At Horizon Blue Cross Blue Shield of New Jersey (HBCBSNJ), a $12 billion health insurer that has served the state since 1932, security is relentless.
With one hundred full-time employees spread across departments of cybersecurity, business continuity, corporate security, special investigations, and real estate management, as well as more than 130 contracted staff, the team’s collective eye never shuts.
Systems, networks, and applications are secured and heavily guarded by the cyberteam. All business initiatives have contingency plans to make sure information continues to flow should a connection fail. On the special investigations side, members’ premium dollars have to be protected from all types of fraud. The network of providers the company works with need to be individually vetted; the department is constantly monitoring to flag suspicious behaviors. In physical security and facilities, providing a safe and secure work environment enables the workforce to be productive and successful.
“We are charged with protecting all assets of the enterprise, from people to data to infrastructure to finances,” explains Doug Falduto, HBCBSNJ’s VP and chief security officer. “The work is critical to our daily operations across the company. A destructive cyberevent that leads to the crippling of our IT environment would be catastrophic. A workplace violence incident would be equally disastrous. Failure to recover from a natural disaster would devastate the company’s viability.”
Special investigations are no less critical; the unit saved the company’s members more than $45 million in 2016. The corporate services team plays an instrumental role in this, too, as it is tied in with government regulations and ensuring Horizon’s members get the information they need in a timely manner. It takes individual excellence and teamwork to make that happen.
“When you look at the caliber of the team we’ve assembled, I’d put us up against anybody out there,” Falduto says. “To me, the success lies in the synergy among the leadership team and how that flows to all employees of the division. Everybody has a common approach to getting work done: the idea that nothing is going to get in our way and we work together. Everybody has the same passion and drive.”
Falduto says that people often think he is ex-military or law enforcement because of the way he manages. In fact, he has drawn from the military to assemble his team; there are retired colonels, one who was part of the NSA’s Cyber Hunt division, another who was a counter-
cyberterrorism analyst, and a smattering of former law enforcement personnel and highly trained investigators.
“Through osmosis, we’ve taken on that same approach to our work,” Falduto says. “We’re a unit. We’re a team. We’re on a mission every day.”
Coming up with this kind of team, with this kind of approach, is something Falduto has had his eye on during his entire career. It’s an architecture that reflects his vision of what an effective security model for a large organization should look like.
For a while, he mulled a move into federal law enforcement, but three years into his career, he took a senior investigation job with the company, looking into fraud. He was on the road investigating, interviewing, collecting evidence, and working closely with federal and state law enforcement agencies.
“I loved that work and thrived there,” he says. “I knew I didn’t have to go anywhere else.”
“It’s planning, not sitting there waiting for the phone to ring. When it does ring, though, you have a plan.”
He held that position for five years before being promoted to manager in the department. In 2001, the financial investigations director, who was a former FBI agent, left for another company, and the general counsel promoted Falduto into the job. Then, the terrorist attacks of September 11 happened. After watching the World Trade Center collapse across the river from the window of his sixteenth floor office, Falduto began to ask, “What’s our plan for this kind of event?” Senior management, recognizing the same need, then gave Falduto the reigns to build a business continuity and emergency response program.
When the company’s security guards threatened to walk out shortly thereafter, the CFO asked him if he wanted purview of that area as well. So, Falduto added corporate security to his duties. In 2013, as part of leadership’s decision to make cybersecurity a top priority, Falduto’s position began reporting directly to CEO Bob Marino and also took on the responsibility for real estate and facilities management and corporate services.
Falduto says the dynamics of the team and their ability to step in for each other are the foundation for the department’s success.
“If my head of the corporate security team is on vacation, I have two or three other people who can step in and take point,” he says. “Their role might be over in fraud or cybersecurity, but everyone talks every day and knows what’s going in each other’s organizations.”
All the work the team does often flies under the radar; they’re rarely on the front page, but they play a huge role in what ends up on the front page. There are times of crisis, to be sure, but all the other time is filled with very diverse and challenging work that includes emergency response planning.
“It’s planning, not sitting there waiting for the phone to ring,” Falduto says. “When it does ring, though, you have a plan. We’re always ready to respond should something happen, and we’re positioned to successfully navigate through it, so the business is protected and continues to operate and the customer gets the service they are expecting.”
Falduto says he stands in awe at the things his team accomplishes every day. As a manager, he is always communicating to them the importance that they have in the success of New Jersey’s largest insurer, with 3.8 million members. Although they are often invisible, they are always invaluable.
“My team knows they are critical to everything that happens in the organization because they touch it in some way,” he says. “They can be proud of the work they do every day, and I am proud to be to be a part of it.”
