Tom Landsness has been Vice-President of Infrastructure, Service Management and Cybersecurity at Junior Achievement USA for 11 years. Junior Achievement USA is a nonprofit that inspires and prepares young people to succeed by helping them connect what they learn in school with life outside the classroom. Founded in 1919, Junior Achievement’s proven lessons in financial literacy, work and career readiness, and entrepreneurship are shown to positively impact the lives of young people. These lessons align with national and state educational standards and are delivered to millions of students across the country with the help of our education partners and volunteers from the local community.
Two years ago, a pivot toward digital education resulted in a growth of workloads for Junior Achievement. While they had up to this point kept their data on-premise, growing volume complexity was resulting in the need for a cloud-based presence. During the data center-to-cloud migration, Junior Achievement discovered they were also in need of a cyber solution to better monitor their data and infrastructure. Even gathering event logs without a cyber solution was eating up hours of their day. Landsness realized that they needed a proven, trusted platform to be more effective, make their jobs easier and their work more efficient.
“We compared Rapid7 to several vendors. I feel like we had a pretty rigorous process,” revealed Landsness. “Rapid7 graded out really well as far as functionality, ease of use, and cost. Since we’re a for-impact/non-profit organization, price is always top of mind for us. Our contacts were really good at showing us what the platform was going to look like, explaining what the implementation process would be, and what we would need to do on our end.”
Landsness shared that after Junior Achievement signed up to use InsightAppSec, InsightVM, Managed Detection & Response, and Pentesting Services with Rapid7, things got easier, rather than challenging.
“Installing a single agent on our endpoints, desktops, and servers, and then creating a log server in our data center went really pretty easily. We were very happy with the onboarding experience and enjoyed the efficiency of using one agent for multiple platforms,” he recalled. “Fast-forward to today, and we consider them more than just a vendor – they’re a full partner.”
Like many security professionals, Landsness appreciates simplicity. So it’s not surprising that when asked about his favorite feature within a Rapid7 product, he gave a familiar refrain. “For us, it’s the single pane of glass,” he asserted. “We’re a small team. I have three sys-admin-type folks that report to me. Everything’s in one console and it’s so simple.”
Of course, it’s not just about ease of use for Landsness. He also appreciates the coverage and attention to detail that have characterized his experience with Rapid7. “Not only does Rapid7 have a dedicated team for us, there’s an AI component that looks through all of our logs,” he explained. “It’s constantly ingesting our data, which we just can’t do manually because of our size.”
Junior Achievement uses Rapid7’s managed detection and response (MDR) services, InsightVM, and InsightAppSec – all of which are integral to their operations. However, Landsness was quick to point to MDR as their “bread and butter” due to its outsize benefits – the regular, speedy notifications of anomalies, according to Landsness, is invaluable. Round-the-clock monitoring provided by Rapid7 SOC analysts is something Landsness and his team rely on – and more importantly, they have confidence in Rapid7’s ability to deliver.
“We probably get an alert or two per week of behaviors that are not consistent with what normally happens. And so, they’ll raise a ticket, and we’ll go take a look at it,” he shared. “We were alerted to a vulnerability in our firewall that needed to be patched really quickly recently, and we were able to remedy it before any of my other sources even knew about it.”
To bring 24/7 SOC monitoring in-house would’ve been impractical and expensive. But it was a requirement laid out by Junior Achievement’s cybersecurity insurance provider. The value from Rapid7 on this front can’t be understated – by Landness’ estimates, hiring someone in-house to do what Rapid7 does would easily cost twice the cost of Rapid7’s premiums.
Furthermore, adhering to COPPA (regulatory compliance for the protection of children’s educational information) is an essential part of their job as well. Landsness has been pleased with Rapid7’s ability to fulfill both goals, and he also shared that effective 24/7 monitoring fully aligns their Junior Achievement’s mission and values.
“We want to be a secure place for students and their families,” he intimated. “Nobody wants bad things to happen with student data or even materials. We’re glad we can keep it safe. Someone’s always trying to hack into something, but with Rapid7, no one’s breaking in.”
MDR may be Junior Achievement’s “bread and butter” but Landness says his favorite feature is actually within another platform – InsightVM.
“I have this dashboard where I have everything I want, everywhere I need to go. In that dashboard, there’s a panel where you can sort all of your devices by how up-to-date they are in security patches. So we can see if anything’s been missed. Or if a job stops updating a server. Or if a user has kept putting off patches”
This knowledge saves Landness time and hand-wringing. “It’s just invaluable having that straightforward knowledge. And it happens way before it probably normally would in the course of doing your job without the tool,” he shared. “It’s been a big help.”
The next chapter in Junior Achievement’s security journey is pen-testing. While they’ve previously conducted such tests every other year, they now plan to up their game. Yearly pen-tests are the plan. “Partnering with Rapid7 on that, and what we do with the results, is going to be big for us. We’re just going to continue to try to be ever more secure in what’s a crazily insecure world right now.”