Even (or perhaps especially) during these turbulent times, there has been no shortage of publicity around failures in security – too many breaches and ransomware incidents happening at companies and government agencies. However, what you rarely hear about are the many organizations that aren’t in the news because they have found ways to meet business and mission needs while protecting customer and business data and assuring business services stay available. There are thousands of security practitioners out there who are quietly succeeding and making breakthroughs every day in advancing security.
At the SANS Cyber Defense Initiative conference in December 2021, SANS held the 98th annual celebration of the most dedicated and innovative “People Who Made a Difference in Security in 2021." This prestigious annual awards program honors individuals, teams, and groups in the cybersecurity community who have made a measurable and significant difference in security. Through their implementation of security processes or technology, each person has raised the bar in enabling secure business operations and reducing risk.
“In another challenging year, the 2021 winners are a diverse group that used their skills and hard work to overcome obstacles and collectively made the world a safer place,” said John Pescatore, SANS Director of Emerging Security Trends. “The Difference Makers are individual contributors and teams of people, ranging from a security analyst who donated her own time to help cybersecurity job seekers improve their chances, to the Chief Security Officer at a large university, to a group of people who convinced security ‘superstars’ to turn their high-profile social media accounts over to lesser-known minority cybersecurity rising stars and gave them instant visibility and credibility.”
The common denominator was their willingness and ability to what SANS calls ‘Fight the Good Fight’ in advancing the state of practice in cybersecurity.”
The SANS 2021 Difference Makers Awards winners include:
SharetheMicinCyber: Camille Stewart, Lauren Zabierek, Katelyn Ringrose
#ShareTheMicInCyber is a movement started by Camille Stewart and Lauren Zabierek to enable critical conversation on race in the cybersecurity industry and to shine a light on Black practitioners’ accomplishments by showcasing them as experts in their fields. The first campaign in 2020 was an immediate success, and Katelyn Ringrose joined the team. There have been three more campaigns since. Their hard work gained support from top cybersecurity leaders, such as CISA Director Jen Easterly and NSA’s Cybersecurity Director Rob Joyce, with the campaigns earning 23M impressions across Twitter. The net effect has been to create professional opportunities while also bringing the overall cyber community together.
Kerry Tomlinson: CyberNews Reporter
Kerry has been an investigative reporter and journalist since 1993. In recent years, she has focused on cybersecurity and produced a series of free video resources that provide understandable explanations of cybersecurity incidents and risks to raise awareness and provide clear recommendations that lead to behavior changes. She donates her time to speak at security awareness sessions and has been very active giving information to security awareness professionals as a participant in the SANS Security Awareness Community Forum.
Randy Marchany: University Information Security Officer, Virginia Tech
Randy Marchany has been making a difference in cybersecurity for a long time. He became an instructor at SANS in 1992 and was one of the original authors of several security benchmarks published by the Center for Internet Security. He was one of the founders of the US Cyber Challenge project. At Virginia Tech, he is both the CISO and the director of VT’s Tech IT security lab. Across 2020 and 2021, Randy led the effort to securely move VT’s classes to all online and to enable the entire VT community to have secure and reliable connections to educational systems and services. He teaches courses each semester at VA Tech, donates his own time to help Virginia Western Community College and Radford University and other schools, and continues to serve on the board of the Virginia Cyber Range.
Micah Hoffman: Principal Investigator, Spotlight Infosec LLC
Micah is Principal Investigator, Spotlight Infosec LLC, a SANS Senior Instructor, and the author of SEC487: Open-Source Intelligence Gathering and Analysis. In recent years he has served as the President of the nonprofit OSINT Curious Project, which curates quality, actionable, Open-Source Intelligence news, original blogs, instructional videos, and live streams. The Curious Project has served as a free OSINT-learning catalyst.
Micah also serves as the lead of the Geolocation team for the non-profit National Child Protection Task Force (NCPTF). NCPTF provides detectives, analysts, and officers access to investigative expertise and resources so law enforcement organizations that don’t have the badly needed expertise to investigate important, time-sensitive cases focusing on human trafficking, child exploitation, and missing persons cases.
Lesley Carhart: Incident Response Practice Lead, Dragos
Lesley is an Incident Response Practice Lead at Dragos and a Cyber Transport Section Chief in the US Air Force Reserve. Lesley donates her own time to co-organize resumé and interview clinics at several cybersecurity conferences. She has also mentored colleagues, helped veterans to enter the cybersecurity field, and focused her social media time on fighting the good fight in cybersecurity. She is also a youth martial arts instructor.
Eileen Manning: Minnesota Cybersecurity Summit
Eileen Manning is the President and CEO of the Event Group and Executive Producer of the Minnesota Cybersecurity Summit - one of the top state-level cybersecurity events. Because of Eileen’s energy and personal dedication, this is more than an event, it’s a year-round public-private sharing community through her extensive networking, a large and lively “Think Tank” Advisory council, and frequent webinars, blogs, podcasts, and newsletters. Eileen’s efforts across 2020 and 2021 helped this community thrive over the pandemic. Eileen found new ways to deliver value, and she even grew the Minnesota cyber community with the Summit as the catalyst.
Britta Glade: RSA Conference
Britta has worked in cybersecurity program management and marketing since 1999 and has been the “Conscious of Cybersecurity Conference” for the RSA Security Conference since 2014. Over that period, the RSA Conference has grown exponentially, becoming the largest event in the world. Britta has served as a guiding light, making sure hands-on, practitioner-focused content was encouraged and highlighted, even as vendor and political content grew. Not only did Britta help guide the 2021 conference to an all-virtual event, but she also supported numerous mini-forums and sessions to drive security awareness in an uncertain world. While the number of security conferences has skyrocketed, Britta’s effort has made sure that “what will people do differently when they get back to work after the conference” remains the core value in accepting sessions and in guiding review of presentations.
National CyberSecurity Scholarship Foundation State Efforts
Alan Paller founded the National Cyber Scholarship program to support the entry of talented students to the cybersecurity industry, through providing talent discovery opportunities, world-class training, and scholarships to fund degree-level study. The overall mission is to rapidly eliminate the cybersecurity expert skills gap in the United States by providing scholarships for students with an innate talent for cybersecurity to study the discipline at the highest level. The NCSF has partnered with governors across the country and in 2021 the teams at the state of Texas and the State of New Jersey put forth extraordinary efforts to bring young people into the program.
In Texas, a total of 4,960 students participated, 733 were semi-finalists, and 94 won $2,500 scholarships to continue their study of computer-related topics at the college of their choice. This program builds upon their previous involvement in the Girls Go CyberStart Program, a pilot program targeted to young women in which 2,294 students from Texas high schools participated, and 199 succeeded in reaching the national finals.
In New Jersey, a total of 2,234 students participated, 589 were semi-finalists, and 63 won $2,500 scholarships to continue their study of computer-related topics at the college of their choice. New Jersey produced five times as many NCS Scholars as states of similar population size and was on par with much larger states.
- Nancy Rainosek, CISO, State of Texas.
- Sara Jefferson, Education and Outreach Coordinator
- Michael Geraghty, CISO State of New Jersey
- Mandy Galante, Training Specialist