Mission

Jerome’s Furniture is committed to providing high-quality home furnishings at everyday low prices, treating customers like family, and ensuring transparency, service, honesty, quality, and a family-oriented approach in all interactions.

Area of Operation:

Jerome’s Furniture operates primarily in Southern California, with multiple showrooms across the region, including locations in San Diego, Los Angeles, Orange County, and the Inland Empire.

Year Founded:

1954

Number of Staff:

Approximately 600 employees

Problem:

• Evolving Threat Landscape: Rise in ransomware, data breaches, and supply chain attacks targeting retailers
• Compliance Fatigue: Reliance on periodic vulnerability scans for PCI DSS left gaps in real-world security
• Information Overload: Security tools generated massive amounts of vulnerability data with little prioritization
• Manual Remediation Strain: Small IT team struggled to address thousands of issues effectively
• False Sense of Security: Compliance didn’t equate to true protection—vulnerabilities remained exploitable

Approach:

• Security Mindset Shift: IT Director Adam Warren recognized the need to think like an attacker
• Conference Discovery: Introduced to Horizon3.ai’s NodeZero® at a cybersecurity event
• Real-World Testing: Embraced continuous, autonomous penetration testing instead of scheduled, point-in-time assessments
• Trial Run with NodeZero: Deployed the platform in a live environment to emulate attacker behavior safely

Solutions:

• Autonomous Pentesting with NodeZero:
  • Emulated real-world attacks to identify exploitable vulnerabilities
  • Demonstrated lateral movement, privilege escalation, and attack paths
  • Delivered prioritized findings with remediation guidance
• Immediate Insights:
  • Exposed critical gaps missed by traditional tools
  • Reduced noise and helped the team focus on what really mattered
  • Validated effectiveness of existing controls—not just compliance status
• Continuous Testing:
  • Allowed Jerome’s to attack itself on demand, mirroring real-world conditions
  • Shifted from a reactive to proactive security strategy

Impact:

• 75% Reduction in MTTR: Drastically shortened time to fix critical vulnerabilities
• PCI Compliance Reimagined: Transformed from checkbox exercise to meaningful risk reduction
• Lower Costs, Higher Efficiency: Replaced multiple legacy tools with a single, smarter solution
• Improved Security Posture: Gained confidence that defenses are not just compliant—but effective
• Future-Proofing: Prepared for AI-driven threats by continuing to invest in autonomous, attacker-style assessments
• Leadership Takeaways:
  • Compliance ≠ Security
  • Attack yourself first—before attackers do
  • Focus on exploitable vulnerabilities
  • Make continuous testing the norm

To hear more directly from Adam at Jerome’s watch our Fireside Chat.