NIH Federal Credit Union

NIH FCU Ongoing Operations case study credit union cybersecurity


“[The CISO as a Service solution] gave us a lot of confidence. Having people with that level of experience and industry insight drastically improved our security posture” – Christopher Newell, VP of Information Technology at NIH Federal Credit Union


National Institute of Health Federal Credit Union (NIH FCU) is the largest biomedical credit union in the U.S. Their IT team of ten was all in-house, and most of them worked on technical or digital/ecommerce areas. A team of two, one in operations, one managerial, handled the entirety of NIH’s security duties. NIH also works with many partners and third-parties to monitor, manage, and service their technological needs.


NIH experienced frequent turnover of their IT and security team. This churn meant losing the people who were familiar with their needs and process. Unfortunately, it also required constant rehiring and retraining of new team members. Overall, the difficulty of finding, affording, and retaining senior-level security experts consistently disrupted their security posture.


NIHFCU began looking for external security professional to help them through a period of particularly major upheaval. They mentioned their search to Ongoing Operations, whom they already used for disaster recovery, and Ongoing Operations suggested they supply a Chief Information Security Officer as a service.

The CISOaaS team immediately provided the high-level oversight, guidance, and day-to-day support that NIH needed. The provided CISOaaS supported the NIH team in preparation for audits, exams, presentations, and third-party liaisons. Weekly meetings to run through security agendas guaranteed current security practices; a yearly plan with a schedule for tasks and events further ensured that NIH would be protected and prepared for ongoing risks, emerging threats, and other concerns.


Using Ongoing Operations’ CISOaaS, NIH was able to solve their immediate information security needs. The service assured them a consistent, demonstrable edge in their coverage. “It gave us a lot of confidence,” says Christopher Newell, VP of Information Technology at NIH, “having people with that level of experience and industry insight drastically improved our security posture.”

Moreover, NIH felt that the service provided them with much-needed continuity in their IT department. By outsourcing their CISO position, they were protected from the pain of turnover. Finally, the Ongoing Operations CISOaaS saved NIH more than just time and headaches—it also saved them about 50% of what a full-time, in-house CISO would have cost.