Security Program Transformation

A widely dispersed organization develops a solid foundation to ensure a strong security program.

The Client

A construction and real estate conglomerate with over 1,200 employees and 25 business entities with operations in 35 locations.

The Challenge

In 2016, this client recognized the need for a formal security program to ensure the integrity and availability of their data and systems.

The Solution

With help from Sirius, the client developed a solid foundation for—and implemented ongoing processes to ensure—a strong security program.

The Results

  • Reduced the number of critical security vulnerabilities by 92%

  • Heightened security awareness, with 90% of employees participating in routine security essentials training

  • Strengthened the client’s security posture to ensure that data and systems are protected, and created a culture where “security is everyone’s business.

Building a World-Class Security Program

Beginning in 2016, Sirius helped the client establish a layered defense strategy focused on employee awareness, processes and technology. The organization took advantage of a wide array of Sirius security program development services. Vendor-agnostic threat assessments were conducted to identify security gaps and provide specific actionable remediation plans for the organization of over 1,200 employees who use a wide variety of computing devices spread throughout 25 businesses in 35 locations. A security management team was developed, a security awareness program was launched, and improvements were made to internal processes such as a routine vulnerability scanning, review of configurations, patch management and more.

The work included a network penetration testing with internal and external attacker perspectives of the client’s systems. Reconnaissance, network and asset mapping, the discovering of vulnerabilities, and manual exploitation to gain privileged access were all tested. As part of this work, Sirius also provided a “Purple Team” exercise, where testing consultants stepped the client’s IT stakeholders through the various phases of the testing processes to show the activities taking place in real-time. This work led to prioritized remediation recommendations to mitigate identified risks and to increase protection of the client’s IT assets.

The results were outstanding; the client reduced critical vulnerabilities by 92%, and risky clicks were reduced by 20%. Heightened security awareness was a major contributor to the results; over 90% of the client company’s employees participate in routine security essentials training. “Security is everyone’s business, not just an IT function,” said the client’s Chief Information Officer. “Sirius was critical to the success of our security program. They are a trusted advisor with the right level of expertise in all aspects of security program development. They are responsive. They understand our culture and they gave us tools, roadmaps and training so we always know what we’ve accomplished and what to focus on next.”

Download PDF


The Sirius Security practice provides leading-edge technology solutions, expert implementation and advisory services, top-ranked managed services and proven methodologies, backed by customized testing in our state-of-the art Technology Enablement Centers. We focus on the fundamental elements of an effective security program, with an eye toward helping our clients address the cybersecurity skills gap and leverage the cloud to boost agility and innovate faster than ever before.

The Sirius Security practice helps clients with:

  • Infrastructure Security
  • Data & Application Security
  • Intelligence & Analytics
  • Threat & Vulnerability Management
  • Identity & Access Management
  • Program Strategy & Operations

Call Sirius today at 800-460-1237 to schedule a discussion of your security needs, and to learn how Sirius can help you manage your operations, optimize your IT, secure it all, and transform your businesses.