How American Axle Built Cyber Maturity | Case Study

Introduction

Navigating today’s complex compliance and cybersecurity landscape can be overwhelming, especially with the maze of framework goals, privacy rules, and increased third-party and cyber risks. Organizations often struggle not only with understanding their current position but also with building a path toward a more secure and compliant future. American Axle & Manufacturing (AAM) faced these challenges and successfully tackled them by building a comprehensive system for cyber maturity in partnership with Cyturus.

The Challenge

With an increasingly complex compliance environment—including mandates like CMMC and TISAX—and evolving risks in cybersecurity, AAM needed a robust system to assess their current security posture, comply with regulatory standards, and continuously improve. The organization needed a structured way to evaluate its policies, processes, people, and technology while also managing risk and compliance efficiently.

Building the Foundation for Cyber Maturity

On November 1, 2022, Cyturus Technologies partnered with the Cloud Security Alliance Detroit Chapter to host a moderated discussion with Erik Wille, CISO of American Axle & Manufacturing. During this session, Erik detailed how AAM partnered with Cyturus and other stakeholders to build a resilient system for cyber maturity that not only met compliance requirements but also fostered a culture of continuous improvement.

The discussion highlighted how AAM worked to align with various frameworks, including NIST and ISO 27001, and used Cyturus’s Compliance & Risk Tracker (CRT) platform to:

  1. Establish a Baseline: Measure their current risk posture and compliance status.
  2. Prioritize Remediation: Identify gaps, assess risks, and prioritize the most critical areas for remediation.
  3. Support Ongoing Management: Develop a foundational model for continual improvement and real-time metrics that enhanced communication between stakeholders.

Practical Strategies for Success

During the session, Erik shared practical strategies for achieving cybersecurity maturity in a manufacturing environment:

  1. Evaluate Policies and Procedures: Work with stakeholders to evaluate existing policies and identify gaps.
  2. Incorporate Stakeholders in Cybersecurity: Collaborate with both business and technology stakeholders to align compliance goals with business objectives.
  3. Leverage Technology for Continuous Improvement: Use Cyturus CRT to automate risk tracking, remediation, and compliance reporting, ensuring ongoing improvement and risk reduction.

Cyturus CRT - A Proven Solution

Robert Hill, Founder of Cyturus, discussed how the Compliance & Risk Tracker (CRT) platform was instrumental in AAM’s journey toward cyber maturity. The platform provided a structured and measurable approach to:

  1. Reduce Time to Establish a Baseline: CRT helped reduce the time needed to create an initial risk and compliance assessment baseline.
  2. Improve Risk Management: Provided relevant metrics for identifying and remediating risks, including reporting for both internal stakeholders and external business partners.
  3. Track Compliance Across Frameworks: Crosswalk mapping capabilities allowed AAM to address multiple mandates—including TISAX, CMMC, and ISO frameworks—without duplicating efforts.

Key Outcomes

AAM’s partnership with Cyturus resulted in several key benefits:

  1. Accelerated Cyber Maturity: AAM quickly established a clear view of its security posture, allowing it to meet compliance mandates ahead of deadlines.
  2. Operational Efficiency: Reduced time spent on manual risk assessments, streamlined remediation processes, and improved overall efficiency.
  3. Stakeholder Confidence: Provided transparent, real-time reporting for leadership, stakeholders, and partners, demonstrating the organization’s commitment to continuous improvement in cybersecurity.

Contributor Bios

Erik Wille

Chief Information Security Officer, American Axle
In his role, Erik is responsible for the Global Information Security program, Networking Operations, and End User Computing at AAM. He has a passion for transforming security into a business differentiator by driving risk-centric results and empowering employees to make informed risk decisions.

Previous Roles: Head of Information Security at Penske Automotive Group
Credentials: CISSP, GPEN, GWAPT, CCSK
Community Involvement: VP and Treasurer for the Detroit CSA chapter, Co-Host of the Great Security Debate Podcast

Robert Hill

Founder and CEO, Cyturus Technologies, Inc.
Robert has over 30 years of experience in IT and cybersecurity, promoting measurable risk reductions through applied cybersecurity practices. He has worked as a leading consultant featured in Fortune 500 boardrooms and on national news, translating cybersecurity into business terms.

Previous Roles: Cybersecurity Consultant, Member of FBI InfraGard
Credentials: CISSP, Biomedical Clinical Engineering (University of Alabama at Birmingham)