SANS Difference Makers Awards 2015

The people and organizations who made a difference in security in 2015.

Since 2011, SANS has been celebrating those "Difference Makers" whose innovation, skill and hard work have resulted in real increases in information security. There is no shortage of publicity around failures in security - constant headlines detailing breaches and vulnerabilities at companies and government agencies. However, what you never hear about are the many organizations who aren't in the news because their security staff have found ways to meet business and mission needs while protecting customer and business data from attackers. There are thousands of security practitioners out there who are quietly succeeding and making breakthroughs in advancing security.

On Tuesday, December 15th at the SANS Cyber Defense Initiative ® Conference in Washington DC, SANS will celebrate 2015's "Difference Makers." The 2015 list of cybersecurity Difference Makers include:

Lori Rosenberg, Intuit
Lori continually helps develop materials and ideas for the Security Awareness Community, including working with people one-on-one to help improve their own programs. She is a leader in the concept of self-education, security learning portals designed to engage people and train them on their own time and in the ways they want and can best utilize.

Bob Rudis, Verizon
Bob is an active volunteer and contributor to the security awareness community. He has volunteered for the last two years as a lead editor for the OUCH! security awareness newsletter, now translated into over 20 languages and distributed to over 80,000 people. In addition, he is the lead architect for the annual Security Awareness Report and the 2015 Verizon DBIR and has championed efforts to best use the DBIR to reduce vulnerabilities and increase security.

Integrated Application Security Testing Team, ADP: V.Jay LaRosa, Chris Olsen, Atanas Dimitrov, Craig Butler, Owen Buckingham, Joseph Kraft, Devi Nekkanti, Raghunath Kunta, Nagasuman Veeranala, Ramakrishna Marella , Sumeet Lakhwani
The Integrated Application Security Testing (IAST) program provides continual analysis of application code running in Java or .net to provide visibility into vulnerabilites as code is executed in the QA testing environments. By utilizing the IAST program, development teams are able to perform minor fixes and patch releases without direct interaction from the security testing team. This project initially covered the top 10% of or targeted application base and is expanding to 25% within the first year of service. Approximately three full time resources will be freed up to perform additional manual pen testing providing significant throughput increases. Wait time prior to full testing will also be initially reduced by 10% and further reduced up to an estimated 80% when all targeted applications embrace this new service.

Steve Idelman, CEO, Arlin Halstead VP Human Resources, Solutionary
Under the leadership of Steve Idelman, CEO, and Arlin Halstead, VP of Human Resources, Solutionary has played a leadership role in the development of the VetSuccess Program. Solutionary was an early and active partner in designing the VetSuccess curriculum and selecting participants for the program pilots They have continued their involvement by hiring Academy graduates, sharing their experiences at industry conferences, and supporting program innovations such as the near-base academies. In 2016, Solutionary will be the first employer to sponsor a VetSuccess Academy, guaranteeing every graduate a high-paying, challenging position.

Rebeka Mohr, Shell, Austin Scott, Cimation
Rebekah and Austin have providing ongoing contributions to broaden and deepen educational materials and other resources for the Industry Control System Security Specialist community. Austin created a workforce development suite and an innovative virtual reality room as part of a Think Secure campaign. Rebekah designed a Industry Control System Cybersecurity Remediation Program, which will be implemented globally across all Shell lines of business, as well as an ICS-focused Cyber Risk Assessment Process and Model.

Jack Daniel, Michelle Klinger, Bsides
Bsides is a community driven framework for organizing and holding content-rich security conferences that was created in 2009 by Jack Daniel, Mike Dahn, Michele Klinger and others. In recent years Jack and Michele have played key roles in expanding Bsides impact through a lot of hard work that enabled the number and variety of events to expand, as well as linking Bsides to other efforts to increase the level of expertise in the cybersecurity community.

Charles E. (Chip) Campbell, CMSgt and Alexander E (Alec) Hall, SMSGT, USAF
SGT's Chip Campbell and Alec Hall have made significant contributions to the VetSuccess program since its inception. At the outset, they provided important insights into program curriculum and admissions standards, the military career fields where prospective candidates can be found, and the optimal pathways to engage transitioning veterans. Their enthusiasm for the program resulted in numerous opportunities to engage employers, military leaders, and security industry representatives. Perhaps their most important contribution has been their unfailing advocacy for their Air Force brothers and sisters. 100% of transitioning Air Force veterans accepted into the program to date have completed the VetSuccess curriculum and landed challenging, high paying jobs in the industry.

Doug Logan, Cyber Ninjas
Doug Logan has progressed through the US Cyber Challenge (USCC) program, volunteered as a Teaching Assistant and continued to donate significant amounts of his own time to advancing the program.. Doug led a team of former TAs from the camp and developed the Capture The Flag competition which was used by the campers when the USCC's former provider had to pull out this past summer. He ensured the topics covered by the instructors were included in the CTF and developed many of the flags himself. His efforts help make the camp a success and continued the learning experience for each and every camper.

Gary Hayslip, Department of Information Technology, CISO, City of San Diego
Gary has used the Critical Security controls and others security frameworks to communicate security value to his Mayor successfully and take a risk-focus approach to protecting city services and citizen information. Gary also donates his time to serve as an advisor to cyber-security incubator companies and gives real world and operationally focused feedback to these companies.

Heather Meeds, Senior Cyber Advisor, US Army National Guard Bureau
Heather has been instrumental in driving the Army Guard annual Cyber Shield exercise for 2015 and 2016. She implemented team-based CyberCity training for 20 teams. The training was so effective that they asked the top four teams and their commanders to participate in a CyberCity "best of the best" Tournament on Saturday night, and invited others to observe the competition as it unfolded. Heather is also the driving force behind building a "life-size" CyberCity curriculum at Muscatatuck, which will include a Cyber Remote Operations Center (CYROC) and three Cyber Mission classes built on top of the CYROC.

Loilette Loderick, Netcentrics/USCG contractor
Loilette went above and beyond to lead the development of web application security for the United States Coast Guard. Over a period of a year and a half, with no previous program in place, she single handedly initiated the web application security program and began extensive training with web application developers in order to inspire a secure coding approach and remediate vulnerabilities. She manually walked through many thousands of web application risks and expertly maintained Coast Guard accountability of all outstanding vulnerabilities; reporting directly to the Defense Information Systems Agency and CG Cyber Command on a weekly basis. Through Loilette's hard work, steadfast determination and dedication to mission we were able to excel on delivery of this new practice area.

Ernie Rakaczky, Jr., Invensys
Ermie passed away in 2015 and was best known by his peers as an advocate with a passion for progress, innovation, and investment in the ICS field. He became a strong supporter of U.S. and Canadian efforts to enhance the security of ICS on an international scale, and an activist to bridge the gap of IT and OT through education and awareness of proper automation systems to security professionals. Ernie served on the GICSP steering committee, where his expertise and insight directed the formulation of the certification. In Ernie's honor, SANS has created the annual ICS Lifetime Achievement and Scholarship award.