SANS Institute is pleased to announce the winners of the SANS 2017 Difference Makers Awards which celebrate individuals who are quietly succeeding and making breakthroughs in advancing security. The SANS Difference Maker Awards were created to honor the unsung heroes in cyber security whose innovation, skill, and hard work have resulted in real successes in information security.
The nominations for the 2017 SANS Difference Maker Awards represent some interesting trends in cyber security. From more innovative methods to increase the cyber security talent pool to creative, low cost ways of finding and fixing vulnerabilities, this year's winners have demonstrated they are working hard and making a difference in advancing security. SANS is honored to recognize these talented individuals and teams for their outstanding achievements.
Winners of the 2017 SANS Difference Makers Awards were celebrated on December 15th at the SANS Cyber Defense Initiative training event in Washington D.C. The 2017 list of SANS Difference Makers Award winners include:
Michael Roling, CISO of The State of Missouri Office of Cyber Security (OCS)
Michael Roling successfully led a team to implement the Using Public Data to Alert Organizations of Vulnerabilities program which identifies vulnerable internet connected systems belonging to organizations from various industries across the State of Missouri. The program identifies high-risk systems that, if left insecure, could lead to disruptions within critical infrastructure or significant data loss, and contacts the owners of the impacted systems to mitigate risks.
Dan Basile, Texas A&M University (TAMU), Security Operations Center
Dan Basile successfully increased security of TAMU's systems while helping to grow a pipeline of skilled security operations personnel. Basile put students on the front line of the school's security initiative. His team was able to stop seven cyberattacks on A&M's networks in a single year. The center also slashed costs by eliminating the need for post-breach forensics, which costs about $1 million per incident, and accelerated threat detection because students don't have to sift through piles of data.
Ben Miller, Director of Threat Operations at Dragos
Ben Miller led analysis into the first ever piece of malware designed to disrupt power grids. Miller was one of the founding members of the E-ISAC and led cyber threat analysis for the North American power grid for NERC and the community. In his role at Dragos he's been hunting threats and taking that knowledge and helping various ICS companies implement security controls in response to the threats.
Rob Witoff, Director at Coinbase (now at Google)
Rob Witoff successfully automated the Center for Internet Security (CIS) Critical Security Controls in Amazon Web Services (AWS) cloud applications. Witoff has openly shared his successes with other security teams, showing how foundational security measures can be implemented in an AWS account. He has also prescribed best practices to help make implementation of core AWS security measures more straightforward for security teams and AWS account owners.
Allen Stubblefield, Troy High School
Developed cyber security skills in high school students by running competitive events that challenged students across a wide range of hands-on cyber security areas. Stubblefied is in charge of cybersecurity and the CyberPatriot program at Troy High School. He has two teams competing in the CyberPatriot nationals; one is ranked number one in the Open Division and the other is number one in the All-Service Division.
Dr. Ron Pike, Computer Information Systems at Cal Poly Pomona
For his work, and showing real progress, in developing cyber security skills in college students by running competitive events that challenged students across a wide range of hands-on cyber security areas. Dr. Pike is the advisor for Cal Poly's SWIFT cyber club and is in charge of the student run data center and security operations center.
Teri Radichel successfully leveraged cloud technology and automation to create new solutions for network monitoring and threat intelligence. While at Watchguard Technologies, she was on the initial team that helped Capital One move to the cloud, implementing security controls and networking, and went on to help architect a cloud platform. Radichel started the Seattle AWS Architects Engineers Meet Up to connect with and learn from other AWS users. She was also recognized by Amazon as an AWS Community Hero.
University and Colleges Shared Services, InfoSec Shared Service Team, Chris Sutherland, CISO
Chris Sutherland was selected as a Vertical Industry Difference Maker in the field of Education. UCSS is a collaboration / jointly owned organization between all of the Universities and Colleges in Scotland. The member institutions of UCSS formed the ISSS to provide shared information security leadership and strategy to efficiently address the common threats to all Universities and Colleges.
Seven states were selected for their efforts to help inspire the next generation cyber security talent by bringing the CyberStart pilot program to students in their respective locations. CyberStart is a forward-thinking skills program designed to build future generations of cyber security professionals while identifying talented young Americans. In addition to providing a unique learning opportunity and scholarships for students, the program can lead to job growth and improved cyber security. The winners include:
- The State of Delaware, Governor John Carney
- The State of Hawaii, Governor David Ige and Reynold Hioki, Chief Information Officer
- The State of Iowa, Governor Kim Reynolds and Alison Radl, Information Security Officer OCIO
- The State of Michigan, Governor Rick Snyder
- The State of Nevada, Governor Brian Sandoval and Brian Mitchell, Director of the Office of Science, Innovation and Technology
- The State of Rhode Island, Governor Gina Raimondo and Christina M. Cosgrove
- The Commonwealth of Virginia Governor Terry McAuliffe and Karen Jackson, Secretary of Technology