Case Study: Equifax achieves security transformation and proactive open-source monitoring with Sonatype Nexus Lifecycle

Equifax Success in Security Transformation Open Source Monitoring With Nexus Lifecycle

After the 2017 breach, Equifax under CTO Bryson Koehler and CISO Jamil Farshchi undertook a company-wide security transformation to rebuild its technical and security infrastructure. The challenge was cultural as much as technical: 8,500 technology staff across 57 data centers and 24 countries, low maturity in open‑source management, and manual processes that left production vulnerable—prompting structural changes such as moving security reporting to the CEO and tying security metrics to performance and bonuses.

Equifax made Sonatype’s Nexus Platform (Nexus Lifecycle and Nexus Repository) a mandatory part of its CI/CD stack to monitor open‑source components, produce SBOMs, and automate discovery and notifications for updates and risks. Integrated with a cloud-first move to Google Cloud and an SRE ownership model, this approach delivered clearer production visibility, proactive patching instead of reactive fixes, measurable security metrics, and a more technically skilled workforce that can deploy and secure environments faster.

Equifax

Jamil Farshchi

Chief Information Security Officer