.jpg?auto=webp&height=390&crop=3:1)
On December 16, 2019 SANS Institute celebrated the winners of the SANS 2019 Difference Makers Awards at the SANS Cyber Defense Initiative training event in Washington DC, giving well-deserved recognition to the most dedicated and innovative "People Who Made a Difference in Security in 2019."
"The 2019 winners span a wide range of making real progress in increasing cybersecurity levels in a number of key areas" said John Pescatore, SANS Director of Emerging Security Trends. "The Difference Makers range from a CEO to a high school teacher. The progress included increasing diversity in the cybersecurity workforce, fighting fake account creation, implanting many areas of the Critical Security Controls, to name just a few."
The 2019 SANS Difference Makers Award winners are:
Conor Callahan, Technical Lead, Platform & Infrastructure, Zoosk
Callahan and team put forth a successful effort to stop fake account
creation and account take overs. In so doing, he was able to help put a
stop to associated fraud and scams like the romance scam which costs,
on average, $12,000 per scam.
Suzette Kent, Federal CIO, US Office of Management and Budget
Jason Gray, CIO, US Department of Education
Doc McConnell, OMB Cyber Policy Advisor
Dorothy Aronson, CIO National Science Foundation
Trey Kennedy, Office of the Chief Information Officer, U.S. Department of Justice
Kent and her team designed and implemented the first-ever Federal
Cyber Reskilling Academy (FCRA), an innovative program offering Federal
employees the opportunity for hands-on training in cyber security.
Through a strategic partnership between the U.S. Department of
Education, the Office of Management and Budget, and the CIO Council,
with leadership from Federal CIO Suzette Kent the program launched in
November 2018. This program demonstrates the ability to reskill
employees into cyber security professionals by identifying hidden
internal talent - specifically employees who had no formal IT training
or work experience. This program provides a model for the rest of
government and for large industrial organizations, and has already
served, in part, as the model for a large-scale cyber talent development
program being launched in Canada.
Jose Maria Labernia, Head of IT Security & Internal Control at LafargeHolcim IT EMEA
Labernia was instrumental in helping redefine LafargeHolcim's
vulnerability management program through such efforts as the
introduction of newly defined key performance indicators (KPIs). In
doing so rather than report thousands of vulnerabilities to senior
management, the number is significantly scaled down. In addition to
increasing the organization's security posture, senior leaders'
sponsorship to resources allocation has improved.
Victor Gevers, GDI Foundation
Victor has been a driving force behind the GDI foundation, an
international non-profit organization. GDI's mission is to protect the
Internet by trying to make it safer and to prevent and mitigate digital
abuse. Members focus on Responsible Disclosures and assist anywhere in
times of need. Victo has over 5000 responsible disclosures on his name
and is progressing not only internet safety in The Netherlands, but also
world-wide.
Jamie Graves, Senior Cyber Security Training Analyst, BlueCross BlueShield of Louisiana
Graves took a compliance-focused, annual training to a robust
awareness program with measurable metrics that focuses long-term
sustainment and culture change. He also created an Ambassador Program to
further advance security awareness programs throughout the state.
Mark R. Estep, Teacher, Poolesville High School, Poolesville MD (MCPS)
Estep was awarded a Maryland Governor's Citation for his work in
developing a cyber-workforce of tomorrow. His efforts have helped
students gain national recognition at cyber security competitions and
many scholarships.
Steffanie A.K Schilling, Information Technology Marketing
& Communications, Program Lead for Cyber Security Awareness, Steris
Schilling designed and implemented a measurably effective Cyber
Security Awareness program for Steris. This program covers 12,000+
employees in over 30 countries.
Sherrie Caltagirone, Executive Director, Global Emancipation Network
Caltagirone has dedicated herself to creating new solutions to end
human traffic. Included among her many efforts is the use of cyber data
to identify human trafficking victims around the world.
Eric Zimmerman, FBI Agent and SANS Instructor
Zimmerman has written over 20 open source and free digital forensics
utilities and DFIR tools over the past three years. These tools have
provided rapid and accurate capabilities that march or exceed, may
commercial products. Eric's efforts in developing and supporting these
tools has enabled many enterprises to increase both the efficiency and
effectiveness of their cybersecurity operations.
Sylvia Acevedo, CEO of the Girl Scouts
Acevedo is helping to fuel the pipeline of female leadership and
entrepreneurship in Birmingham and STEM leadership. As part of this
effort, the Girl Scouts of the USA has unveiled several new program
badges and goals, most of which involve STEM and the outdoors.
Neal Richardson, Director of Technology, Hillsboro-Dering School District, New Hampshire
Richardson successfully implemented the CIS Controls Implementation
Group 1 (IG1) across his network and brought the school district into
compliance with New Hampshire's student privacy law.
Lieutenant Colonel Shane F. Liptak (Retired), U.S. Army
Lt Col Liptak helped create the training program for the Army 255S
"Information Protection Technician" military occupational specialty
(MOS). This program literally launched the Army into the Cyber Space and
helped make Fort Gordon the cyber hub of the Army.
Jefferson Gilkeson, Director of IT Audit, Department of the Interior
Gilkeson was a driving force in increasing the effectiveness of
cyber security audits that are typically performed by Inspectors General
(IG) in the US Government. He actively advocates these advancements to
IG special interest groups so that other auditors can achieve similar
success.