presentation update

Presentation - ACME Bank Inc

Background Information

· General Customer xyz Demo

· Provide a brief demo of Customer xyz, since Sam (Head of SOC) is only one month into his/her tenure at ACME.

· A brief project update for the team, with special attention paid to milestone status, ROI, and project risks.

· As an existing customer, ACME is interested in how Customer xyz can provide and maximize ROI. Please present a high-level business case of some of the aspects of our business (technical and strategic) where you propose Customer xyz can create efficiencies and save money. ACME is particularly interested in eliminating wastage in the environment. The more relevant to ACME Bank and compelling overall, the better.

· ACME is interested to understand what the remainder of the contract would look like. What would be the key stages, milestones, activities and interactions we would expect in the continued relationship with Customer xyz?

· ACME recognizes that Customer xyz is both powerful and potentially dangerous, if operated incorrectly. The ACME team members are keen to review the existing Customer xyz Operating Model (attached) and discuss how ACME can leverage the model to drive progress in the account and greater adoption and value, safely.

ACME Bank has been a Customer XYZ customer since May 2018. Their contract is for 4 years. They are a large retail bank, focused mainly in the USA and hold 45% of all bank accounts in the USA.

The customer originally purchased 200k licenses of the Core Customer XYZ service, plus the following modules; Discover, Patch, Detect and the Threat Response.

There is also an unused $330k credit on the account. Throughout the second half of 2018 and early 2019, the focus on the account was on deployment, with the current status now being that the Customer XYZ base agent is about 97% deployed across the bank’s environment with only a few smaller offices in New York, Singapore and Germany remaining. The environment is made up of the following;

Environment	Approx No of Endpoints
Windows 7 desktops / laptops	10,000
Windows XP	1,000
Windows 10	127,000
Windows Server 2003	1,000
Windows Server 2008	18,000
Windows Server 2012	25,000
Linux	7,000
AIX	4,000
Solaris	1,500
Mac	200

Customer XYZ was originally purchased to fill a gap in visibility and control of the bank’s machines. The CISO was invited to an Andreessen Horowitz EBC and was so impressed with the technology that a soft commit to purchase was made on the day. She realised that, unless something changed, the costs of managing and resolving an increasing number of security incidents would be difficult to quantify and moreover, soon spiral out of control. She was also able to see the benefits of Customer XYZ in the growing problem of software licensing. The CFO of Group IT has a ‘slush fund’ budget of £10m to cover any unexpected costs associated with licensing. She could immediately see Customer XYZ’s value in reducing this spend.

Currently, Customer XYZ is owned by the Security Tools team. The team is led by Bobby and the lead technical SME is Charlie. Bobby owns most of the agent-based security technologies across the bank. The team are responsible for effective deployment, upgrades and maintenance of a number of products including Customer XYZ, Cyberark, Encase, Proofpoint and a large McAfee suite (Endpoint Security, ePO, VSE, DLP, HIPs, Drive Encryption, Web Gateway). Initially there was significant resistance to owning Customer XYZ on top of their existing responsibilities. A Customer XYZ VP managed to persuade Bobby and Charlie to attend CONVERGE18 which opened their eyes to the possibilities of Customer XYZ. Since returning from the conference in November 2018, Customer XYZ has rapidly become the main focal point of the team. Bobby’s team has doubled in size, largely due to the growing importance of Customer XYZ and the need to continue to support the other technologies.

It was around this time that you, as Technical Project Manager, became involved with the bank. Two years on, you have built up a solid working relationship with Bobby and the team, so much so that you’re seen as a trusted advisor to both the core team, and the wider bank. You are onsite every Wednesday, the same day as a number of ACME related calls, including the Customer XYZ Steering Group (TSG). Working closely with Bobby, you helped develop a comprehensive Operating Model and you are now in early discussions with Bobby on how to create a ‘Customer XYZ ‘Centre of Excellence’ (CoE) whereby other parts of the business can submit requests for data, reports or user access to Bobby and team, to be provided back to the requestor based on business value and overall benefit to the bank.

Currently, Customer XYZ is used in 3 main groups, with integration of Customer XYZ data into Splunk ongoing for the FIRe team. The FIRe team are currently testing Palo Alto Wildfire integration.

· FIRe team = Forensics and Incident Response

· VM = Vulnerability Management

· Security Tools

You have also recently found out that an old colleague from a previous employer has joined ACME to provide 2nd line risk oversight to the CISO (Sally’s) entire organization.

Despite the great relationships and interesting ideas being worked on, the account team (the Account Manager, TAM and yourself) see some risk in the account going forward. Customer XYZ is still primarily seen as a Security tool and the rollout of Threat Response (allowing the full breadth of security use cases) hasn’t occurred across all server groups yet, much to the continued frustration of the FIRe team. There is no clear owner for Customer XYZ in the Vuln Mgmt team, with different people each week dialing into the TSG. So far, the Patch module is relatively unused and, as with most large organizations, the responsibility for patching falls to the groups in charge of each type of environment. Despite the promise of Customer XYZ shown at the EBC, Customer XYZ has yet to provide much value outside of the 3 main user teams above.

Given the size of the bank, there are always competitors lurking. Bobby and Charlie have recently flagged the ongoing POC of a similar technology, Nexthink. This is being looked at in the End User Computing teams to provide better user experience to the employees. Last year, the bank signed a multi billion pound server outsourcing deal with IBM who are inevitably putting their own agents on the server estate. Server teams have been transferred across to IBM and this has caused a slow down in the communications channels. It can take up to 5 weeks for an IBM resource to be assigned to ACME work.

Finally, the Account Team is working on a strategy to truly break into the Operations side of the bank, in particular the End User Computing team and Asset Management team. An existing intro meeting with Chris did not go well as the Customer XYZ team were not as prepared as they could have been and the generic content presented did not resonate as well as it could have done.

In a few months Bobby and boss will need to go to the CFO of Group IT to request the $1.3m draw down to fund year 3 of Customer XYZ at ACME.