Sparking security transformation with ServiceNow Security Operations  

  • Solutions
  • Cybersecurity and Risk
  • David Oakley
  • 2021
January 20, 2021

employee workflow solutions help remote employees stay safe 

Diversification and digital transformation are the key to success for businesses in most industries. Spark – formerly Telecom New Zealand – is no exception. The business is now looking to build on its expertise in telecommunications with a broad range of digital services.  

These far-reaching changes also require a disciplined security response. Josh Bahlman, tribe lead for cyber security at Spark, joined us in ServiceNow Neighbourhood – our online community featuring speakers who are changing the way work is done – to share the organization’s digital security journey.

Josh’s team had a formidable task and is sized appropriately. “My security team is probably the largest in New Zealand, and that’s more out of necessity than anything else,” he explains. “[We have] to protect our telco networks [and] our enterprise as well as our customers through managed services [and] IT services as well.”

Spark’s adoption of ServiceNow Security Operations to support cyber-security aligned with a broader move by the business to consolidate its service management, processes, and workflows. “It was a no-brainer for the cyber-security team to follow suit,” says Josh. 

The cyber security team began with incident response and consolidating a range of security tools into a single location so it could provide better support to the business. 

It then focused on vulnerability management and, using third-party scanning integrated with ServiceNow workflow management, gained better visibility of risk and improved its ability to position work with the right groups for resolution.

Spark is continuing to review how automation with ServiceNow Security Operations can improve the efficiency of security processes. Josh took the opportunity in the ServiceNow Neighborhood to share with us some reporting that would help direct his automation activities. 

First, he says, the cyber security team spends half its time on incident reporting false-positives – an inordinate amount of collective energy that needs to be addressed. Second, nearly a third of incident tickets involve denial of service – an area the team is already using automation to mitigate. 

Finally, phishing attacks are wasting a lot of the team’s time and Josh plans to use automation to reduce the load.

Josh also shared with us the techniques and processes Spark used to successfully deploy ServiceNow Security Operations. These included using the skills of partner InfoSys and breaking the project into chunks to help people grow with the platform rather than try to absorb all its capabilities at once. 

Spark spent four months switching on the capabilities of the platform and another 12 on adoption and maturation. The business also modified its processes to align with ServiceNow Security Operations so it could minimize the required work on upgrades and keep up to date with new releases. 

“Now the pressure is on me and my team to see how we can evolve that further,” says Josh. His projects include using ServiceNow to gauge bottom-up risk and streamline  the audit processes. 

“What I’ve been searching for is how I can quantify risk around specific assets and maybe even specific resolver groups and people,” he says. “We’re looking at…an integrated risk management tool and feature inside the suite of modules you can turn on.” 

To view the ServiceNow Neighbourhood session with Josh, click on this link: 


© 2021 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.


  • Knowledge 2023 takeaways: a group of women raising their hands
    4 takeaways from Knowledge 2023
    Knowledge 2023 united thousands of ServiceNow customers and colleagues at the first single global user conference in three years. Here are four key takeaways.
  • Artifacts of pride: 3 ServiceNow employees
    Showcasing artifacts of pride
    In honor of Pride Month, three ServiceNow employees share personal artifacts that have shaped their lives. Watch a video and get inspired.
  • DEI data analytics: group of diverse workers in conversation
    Using DEI data analytics to know where we are and to strategize
    It's impossible to truly embody DEI without first knowing the current state through DEI data analytics. Find out how ServiceNow uses DEI data.

Trends & Research

  • ESG technology: green surrounding a river, woman smiling, 2 government employees in conversation
    Cybersecurity and Risk
    Survey says ESG technology drives results
  • RPA: group of workers gathered around a conference table looking at a laptop
    AI and Automation
    Forrester report: ServiceNow debuts as a Strong Performer in RPA
  • Digital innovation: three workers looking at a computer monitor
    AI and Automation
    Survey says digital innovation is the way to navigate macro uncertainty