SANS Difference Makers Awards 2019

People and organizations who made a difference in security in 2019.

On December 16, 2019 SANS Institute celebrated the winners of the SANS 2019 Difference Makers Awards at the SANS Cyber Defense Initiative training event in Washington DC, giving well-deserved recognition to the most dedicated and innovative "People Who Made a Difference in Security in 2019."

"The 2019 winners span a wide range of making real progress in increasing cybersecurity levels in a number of key areas" said John Pescatore, SANS Director of Emerging Security Trends. "The Difference Makers range from a CEO to a high school teacher. The progress included increasing diversity in the cybersecurity workforce, fighting fake account creation, implanting many areas of the Critical Security Controls, to name just a few."

The 2019 SANS Difference Makers Award winners are:

Conor Callahan, Technical Lead, Platform & Infrastructure, Zoosk
Callahan and team put forth a successful effort to stop fake account creation and account take overs. In so doing, he was able to help put a stop to associated fraud and scams like the romance scam which costs, on average, $12,000 per scam.

Suzette Kent, Federal CIO, US Office of Management and Budget
Jason Gray, CIO, US Department of Education
Doc McConnell, OMB Cyber Policy Advisor
Dorothy Aronson, CIO National Science Foundation
Trey Kennedy, Office of the Chief Information Officer, U.S. Department of Justice

Kent and her team designed and implemented the first-ever Federal Cyber Reskilling Academy (FCRA), an innovative program offering Federal employees the opportunity for hands-on training in cyber security. Through a strategic partnership between the U.S. Department of Education, the Office of Management and Budget, and the CIO Council, with leadership from Federal CIO Suzette Kent the program launched in November 2018. This program demonstrates the ability to reskill employees into cyber security professionals by identifying hidden internal talent - specifically employees who had no formal IT training or work experience. This program provides a model for the rest of government and for large industrial organizations, and has already served, in part, as the model for a large-scale cyber talent development program being launched in Canada.

Jose Maria Labernia, Head of IT Security & Internal Control at LafargeHolcim IT EMEA
Labernia was instrumental in helping redefine LafargeHolcim's vulnerability management program through such efforts as the introduction of newly defined key performance indicators (KPIs). In doing so rather than report thousands of vulnerabilities to senior management, the number is significantly scaled down. In addition to increasing the organization's security posture, senior leaders' sponsorship to resources allocation has improved.

Victor Gevers, GDI Foundation
Victor has been a driving force behind the GDI foundation, an international non-profit organization. GDI's mission is to protect the Internet by trying to make it safer and to prevent and mitigate digital abuse. Members focus on Responsible Disclosures and assist anywhere in times of need. Victo has over 5000 responsible disclosures on his name and is progressing not only internet safety in The Netherlands, but also world-wide.

Jamie Graves, Senior Cyber Security Training Analyst, BlueCross BlueShield of Louisiana
Graves took a compliance-focused, annual training to a robust awareness program with measurable metrics that focuses long-term sustainment and culture change. He also created an Ambassador Program to further advance security awareness programs throughout the state.

Mark R. Estep, Teacher, Poolesville High School, Poolesville MD (MCPS)
Estep was awarded a Maryland Governor's Citation for his work in developing a cyber-workforce of tomorrow. His efforts have helped students gain national recognition at cyber security competitions and many scholarships.

Steffanie A.K Schilling, Information Technology Marketing & Communications, Program Lead for Cyber Security Awareness, Steris
Schilling designed and implemented a measurably effective Cyber Security Awareness program for Steris. This program covers 12,000+ employees in over 30 countries.

Sherrie Caltagirone, Executive Director, Global Emancipation Network
Caltagirone has dedicated herself to creating new solutions to end human traffic. Included among her many efforts is the use of cyber data to identify human trafficking victims around the world.

Eric Zimmerman, FBI Agent and SANS Instructor
Zimmerman has written over 20 open source and free digital forensics utilities and DFIR tools over the past three years. These tools have provided rapid and accurate capabilities that march or exceed, may commercial products. Eric's efforts in developing and supporting these tools has enabled many enterprises to increase both the efficiency and effectiveness of their cybersecurity operations.

Sylvia Acevedo, CEO of the Girl Scouts
Acevedo is helping to fuel the pipeline of female leadership and entrepreneurship in Birmingham and STEM leadership. As part of this effort, the Girl Scouts of the USA has unveiled several new program badges and goals, most of which involve STEM and the outdoors.

Neal Richardson, Director of Technology, Hillsboro-Dering School District, New Hampshire
Richardson successfully implemented the CIS Controls Implementation Group 1 (IG1) across his network and brought the school district into compliance with New Hampshire's student privacy law.

Lieutenant Colonel Shane F. Liptak (Retired), U.S. Army
Lt Col Liptak helped create the training program for the Army 255S "Information Protection Technician" military occupational specialty (MOS). This program literally launched the Army into the Cyber Space and helped make Fort Gordon the cyber hub of the Army.

Jefferson Gilkeson, Director of IT Audit, Department of the Interior
Gilkeson was a driving force in increasing the effectiveness of cyber security audits that are typically performed by Inspectors General (IG) in the US Government. He actively advocates these advancements to IG special interest groups so that other auditors can achieve similar success.