was to cut back the amount of alerts for possible threats, aiding analysts in figuring out probably dangerous and brand-abusing web sites,” O’Dell explains, including that it has delivered “a considerable improve in analyst effectivity and effectiveness.”
“Up to now, analysts confronted an amazing quantity of knowledge that was practically unattainable to evaluate in a well timed method. This challenge rendered that move of knowledge right into a manageable quantity, permitting a small group of analysts to effectively present well timed opinions,” he provides.
The challenge diminished the variety of objects by roughly 98.5% on common, enabling analysts to redirect their efforts to higher-priority strategic actions. It has additionally achieved a 98% stage of accuracy, instantly enhancing analyst productiveness and useful resource allocation, says Gavin Clark, group director of security operations, menace detection.
Phishface is having a big influence, O’Dell says, “giving the group the power to establish malicious websites shortly, at scale, and feeding that knowledge to different detective controls for close to real-time actions. Such a mannequin can analyze internet pages quickly, display 1000’s of webpages constantly and adapt to new phishing pages with out guide updates. In brief, it’s shifting detection posture from reactive cleanup to proactive prevention.”
