Case Study

How Chevron Reduced Assessment Times by 57 %

Chevron is one of the world’s largest energy companies.

They have facilities around the globe dedicated to oil and natural gas exploration, refining and marketing fuels, producing chemicals for the production of thousands of products, and developing new, innovative sources of energy.

Their risk management and cybersecurity challenges were immense.

With an incredibly large and diverse operational ecosystem spanning many countries, languages, and cultures across a wide range of IT and OT technologies, Chevron’s cybersecurity challenges are immense. Their risk management and cybersecurity teams are challenged with not only understanding what and where the risks are that threaten the safety of their teams and production operations, but finding a way to bring standardization, cost and time efficiencies, and consistency to cybersecurity reporting and improvements. After years of manual processes, they focused on an initiative to bring scalability and efficiency to their global cybersecurity program.

“We were not just looking for a way to do more with less, but be able to do it smart.”​
Kenny Mesker
ICS Cybersecurity Advisor | Chevron

The Challenges

When Chevron approached, they were looking for the right partner to help them:

  • Remove inconsistencies in reporting, metrics, and the methods used to find and measure risk
  • Reduce the time and cost associated with cybersecurity assessments
  • Limit the impact assessments were having on operational reams
  • Implement scalable processes that would allow for consistent maturity improvements

The platform was the perfect fit.

Riding the wave of digital transformation, Chevron was able to decentralize cybersecurity efforts and enable each facility owner around the globe to run their piece of the program. Since all efforts were now being managed within the same platform, and using the same scalable processes, Chevron gained:

choose a framework


By standardizing reporting and automating processes for assessments, the team brought consistency to results and the ability to measure maturity improvements easier.

view the posture of each facility

Cross-company visibility

For all stakeholders, including the benefits of being able to understand risk and measure program effectiveness with a high-level view, as well as zooming in to detailed views of each facility.

Reduced Team Impact

Team impact from cybersecurity assessments was greatly narrowed. The OT teams were able to avoid meetings with cybersecurity teams and complete assessment questions at their own pace and on their own schedule.

How does Chevron know is working for them?

As said before, Chevron’s risk management and cybersecurity teams value the success of bringing scalability and efficiency to global cybersecurity in a variety of ways. As a result of this new found efficiency, Chevron was able to reduce their assessment time by a whopping 57%!

0 %
Less time running assessments

Ultimately, the final measure of their success is shown by their leadership team’s response in confirming they not only receive the right information needed to make decisions but most importantly, they trust the data.

An unexpected test and proof of the partnership value.

When the COVID-19 pandemic unexpectedly the the world into chaos early in 2020, it turned out to be a perfect use-case test of Chevron’s deployment of the platform. Because of the scalable processes and ability to conduct cybersecurity assessments remotely, Chevron didn’t miss a beat as the entire world saw cyber attacks rapidly increase.

"Our program would have completely shut down had we not had the automation from"
Kenny Mesker
ICS Cybersecurity Advisor | Chevron

Accelerate your program like Chevron.

Become a leader in digital transformation. See how can improve your ICS cybersecurity and risk management efforts.

Contact Us