Case Study: Juilliard School

The Juilliard School required cybersecurity to protect its campus in New York and its new one in Tianjin, China.

At A Glance

The Juilliard School required cybersecurity expertise to protect its existing campus in New York and its new campus in Tianjin, China. In less than two years, Defensible Technology helped The Juilliard School establish new security policies, implement tools, and build an autonomous cybersecurity practice. While numerous solutions and strategies were involved, Defensible’s Virtual CISO program was the key to getting the School’s cybersecurity program operational and integrated. The School now has a greatly enhanced security posture and the necessary staff to manage the program.

Client Overview

The Juilliard School is a name known around the world for its performing arts education programs. Juilliard was established in 1905 and strives to provide the best possible artistic education to gifted musicians, dancers, actors, composers, choreographers, and playwrights worldwide. The School’s core values are excellence; creativity; equity, diversity, inclusion; and belonging. Recently, Juilliard opened a second campus in Tianjin, China. The School has over 25,000 alumni around the world, enrolls over 800 performing artists from 42 countries and regions, and ranks number one globally among performing arts schools.


The Juilliard School’s Information Technology infrastructure serves students and faculty, and until recently, its IT personnel primarily provided help desk services. In addition to keeping sensitive student information safe, the School’s network needed to be able to adapt to, and protect, the numerous user devices that were brought onto the campus by students and teachers alike. These challenges were mirrored at the recently established Tianjin campus 7,000 miles away, adding a need for cloud-capable solutions to protect the School’s entire digital surface.


Stephen Doty, the CEO and co-founder of Defensible, previously worked at Juilliard as a Chief Technology Officer (CTO), the first security expert hired by the School. While there, he led a digital transformation initiative for both campuses and created the School’s information security strategy.

Upon leaving Juilliard to establish his firm Defensible Technology, Steve Doty was called upon once again to utilize Defensible's virtual CISO-as-a-Service (vCISO) solution to help lead and drive the evaluation and remediation of security gaps across the School, along with strategizing how to set and adopt a culture of security; adopt powerful tools and technologies such as Dark Cubed; implement Multi-Factor Authentication (MFA); install Palo Alto firewalls and other security controls; install powerful monitoring solutions; establish a system for vulnerability management; introduce and facilitate managed services like CyFlare for detecting and responding to threat; and build resilience and recovery options.  Additionally, Juilliard uses Defensible's Managed Services for vulnerability management and threat detection and response.

The engagement began in 2020, and Defensible and Juilliard are still working together to ensure that best practices are being followed as the cybersecurity landscape shifts and changes.

Results & Benefits

Because of the depth and breadth of this engagement, the impacts are visible at every layer of Juilliard’s well-equipped cybersecurity practice. 

  • Stakeholder buy-in 

    An investment in cybersecurity is undeniably a necessary one for any modern organization — in Juilliard’s case, it needed to be able to protect the personal information of staff and students in order for the School to continue its mission undeterred by cyber concerns. Defensible listened to the problems, focused on the risks the organization faced using its unique risk assessment methodology, and proved it could deliver actionable value, which the School’s stakeholders recognized and responded to.

  • A modern cybersecurity practice 

    Before it engaged with Defensible, Juilliard had no cybersecurity personnel or official programs. Today, the School has a modern, best-of-breed security practice in place that can continue to grow, adapt, and evolve to support the School’s needs. The implemented cybersecurity infrastructure aligns the school with the standards set by the National Institute of Standards and Technology (NIST), and the MITRE ATTACK framework maps the threat detection and response components.

  • A culture of security 

    By taking advantage of Defensible’s vCISO offering and gaining insights not only into what cybersecurity looks like, but how it should be approached and managed, Juilliard’s stakeholders discovered, and approved, the need for a dedicated cybersecurity budget to prevent the program from growing stagnant. Security is more than tools.  It requires people across the organization who understand the importance of the tools when it’s time to switch to new ones, and who care deeply about the safety of the organization’s data and systems. One of the biggest takeaways from this engagement for Juilliard was the shift towards a security culture. 

Why Defensible

If your organization needs help building a cybersecurity program or advice on what direction to go in, contact Defensible. CISOs are one of the most powerful resources large businesses have when it comes to securing systems, but hiring one full-time requires a sizable budget. Our CISO-as-a-Service offering brings that level of expertise to any organization, and it’s a great place to start if you’re uncertain about what you need to secure your environment. Defensible vCISOs provide executive-level support and guidance at a price you can afford.

For more information about any of our services, please reach out to us at