For an organization that is dedicated to reliably solving logistical challenges related to the delivery of critical infrastructure, implementing a holistic set of security practices, controls and methods is critical. To help achieve a secure environment to safeguard government data, Phoenix Defense companies utilized the new CMMI Security domain and Managing Threats Practice Area.
“Phoenix Defense has led the way in adopting CMMI Security best practices for nearly two decades, and now included the Security best practices,” says Kris Puthucode, Certified CMMI High Maturity Lead Appraiser at Software Quality Center LLC. “This adoption has yielded quantifiable benefits, enhancing security posture across Mission, Personnel, Physical, Process, and Cybersecurity domains. Additionally, incorporating Virtual work best practices has standardized virtual meetings and events, boosting efficiency.”
Phoenix Defense has been a CMMI Performance Solutions Organization since 2005, first achieving Maturity Level 5 in 2020. For their second appraisal at Maturity Level 5, the capabilities they targeted included ensuring quality, the design and development of products, planning and management, maintaining habits and persistence, improving performance, supporting implementation, and managing security, supply chain and business resilience.
“For over 18 years, our organization has been progressively applying CMMI practices to our Phoenix Defense organization to obtain a continuous improvement in quality and efficiency,” says Barry Clinger, Chief Technology Officer of Phoenix Defense. “A surprise was how the application of CMMI has become a fundamental catalyst for introducing innovation into our processes and products.”
Before adopting CMMI Security and Managing Security Threats and Vulnerabilities Practice Areas in the model, Phoenix Defense had a closed network with no outward-facing applications and relied on a third-party vendor to monitor threats and spam. They did not fully, quantitively track attacks against the networks or other data flows, and they required a more robust approach to properly ensure network security.
After identifying a series of corrective and preventive actions, the IT department was able to implement new protocols and enhance the corporate firewall. They were rewarded with a significant decrease in network attacks: a decrease by nearly 50% in the following month and by nearly 80% the month after. Additionally, they were able to reduce the amount of time it takes to identify threats from 72 to 12 hours and the amount of time to resolve security threats from 4 hours to 15 minutes.
“Adopting CMMI has been a game-changer for our organization,” says Al Funderburk, Chief Executive Officer of Phoenix Defense. “It has led to significant performance improvements across the board, enhancing our competitiveness and assisting in positioning us as a market leader.”
Now, Phoenix Defense is even more prepared to sustain their improved habits and persistence through their organization-wide commitment to continuous improvement. They conduct periodic self-assessments surrounding compliance at both staff and project levels, and they worked with a lead appraiser to fully comprehend the new Security (SEC) Practice Areas.
The following is an excerpt from the latest case study about Phoenix Defense’s CMMI practices:
“Phoenix Defense found that continuous education and incorporating CMMI principles into their foundational corporate culture was essential to success. The organization begins this process during the staff onboarding process for new employees, and it continues through lunch & learns, formal training, on-the-job training, quality audits, and checklists, and more. This process provides constant awareness of the importance of CMMI Performance Solutions’ best practices and helps make these practices stronger, persistent and habitual.”
For more key outcomes and lessons learned from Phoenix Defense’s CMMI experiences, download the complimentary case study here. Additional information about CMMI and related resources are available at https://www.isaca.org/enterprise/performance-improvement-solutions.