Options has continued to evolve to support our clients in the wake of an ever-changing, increasingly difficult to navigate threat landscape. Over the last year, there have been more zero-day vulnerabilities reported than ever before. In 2021 so far, Ransomware attacks have increased by 102%, malware exploits by 358%, and the average cost of a data breach in the financial sector is now estimated at $5.85 million. To effectively prevent or respond to such incidents, organisations can no longer rely solely on their internal information security controls. Third-party security has become a critical item on every organisation’s InfoSec agenda. Understanding the rewards and risks that third parties introduce, Options are committed to continuously enhancing both our own and clients’ security posture.
In parallel with the launch of our enhanced Managed Security Service offering, we have established an internal InfoSec committee to ensure Options remains the industry leader, pioneering all future developments in our own environment before deploying to clients.
Below are a few of the Options InfoSec committee members who work behind the scenes to secure our environments.
Name: Marlena Efstratopoulou
Role: Chief Risk Officer
Security role: Security as a Service Product Owner
Marlena joined Options in April 2021 from Fixnetix, where she held the position of CISO and was responsible for Managed Security Services. At the start of her career, Marlena developed a cyber security offering that assessed organisations’ security states and produced key initiatives to help them reach their target security operating model.
Through the InfoSec committee, Marlena leverages Options’ existing capabilities to provide premium end-to-end managed security services across all product lines. Her goal is to provide clients with tailored solutions to enhance their security profile through risk and compliance management to both Options’ and industry-standard regulatory frameworks.
On the committee, Marlena commented, “The role of InfoSec committee is to ensure our security strategy aligns with business objectives by identifying initiatives that enhance Options’ and our client’s security posture. Security is an ever-evolving field that requires industry pioneers to constantly monitor and adapt to technological and regulatory changes. This forum allows Options to adopt a proactive rather than a reactive approach to security.”
She concluded: “Security is so much more than technical controls or compliance. It should be risk-driven and integrated across all business functions. Through the InfoSec committee, we further strengthen our commitment to protect our clients.”
Name: Marie-Louise Quigg
Role: Global Team Lead – Managed Apps
Security role: InfoSec Committee Chairperson
Marie-Louise’s primary role as Global Team Lead and Technical Account Manager for Options’ Managed Applications product has given her practical insight into the security concerns of clients and partners in the financial sector.
Marie-Louise joined Options as part of the Support team before working as an Account Manager. This daily interaction with clients equips her to understand their particular concerns, and her breadth of knowledge allows clients to trust her expertise on their bespoke issues.
On the InfoSec committee, Marie-Louise said, “Being the chairperson of Options InfoSec Committee is a career highlight, which has offered the opportunity to work with a team of true engineering leaders and cutting-edge security tooling.
Through our Security baseline, DomSec, and client InfoSec monitoring and alerting, we provide a world-class security service with white-glove account and incident management.”
Name: Jenna Armstrong
Role: Security Manager
Security role: InfoSec Committee Deputy Chairperson
Jenna started Options 5 years ago as a Technical Support Engineer before progressing to Account Management, where she gained hands-on experience working with clients and developed her understanding of different technologies. Through her work as a Technical Account Manager, she discovered the importance of security and the potential commercial and reputational impacts caused by a breach.
As a Security Manager in Options, Jenna collaborates with a wide range of clients and vendors to schedule and coordinate Penetration tests that are key for exposing weaknesses. She also assists with Security Questionnaires and helps clients gain and navigate an understanding of their security posture.
On the InfoSec Committee, Jenna explained, “The InfoSec committee has been an excellent opportunity to put what I have learned in my 5 years at Options into play, as well as learn and evolve my understanding of different elements of our Security Service.”
Name: Aimee Graham
Role: Data Analyst and Engineer
Security Role: Splunk Security Engineer
Aimee joined Options over 7 years ago with a background in Mathematics.
She admits, “IT was a change of direction for me, but one that still matched well with the mathematical mindset of trying to deconstruct problems and solve them most efficiently.
Working on the Support Desk initially helped me gain a great understanding of the different technologies we use at Options, and I’ve watched these develop and progress over the years. I spent months onsite with clients, and this is where I first realised the importance of visibility and reporting, with an emphasis on security.”
As a Support Engineer, Aimee started providing monthly security reports to clients; introducing Splunk allowed her to develop Options reporting across the wider client base. As Splunk became a central logging system for numerous datasets, Aimee was able to improve and add more value to Monthly Security Reports.
Aimee added, “Working as a Technical Account Manager was vital in improving my understanding of our clients’ needs and providing crucial business context that helped me understand what is truly important from their perspective.
You could say I’ve come full circle back to the mathematical end of things. Through working with the Splunk platform, I gained an understanding of the importance of being able to report on key data points at scale. Four years ago, I was given the opportunity to work on building up the Splunk and general analytics toolset internally so that all parts of the business can engage and gain a better understanding of what is happening in their area. Every day we are presented with new potential datasets, and the challenge is to identify the angle that we need to present back to users for them to have meaningful insights and make informed decisions.”
Name: Shona Carson
Role: Data Analytics
Security Role: Auto-SOC Product Owner / InfoSec Committee Member
Shona joined the Options Support team 4 years ago through the Graduate and Placement Programme.
She admits, “Security wasn’t something I had thought about. My role in Data Analytics opened my eyes to the importance of security and how we can use our big data tools to keep a close eye on our platform. Having logs from all our systems in one central system, namely Splunk, made it the perfect tool to help develop a security-focused product. These tools, along with our understanding of the industry and our clients, allowed me to develop Options AutoSOC.”
The AutoSOC product, developed by Shona, gives Options clients piece of mind as it provides full visibility across the security monitoring and investigation that Options has been executing on their clients’ behalf for many years. Within the InfoSec Committee, Shona uses Splunk to continually test aspects of the Options platform that could be tightened up in terms of Security.
Name: Jessica McDonald
Role: Technical Support Engineer
Security Role: Internal & Domain Security Checks / AutoSOC Team Member / Infosec Committee Member
Jessica started with Options through the Graduate and Placement programme 3 years ago, working initially as a support engineer who travelled to meet various clients and partners, providing technical support. This is where Jessica first noticed an important common theme among each client: cybersecurity.
Jessica says, “Through Options, I’ve had a lot more insight into how much of an integral role security plays in the industry. I work closely with the Splunk engineers and Security teams to carry out multiple security checks per day, both internally and throughout the platform. Using Splunk to set a baseline and amalgamate the data sources for our daily checks, provides our clients and us with the confidence that we are consistently monitoring the security posture of our platform in a scalable and easily tracked system.”
Jessica works alongside Shona and Sasha from the AutoSOC team on incident response – a vital aspect of cybersecurity. Together, the team has created a valuable way to prioritise security investigations while giving clients complete visibility in the process.
Jessica adds, “When the Infosec Committee was formed, I was delighted to have another chance to collaborate with a great team of Options colleagues in further tightening our security stance and staying ahead of potential threats.”
The InfoSec committee meets weekly to address both internal and client security objectives. The committee evaluates and improves controls in endpoint, infrastructure, network, and application security alongside threat and vulnerability management and incident response. The team’s goal is to seamlessly integrate security controls across people, processes, and technology to enhance both Options own, and client security postures.
If you would like to hear more about Options Managed Security services, and how we can help you, please get in touch via firstname.lastname@example.org.