Introducing MAX — Take supply chain cyber risk management to the MAX

Explore MAX
Close
Case Study November 14, 2023

Maximus

Transcript

I’m Frank Aiello. I’m the Chief Information Security Officer for Maximus. This is my second time as a SecurityScorecard customer. I actually decided to just take a look at a few other companies just to see what the market looked like and in the end we decided to go with SecurityScorecard again, ’cause we liked the way they really presented their score.

It was something that I was able to present to our executive leadership team and our board that made a lot of sense. So like any organization in security right now, we’re all struggling to find good resources. There’s much greater demand for resources than there is to supply. So I think the benefit that we have is they’ve really allowed us to augment that program, keep a smaller team, but still keep our focus on our vendors to make sure that we’re not placing our organization at unnecessary risk.

It’s allowed my team members to be more efficient. They’re not dedicated to doing just vendor risk management. They have a broader security governance role. One of the things I use SecurityScorecard for is being able to present the metrics not only of our vendors, but also the metrics they measure for our company.

And so one of the things that our board likes about that is it’s done by an independent group, where it’s not just something we’re doing a self-assessment. So it allows us to be able to keep kind of tabs on where we are as a company, what our score looks like. One of the reasons I trust Security Scorecard is they’re not the type of vendor that only contacts me when it’s time for renewal. We have an ongoing relationship with them.

My team has monthly meetings with our customer service managers. I maintain relationships with their executive team. I’m part of their customer advisory board. We’ve made recommendations over the years for how we thought the product could work differently and usually a few months later we see it integrated into the roadmap.
So I think that says a lot about the company and the relationship that we have and could build over time.