K&N Engineering moves security earlier in the development cycle to boost cloud protection
Organization: K&N Engineering
Project: Code to Cloud Security Transformation
Security leader: Iqbal Rana, CIO
K&N Engineering, a manufacturing firm, runs its own direct-to-consumer online store on AWS. CIO Iqbal Rana, who also leads security efforts, has long adhered to cloud security best practices, using built-in cloud security features and controls managed by his team to make sure “everything was properly configured.”
However, a cyber insurance audit conducted a couple of years back revealed a security flaw in the software deployment tool used by his IT staff.
This discovery pushed Rana to quickly resolve the issue — and to take a more proactive approach to examining risks within his vendor ecosystem and internal IT workflows, he notes.
This effort evolved into K&N’s Code to Cloud Security Transformation, which addresses weaknesses not just in third-party tools but also in the code his developers were pushing to production.
The project centered on deploying a code-to-cloud security framework powered by Wiz technology, embedding security into every phase of the development lifecycle across K&N’s AWS and Azure platforms.
Today, his team can detect and fix vulnerabilities ahead of deployment, maintaining secure, compliant, and streamlined cloud operations.
“So we’re addressing not only the deployment risk but also the code risk itself,” he explains, noting that the solution stops code containing known vulnerabilities from being accidentally released. “And it doesn’t stop there. Once the code is deployed and running in production, it continues monitoring on an ongoing basis. We have a dashboard that flags any infrastructure vulnerability as well as any issues within the code.”
Rana says the solution enabled a powerful shift-left approach, allowing his team to discover and resolve hundreds of previously hidden vulnerabilities. It also provided near real-time insight into risk exposure while reinforcing compliance and protecting key revenue channels.
Security overhaul strengthens McDonald’s resilience and cuts risk
Organization: McDonald’s
Project: Securing the Arches
Security leader: Mike Gordon, CISO
McDonald’s operates over 44,000 restaurants across more than 100 countries, serving more than 69 million customers each day. Around 95% of these locations are run by independent franchisees.
The company’s technology infrastructure mirrors its massive scale, worldwide presence, and decentralized model — and so does its cyber risk profile. Its mobile app alone links roughly 250 million users to its restaurants.
“Digital transformation created a far more interconnected ecosystem at McDonald’s than Ray Kroc could have ever envisioned,” says CISO Mike Gordon. “As a result, cyber risk grew significantly beyond what it had been.”
A security posture evaluation carried out a few years ago validated this, revealing to technology leaders that improvements were needed. The review found that the company’s maturity against the NIST Cybersecurity Framework lagged behind industry peers. It also uncovered that cybersecurity capabilities — including core controls and visibility into threats and vulnerabilities — differed considerably from region to region.
In response, McDonald’s CIO spearheaded a transformation initiative and brought Gordon on board in early 2024 to lead it.
The Securing the Arches (STA) program upgraded and standardized cybersecurity across both corporate and licensed markets. STA built a uniform foundation for identity management, vulnerability handling, data protection, and threat detection spanning all of the company’s 100-plus markets. It also rolled out consistent, enterprise-level protections through shared services such as a global SOC, secure development pipelines, proactive security testing, and organization-wide endpoint visibility.
The scale and complexity of this transformation demanded strong leadership and executive acumen.
“I’m not the CISO of a single company; I’m essentially the CISO of around 150 companies, and I only have direct authority over one of them,” Gordon says, adding that the transformation’s success hinged on building relationships, influencing fellow leaders, and equipping the security team with the right technology and expertise.
STA has bolstered the company’s resilience and lowered risk, creating the security backbone needed to support McDonald’s rapidly expanding digital operations. With the company’s cybersecurity maturity now on the rise, Gordon says he’s launching Securing the Arches 2.0, focused on continuously enhancing the cybersecurity program’s effectiveness. “We’ll keep evolving,” he adds.
MISO introduces maturity tracking and measurable metrics to threat operations
Organization: Midcontinent Independent System Operator (MISO)
Project: STRIKE (Strategic Threat Reduction & Intelligence-Driven Knowledge Engine)
Security leader: Eric Miller, VP and CISO
Like many security teams, MISO’s relied on widely used tools such as NIST frameworks and other maturity models to assess its program and monitor progress over time.
“But from a threat intelligence and threat hunting standpoint, there wasn’t really a meaningful metric to gauge how effective our program was,” says David Webb, director of MISO’s cyber threat action center.
Because of this, MISO’s security leaders and other executives couldn’t clearly measure the center’s performance or determine whether it was maturing. So in 2024, Webb and threat researcher Nate Apperson launched the Strategic Threat Reduction & Intelligence-Driven Knowledge Engine — STRIKE.
STRIKE reimagines cybersecurity risk management by combining global threat intelligence, MITRE ATT&CK mapping, and NIST frameworks into a single cohesive model. It generates real-time scores that quantify visibility gaps and the effectiveness of controls against actual adversary tactics. It also ranks actions based on threat likelihood and organizational readiness. And it offers a prescriptive roadmap for technical configuration, cutting remediation and analysis cycles down to near-instantaneous.
According to Webb, STRIKE ensures that security activities are aligned with threat intelligence and actively contribute to advancing the broader cybersecurity strategy. It also delivers metrics for evaluating the success of threat hunting — a critical advantage.
“When we conduct a threat hunt or finish one, what’s the outcome? We wanted more than just a checkbox at the top of the page confirming the hunt was done,” Webb explains. “We want to demonstrate that we’re actively reducing risk across the organization.”
He notes that this is a widespread challenge, as conventional risk management depends on disconnected frameworks and subjective prioritization. This creates gaps between threat intelligence, control requirements, and technical remediation.
To tackle this, STRIKE puts threat intelligence into practice by identifying active adversary behaviors and mapping them to MITRE ATT&CK techniques, ensuring that risk decisions reflect real-world threats. STRIKE also establishes connections between ATT&CK techniques, NIST CSF functions, and NIST SP 800-53 controls, making it clear which controls counter which adversary behaviors and exposing gaps across policy, process, and technology. Additionally, Webb says that by incorporating DISA STIGs, STRIKE supplies the specific technical steps needed to close control gaps.
Binding everything together is STRIKE’s Detect & Protect Scoring Framework — a quantitative model that measures visibility (detect) and defensive strength (protect) against high-risk techniques, with scores weighted by threat likelihood and updated in real time.
