Sparking security transformation with ServiceNow Security Operations  

employee workflow solutions help remote employees stay safe 

Diversification and digital transformation are the key to success for businesses in most industries. Spark – formerly Telecom New Zealand – is no exception. The business is now looking to build on its expertise in telecommunications with a broad range of digital services.  

These far-reaching changes also require a disciplined security response. Josh Bahlman, tribe lead for cyber security at Spark, joined us in ServiceNow Neighbourhood – our online community featuring speakers who are changing the way work is done – to share the organization’s digital security journey.

Josh’s team had a formidable task and is sized appropriately. “My security team is probably the largest in New Zealand, and that’s more out of necessity than anything else,” he explains. “[We have] to protect our telco networks [and] our enterprise as well as our customers through managed services [and] IT services as well.”

Spark’s adoption of ServiceNow Security Operations to support cyber-security aligned with a broader move by the business to consolidate its service management, processes, and workflows. “It was a no-brainer for the cyber-security team to follow suit,” says Josh. 

The cyber security team began with incident response and consolidating a range of security tools into a single location so it could provide better support to the business. 

It then focused on vulnerability management and, using third-party scanning integrated with ServiceNow workflow management, gained better visibility of risk and improved its ability to position work with the right groups for resolution.

Spark is continuing to review how automation with ServiceNow Security Operations can improve the efficiency of security processes. Josh took the opportunity in the ServiceNow Neighborhood to share with us some reporting that would help direct his automation activities. 

First, he says, the cyber security team spends half its time on incident reporting false-positives – an inordinate amount of collective energy that needs to be addressed. Second, nearly a third of incident tickets involve denial of service – an area the team is already using automation to mitigate. 

Finally, phishing attacks are wasting a lot of the team’s time and Josh plans to use automation to reduce the load.

Josh also shared with us the techniques and processes Spark used to successfully deploy ServiceNow Security Operations. These included using the skills of partner InfoSys and breaking the project into chunks to help people grow with the platform rather than try to absorb all its capabilities at once. 

Spark spent four months switching on the capabilities of the platform and another 12 on adoption and maturation. The business also modified its processes to align with ServiceNow Security Operations so it could minimize the required work on upgrades and keep up to date with new releases. 

“Now the pressure is on me and my team to see how we can evolve that further,” says Josh. His projects include using ServiceNow to gauge bottom-up risk and streamline  the audit processes. 

“What I’ve been searching for is how I can quantify risk around specific assets and maybe even specific resolver groups and people,” he says. “We’re looking at…an integrated risk management tool and feature inside the suite of modules you can turn on.” 

To view the ServiceNow Neighbourhood session with Josh, click on this link: 


© 2021 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.


  • Open-source Azimuth logo
    Introducing Azimuth, an open-source project from ServiceNow
    Azimuth open-source software helps AI practitioners better understand their dataset and model predictions by performing thorough dataset and error analyses.
  • integrated risk management in telecom: businessman on phone with communications cables in foreground
    Customer Stories
    How a telecom company elevated integrated risk management and security
    When telecom company ATN International wanted to elevate its integrated risk management program, it chose the Now Platform from ServiceNow. Find out why.
  • Business resilience: employees walking through an office
    Now Platform
    Building a more resilient business with the Now Platform Tokyo release
    The Now Platform Tokyo release is designed to tackle complex, interconnected problems and deliver value. Find out how It helps boost business resilience.

Trends & Research

  • Total experience companies outperform: prism refraction with an arrow pointing to the right
    Employee Experience
    Survey says: Total experience-focused companies outperform
  • Customer service: smiling businessman on phone walking outdoors
    Customer Experience
    Survey: 3 tips to deliver world-class customer service
  • Enterprise SRE (site reliability engineering): where service reliability and business agility meet
    Application Development
    Service quality and the rising need for enterprise SRE