1 / 22

Leadership Challenges in Sports Authority Bankruptcy Case Study

Discover the leadership responsibilities and technical challenges faced by Merlin Namuth in managing the security program during the Sports Authority bankruptcy. Learn valuable lessons on vendor management, access removal, data preservation, and more.

mangual
Télécharger la présentation

Leadership Challenges in Sports Authority Bankruptcy Case Study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Business Folds: Security Doesn’tSports Authority Case Study Merlin Namuth CISSP, PMP, GCFA, GCIH MASH-F03 Director of Standards, Risk, Compliance and Security Red Robin Gourmet Burgers, Inc. https://www.linkedin.com/in/merlin-namuth-904a5b11

  2. Agenda Introduction Company Background Leadership Responsibilities Technical Challenges Application

  3. Personal Experience • 22 years in IT – last 19 in Security • First computer was 486SX-25 with 4 MB of RAM • First security class was Checkpoint 4.0 • Worked in Retail, Financial Services, Defense, Healthcare, Oil & Gas • Leadership • Built and managed security programs in Retail, Oil & Gas, Government, and Healthcare • Led incident response teams to resolve over 200 incidents • Earned a Master’s degree in Social Work • Earned a Master’s degree in Finance • Technical • Enterprise forensics, incident responder, architecture, engineering

  4. Sports Authority Background & Issues

  5. Sports Authority Background • Started in 1987 • $2 Billion a year revenue • Over 450 stores in the U.S. and Puerto Rico • 15,000+ employees

  6. Sports Authority Issues • January- chose to not make interest payment on part of the debt • Goal: Lenders would renegotiate debt • Leaders thought this strategy would work

  7. Sports Authority Issues • Lenders did not renegotiate debt • March - Filed Chapter 11 Bankruptcy • Goal: Lenders would renegotiate debt • Other sporting goods retailers showed strong interest in buying the company • No offers before bankruptcy auction

  8. Sports Authority Issues Only bid at the bankruptcy auction was from a liquidation group

  9. Leadership Responsibilities

  10. Leadership Responsibilities Doing the Right Thing • Taking care of employees • Helped staff with their job searches • Keeping the company secure • Still had a job to do

  11. Leadership Responsibilities Every employee given date when role would end Retention bonus announcement came after several people had left Accrued vacation not paid out Low unemployment in security = good external offers

  12. Leadership Responsibilities • During the different phases of the business process: • Encouraged team • Provided a listening ear • Transparent about my own hopes and concerns • Didn’t gloss over anything

  13. Leadership Responsibilities Vendor Management Some contracts canceled early Some contracts renewed No new contracts Soured relationships as vendors weren’t getting paid or paid on time Points of contact leaving and nobody knowing about a vendor issue

  14. Technical Challenges

  15. Technical Challenges Removing access for nearly 400 employees in 1 day Created a PowerShell script to remove AD access Manual sync with Google HR wanted to shut down access at 5:00pm Physical access

  16. Technical Challenges Maintenance Expiration 2-Factor tokens expiring Maintenance on IPS expired Recovering from aged systems failures could be issue with strained vendor relations and maintenance renewals not being paid Disaster recovery

  17. Technical Challenges Closing 450+ Stores Didn’t fully understand what systems were in each individual store Remote wiping Removing access

  18. Technical Challenges Corporate Office Closure • Lack of detailed data processing flows • What security controls could be turned down without compromising security posture • Employee purchase • Wiping SSD drives on Macs • Difficult to verify wipe

  19. Technical Challenges Preserving Company Data • What data to keep? • What laptops/workstations should be archived? • Where to store? • How much storage? • Security of the storage and transport of data to this storage • Hash files to ensure integrity • What about the systems that created the data? • May have to gather data for legal reasons • How long data should be stored? • Legal implications of data retention

  20. Lessons Learned Be transparent with employees and supportive Communicate with vendors Keep fighting for not relaxing security Be creative to solve difficult problems

  21. Application • Next week you should: • Spend time with your staff, co-workers, and vendors to start building strong relationships • In the first three months following this presentation you should: • Understand your different vendor contracts • Develop process for disabling a large number of user accounts in a short amount of time if your company has a mass layoff • Identify where critical data resides and develop process for how to securely delete it • Work with staff to cross train, in case a key member leaves

  22. Thank You! Merlin Namuth https://www.linkedin.com/in/merlin-namuth-904a5b11

More Related