Case Study: Juilliard School

The Juilliard School required cybersecurity to protect its campus in New York and its new one in Tianjin, China.

At A Glance

The Juilliard School required cybersecurity to protect its campus in New York and its new one in Tianjin, China. In less than two years, Defensible Technology helped the Juilliard School establish security policies, implement tools, and, eventually, build an autonomous cybersecurity practice. While numerous solutions and strategies were involved, Defensible’s Virtual CISO program was the key to getting the School’s cybersecurity program operational and integrated. The School now has a much stronger security posture and the necessary people to back it up.

Client Overview

The Juilliard School is a name known around the world for its performing arts education programs. Juilliard was established in 1905, and strives to provide the best possible artistic education to gifted musicians, dancers, actors, composers, choreographers, and playwrights from around the world. The School’s core values are excellence; creativity; and equity, diversity, inclusion, and belonging. Recently, Juilliard opened another campus in Tianjin, China. The School has over 25,000 alumni around the world, enrolls over 800 performing artists from 42 countries and regions, and ranks number one globally among performing arts schools.


The Juilliard School’s IT infrastructure serves students and faculty, and, until recently, its IT personnel primarily provided help desk services. In addition to keeping sensitive student information safe, the School’s network needed to be able to adapt to and protect the numerous user devices that were brought on to the campus by students and teachers alike. These problems were mirrored at the recently established Tianjin campus 7,000 miles away, adding a need for cloud-capable solutions to protect the School’s entire digital surface.


Stephen Doty, the CEO and co-founder of Defensible, previously worked at Juilliard as a Chief Technology Officer (CTO), the first security expert hired by the School. While there, he led a digital transformation initiative for both campuses, created the School’s information security strategy, and hired its first-ever CISO. 

Unfortunately, the CISO stepped down, leaving the School with no experts to rely on. So, when Juilliard reprioritized its cyber defenses, its stakeholders got in contact with Doty, who had recently founded Defensible Technology, to help them figure out where the gaps were and what they needed to do in order to close them. 

Primarily, Juilliard utilized Defensible’s virtual CISO as a Service (vCISO) solution to help them strategize; adopt a culture of security; adopt powerful tools like Dark Cubed; implement MFA, Palo Alto Firewalls, and other security controls; install powerful network monitoring solutions; establish a system for vulnerability management; introduce and facilitate managed services like Cyflare for detecting and responding to threats; and build resilience and recovery options. Additionally, Juilliard now uses Defensible’s managed services for vulnerability management and threat detection and response.

The engagement began in 2020, and Defensible and Juilliard are still working together to ensure that best practices are being followed as the cybersecurity landscape shifts and changes.


Results & Benefits

Because of the depth and breadth of this engagement, the results are difficult to quantify, but the improvements can be qualified, and their impacts are visible at every layer of ffJuilliard’s staffed and well-equipped cybersecurity practice. 

  • Stakeholder buy-in 

    An investment in cybersecurity is undeniably a necessary one for any modern organization — in Juilliard’s case, it needed to be able to protect the personal information of staff and students in order for the School to continue its mission undeterred by cyber concerns. Defensible listened to the problems, focused on the risks the organization faced using its unique risk assessment methodology, and proved it could deliver actionable value, which the School’s stakeholders recognized and responded to.

  • A modern cybersecurity practice 

    Prior to its engagement with Defensible, Juilliard had no cybersecurity personnel or official programs. Now the School has a modern, best-ofbreed security practice in place that can continue to grow, adapt, and evolve to support the School’s needs. The implemented cybersecurity infrastructure brings the school into alignment with the standards set by the National Institute of Standards and Technology (NIST), and the threat detection and response pieces are mapped by the MITRE ATT&CK framework.

  • A culture of security 

    By taking advantage of Defensible’s vCISO offering and gaining insights not only into what cybersecurity looks like but how it should be approached and managed, Juilliard’s stakeholders discovered the need for a dedicated cybersecurity budget to prevent the program from growing stagnant. Security is more than tools; you need people across the organization who understand the importance of those tools, when it’s time to switch to new ones, and care deeply about the safety of the organization’s data and systems. One of the biggest takeaways from this engagement for Juilliard was this cultural shift towards improved security. 

Why Defensible

If your organization needs help building a cybersecurity program or advice on what direction to go in, contact Defensible. CISOs are one of the most powerful resources large businesses have when it comes to securing systems, but hiring one full time requires a sizable budget. Our CISO as a service offering brings that level of expertise to any organization, and it’s a great place to start if you’re uncertain about what you need to secure your environment.