Choose your language:

France
Germany
Hong Kong
India
Ireland
Japan
Malaysia
Netherlands
New Zealand
Singapore
Sweden
United Kingdom
United States

Building a First-Class Information Security Team for Caesars

Hospitality | Network Infrastructure Staffing, Network Services



Download PDF

TEKsystems partners with Caesars Entertainment to build a first-class information security team.

Formerly Harrah’s Entertainment, what is now referred to as Caesars Entertainment Corporation boasts over 70 years of experience in the gaming and resort spaces. Through numerous expansions and acquisitions over the years, the company has evolved into a multibillion dollar entity with casinos spread across four continents and employing over 70,000 people across the business. TEKsystems has provided IT support and staffing services to Caesars since 2002.
Symantec Data Loss Prevention (DLP); ArcSight Security Information and Event Management (SIEM), Check Point, BMC Remedy, Wintel, Cisco, pSeries, iSeries, UNIX, Windows, Linux
The Payment Card Industry Standards Security Council (PCI SSC) is an independent entity comprised of representatives from major credit card brands including Visa, MasterCard, American Express, Discover and JCB. Under a government mandate, the PCI SSC is responsible for monitoring the security standards of the Payment Card Industry (PCI) and identifying potential opportunities to improve payment security during transactions.

The Council also enforces PCI compliance to required organizations and imposes penalties to noncompliant businesses. Credit card companies have placed pressure on merchants to improve their data security measures in order to achieve PCI-compliant status. In accordance with regulatory standards, Caesars needed to be 25 percent compliant by the end of the 2012 calendar year and 100 percent compliant by the end of 2014.

As a result of this mandate, Caesars Entertainment hired a third-party organization to audit its current information security strategy while internal leadership also conducted a comparative analysis against the security structure implemented by industry peers. The audit and internal assessment both revealed that significant improvements needed to be made to Caesars’ IT practices, processes and staffing in order to achieve PCI compliance, avoid further incurring any fines and penalties from PCI, and eliminate any potential future freezing of credit card transactions.

TEKsystems was selected as Caesars’ partner of choice based on the credibility and trust built through our long-standing relationship as well as our ability to quickly obtain high caliber IT talent. The TEKsystems team constructed an information security solution uniquely tailored to leverage the client’s core competencies, fill any identified skill set gaps and put them on the path to its desired future state.

With the project forecasted to run into 2014, TEKsystems began by crafting an Employee Value Proposition (EVP) to attract the necessary talent. Our deep knowledge of the roles and responsibilities Caesars sought enabled us to identify, screen and onboard over 25 information security professionals, including two directors and four managers. TEKsystems helped Caesars build a high-quality security force comprosed of the following dedicated teams:
  • Identity access group – Tasked with ensuring the appropriate user access profiles are in place for new hires, fires and role shifts throughout the company
  • Physical group – Deployed to monitor and manage firewalls and intrusion detections
  • Discovery personnel – Tasked to conduct forensics analysis around computers and email accounts, and investigate legal issues

TEKsystems also provided a full-time project manager to support onboarding the new resources, ensure resource requirements were being met, manage Caesars’ expectations and provide weekly status reports, manage contractors’ schedules, conduct performance reviews, conduct financial reporting and facilitate the transfer of knowledge.

TEKsystems’ engagement with Caesars Entertainment enabled the organization to achieve a stronger information security structure, a critical asset to any business operating in the gaming and resort space. With heightened security standards, Caesars progressed further towards the goal of 100 percent PCI compliance. Key to the success of this initiative was the information security team that TEKsystems helped Caesars build. Given that the talent pool of high-level security IT professionals was minimal, particularly in Las Vegas, a powerful EVP was needed in order to position working for Caesars—and relocating to Sin City—as desirable among eligible candidates. TEKsystems was able to develop an attractive EVP that emphasized how Caesars met the needs of IT security professionals, ultimately allowing us to retain top talent with the necessary skill sets. This impactful EVP was informed by TEKsystems’ strong understanding of the roles and responsibilities Caesars needed and what quality technical professionals with niche security skills seek (e.g., roles that will allow them to grow their skill sets, to gain more in-depth knowledge around security and to build their resume). 

With an effective employee value proposition in place, TEKsystems sourced, screened and retained security professionals within the client’s desired time frame. Leveraging stringent security questions, we were able to quickly screen out under-qualified candidates and source from a strong talent base, allowing TEKsystems to yield an 84 percent interview-to-hire ratio. In turn, this enabled us to generate time efficiencies in the hiring and onboarding process and subsequently increase the productivity of new hires. Caesars realized a 90 percent retention rate on those who were hired, and through our support, any replacements needed were made quickly and seamlessly. 

Guided by a more robust security information team, Caesars recognized significant technical benefits in its approach to information security. The identity access group led all system administration tasks associated with staff hires and terminations. The physical group managed intrusion detection and firewalls, while the discovery group provided forensic analysis and legal support. 

From a regulatory standpoint, TEKsystems effectively managed to Caesars’ rigorous deadlines for PCI compliance, while achieving 90 percent accuracy of dates for the 2012 milestone. Additionally, because we were able to be more efficient in ramping up the information security team, Caesars will reach its full compliance faster. This will provide cost savings over time, as potential fines for being noncompliant will be eliminated. 

Caesars has commissioned TEKsystems to remain involved in the provisioning and on-site management support as the company continues moving towards PCI compliance, underscoring the success of this critical information security initiative.