Urban One’s New CISO Drives Efficiency and Risk Reduction
With an IT team responsible for security, business applications, and IT operations, one of Urban One’s key areas of responsibility is to maintain and secure thousands of endpoints across the United States. After implementing NopSec’s Unified VRM solution to help with this monumental task, the Urban One team was realizing the benefits of their choice in just three days. The frequency of team meetings dropped and the team was able to streamline previously disjointed workflows. NopSec paid for itself 2.5 times in the first year alone.
Urban One is a media conglomerate serving 82% of the African American population. Their mission is to be the most trusted source in the African-American community that informs, entertains and inspires our audience by providing culturally relevant integrated content through our radio, television, and digital platforms. As such, the company produces and syndicates content for radio and television in 15 markets across the United States. Currently, Urban One has over 1200 employees.
VP Cyber Resilience, Luis Arzu: "NopSec delivered a rapid product onboarding - it took 3 days from installation to results - and made positive changes to the way how our team collaborates. Product provides clear program ROI."
Business & Solution Goals
- Maintain a strong security posture for endpoints
- Help the team quickly identify and track the greatest risks to focus limited time and resources on the most pressing issues
- Bridge organizational gaps and bring a disparate team – spanning security, IT operations and applications – together, to foster alignment, streamline communication and create a single, cohesive team
- Be able to test that vulnerabilities were correctly remediated, and that new problems were not introduced
- Produce metrics and benchmarking of progress in the form of executive and board reports to demonstrate the progress and impact
Urban One has an IT team consisting of a handful of team members. They are responsible for IT security, business applications, and IT operations. One of their key areas of responsibility is to maintain and secure thousands of endpoints across the United States. To help maintain a strong security posture for endpoints, and the overall organization – the team regularly conducts vulnerability scanning. The process of vulnerability scanning covers the entire network at Urban One and is performed using a scanner from Qualys. The process generates an ongoing list of vulnerabilities that must be triaged and immediately addressed. Unfortunately, the amount of data generated by the vulnerability scanning process required significant time, dedicated focus and resources.
To make sure each vulnerability is carefully tracked and managed, the IT team met 2-3 times every week to discuss each vulnerability and track efforts to fix and remediate potential threats to Urban One. Each vulnerability was manually tracked in a spreadsheet and a total of 10 team members would attend each meeting. This included the IT leadership team, business applications group, the network team, and the team from the radio division. With a total of 12 meetings each month, this meant that roughly 120 hours a month was dedicated merely to vulnerability tracking, reporting, and remediation.
The process was especially tedious and time-consuming, as it was difficult to prioritize vulnerabilities and understand which posed the greatest risk, and which were less urgent. The inability to understand the severity of vulnerabilities forced the team to make uninformed decisions to determine which could pose the greatest risk. In addition, there was often a significant amount of discussion on the state of each vulnerability and tracking the manual workflow between security and IT operations to ensure that no vulnerability was ever left unaddressed. It was a complex, risky and time-consuming process impacting many team members. It was clear that there was room to optimize the process and reduce risk to the organization faster, and more efficiently.
Luis Arzu joined Urban One in 2019 as the CISO and leader of IT security after successful roles in IT Security leadership at RaboBank, a Dutch multinational banking and financial services company and Farm Credit, a nationwide network of borrower-owned lending institutions and specialized service organizations. Luis quickly recognized that the process to reduce vulnerabilities required significant optimization. The volume of data was unmanageable, the amount of time spent each month manually addressing the problem was detracting from other critical activities, and – most of all – the process was potentially placing Urban One at risk. Luis determined that he needed an immediate solution to better manage risk and vulnerability at Urban One.
Upon vetting the NopSec solution, the team at Urban One quickly transitioned from proof of concept to full implementation and operationalization of Nopsec. Nopsec’s team provided training and joined team meetings to help ensure rapid time-to-value. As a result, Urban One was able to fully implement Nopsec and begin to extract valuable insights within three days. Urban One took the implementation a step further by integrating Nopsec into their ServiceNow implementation. This enabled Nopsec to automatically create tickets for IT Operations and send them to ServiceNow for IT Operations to remediate and validate. The process is streamlined and well-managed with much better visibility and a more secure infrastructure
Luis observed that the acceptance and adoption of the team was quick, and also spanned the organization, from IT security, applications and helped build a better, more productive relationship with IT Operations and also the executive leadership team.
Following the successful implementation. The team saw some very significant outcomes. The frequency of team meetings shifted from several times a week to only once a month. The team streamlined workflow and is able to quickly understand the status of every past and current vulnerability and quickly close the gap from identification through remediation and validation. Luis shared that the entire team now feels that they are now much better equipped to manage vulnerabilities and improve overall security.
Customer Benefits & ROI
The additional time recouped from the use of NopSec has provided tangible benefits: it has ensured better security posture, but has also enabled the entire team to shift from constant meetings to focusing on innovation, deploying and supporting new financial and business applications and ensuring the business is enabled for growth and success.
The investment in NopSec delivered definitive ROI in year one. Specifically, the investment in NopSec paid for itself 2.5 times in the first year alone, a return not typically seen in software or cybersecurity investments.
The partnership between NopSec, Luis and the team at Urban One continues today with a strong and ongoing with a mutual commitment to one another’s success.