This year’s SANS Difference Makers Awards were the grandest yet, and there are many people deserving of a celebration!
What are the SANS DMAs?
For the 10th year running, SANS presented a talented and diverse group of cybersecurity professionals with SANS Difference Makers Awards. These awards are given to people around the world who are fighting the good fight — helping others and working tirelessly (often on their own time) to reduce risk by raising the bar in security practices and operations.
“SANS is proud to shine a light on the people who are making the processes and technologies more effective and more efficient in cybersecurity through their skills, their values, and their continued willingness to share their time and talent,” says John Pescatore, SANS Director of Emerging Security Trends.
Celebrating the winners
The nominees gathered in DC (and joined us virtually) on December 14 for our biggest (and fanciest) Difference Makers Awards ceremony yet! Dressed to the nines, our community came together to recognize and applaud cybersecurity practitioners — both individuals and teams — who are leaving their mark on this industry.
Individuals and teams were nominated for 11 different award categories, with two winners per category — a Community Winner and Committee Winner — to receive the coveted golden key.
And the winners are…
The night featured endless rounds of applause and happy tears. Below you can read a bit about our winners and how they are influencing the cybersecurity industry. You can also see all the nominees here. Some of the acceptance speeches are also included, but brace yourselves for some emotions because as you will see, this award program is especially meaningful.
Innovator of the Year
Awarded to an individual whose contributions have added novel and valuable information to the field
Andy Grant, Head of Offensive Security, Zoom Video Communications, Inc.
Andy has taken an innovative approach with Zoom’s Offensive Security team, where he fosters an environment that embraces agility and a creative spirit. He came to Zoom in 2020, where he built a program that gives team members the flexibility and freedom necessary to push the needle forward. Andy’s goal for building a team at Zoom was to create a forward-thinking environment that is anchored in research and promotes getting to the truth of how Zoom’s products work—he even gave his team an internal nickname of “Truth Finders.”
Darren Argyle, Cyber Leadership Institute
Darren Argyle is the founder of Cyber Leadership Institute that has now created a global hub and certifications to allow those with Professional Careers in Cybersecurity to obtain the knowledge and networks to step into CISO, BISO, and senior executive and management security roles, with all the tools and framework knowledge necessary to this task.
Mentor of the Year
Devotes significant time and energy to developing others’ careers
Deidra Phyall, Black Girls in Cyber
Deidra has demonstrated excellence in mentoring (formally and informally), and has been outstanding in supporting, encouraging, and promoting educational, professional, and personal development. Deidra currently works for the Department of Treasury, Internal Revenue Service (IRS) as an IT Specialist (Security) in the Cybersecurity organization. In her role, she serves as the co-lead/mentor for The Cybersecurity Strategic Hiring Initiative and Employee Learning and Development (SHIELD) Program, a strategic hiring and 24-month developmental program that provides new hires and current IT Cybersecurity employees (GS-5 through GS-12) the opportunity to build critical skills through tailored learning and career experiences in the Cyber workforce.
“It is an honor and privilege to win the SANS Difference Makers Award for Mentor of the Year!” Deidra Phyall says. “I am forever grateful, humbled, and thankful to be in this space, and I thank you all for your support and voting for me. Mentors are the key to discovering your untapped potential. I am passionate about mentorship and serving others. I love Cybersecurity and I love mentoring. It is a part of who I am and what excites me the most in life is when I can help someone else achieve their goals, whether it’s personally or professionally.”
Despite being a founder AJ always makes time for his mentees. He mentored me (nominator) since mid 2020, helped me find my voice, and guided me whenever I needed his opinion and guidance. I really appreciate his work as a founder, advocating for mental health, work-life balance, and generally being a role model to look up to! AJ is also an instructor and Veteran who is a great voice within the cybersecurity industry.
Rising Star of the Year
Newer practitioners to keep an eye on
Segun Ebenezer Olaniyan
Segun is a change maker; changing the narratives in the Cybersecurity Ecosystem and helping to develop emerging cyber talents to bridge the cybersecurity skill gap. He founded an initiative for cyber talent development (Digital Security Village) through which he’s equipping thousands of emerging cyber talents with digital and cyber security skills via a series of bootcamps, masterclasses, and more.
With her LinkedIn courses, previous awards & nominations for awards, work accomplishments, podcast & social media presence, Dominique has made a significant impact on building a bridge for people who are interested in cyber security & also how to advance in the cyber security field.
Article or Book of the Year
Awarded to the author of published content in book or article form that makes a significant contribution to cybersecurity literature
The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organization Cybercrime, Jon DiMaggio
This book provides an overview of the new world order of cyberwarfare and more importantly, acts as a field manual providing the core concepts and analytical framework necessary to investigate today’s most advanced cyber threats.
Hacking APIs, Corey Ball
Nothing existed prior to this book that made API security accessible to beginners and gave details for experienced practitioners. Corey Ball has been absolutely humble about the success of the book and is genuinely trying to help our industry by raising awareness of API security.
Podcast or Livestream of the Year
Podcast or live-streamed content that makes a significant contribution to the industry
Cloud Security Podcast, Ashish Rajan & Shilpi Bhattacharjee
Ashish Rajan is the host of the wildly popular Cloud Security Podcast, a CISO, CyberSecurity Influencer, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps. He is a frequent contributor on topics related to public cloud transformation, DevSecOps, Future Tech and the associated security challenges for practitioners and CISOs.
Cloud Security Reinvented, Andy Ellis
Cloud Security Reinvented is unlike other B2B podcasts — it explores how cybersecurity leaders turn cloud transformation ambitions into reality. Host Andy Ellis speaks candidly with fellow Chief Security Officers from notable companies such as United Airlines, Pinterest and Lemonade, about their origin stories and how they navigate their unusual career paths. Expert guests offer a diverse set of voices and perspectives on the state of cybersecurity, giving listeners an opportunity to reflect on their own security challenges and different ways to overcome them. Few podcast hosts bring Andy’s uncanny ability to set his guests at ease, and discuss details about their career history in an open setting, giving rising Chief Security Officers insights into what their future might hold.
Devotes significant time and energy to fostering talent and increasing representation and participation of under-represented minorities
Talya C. Parker, Founder & Executive Director, Black Girls in Cyber
In less than one year, Talya was able to raise over $50,000 to support the launch of her Black Girls in Cyber programs. She has created a space that has provided scholarships, mentorship, and job placement for women of color. She continues to work tirelessly to increase partnership and awareness around the cause in an effort to continue serving minority community groups while balancing a demanding role as an engineer in tech, a wife and a mother.
Delisha Hodo, SANS Institute
Delisha consistently looks to serve underrepresented students and propel them towards excellence. She is the Co-Chair of the SANS+HBCU Cyber Academy which launched it's first national cohort in 2022. Delisha works with and promotes many organizations that champion women and BIPOC.
Influencer of the Year
Social media presence provides valuable resources and connections for others in the field
Dave Kennedy, Founder & Chief Hacking Officer of Binary Defense, TrustedSec
David is the founder & chief hacking officer of Binary Defense, a Managed Security Service Provider (MSSP), and TrustedSec, an Information Security consulting firm. In an effort to advance the industry, David co-authored 'Metasploit: The Penetration Testers Guide' and co-founded the 'Penetration Testing Execution Standard' (PTES), which is the industry standard for penetration tests and has been adopted by the Payment Card Industry (PCI). In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), David has released security advisories, including zero-days, all while contributing as a subject matter expert on Fox News, CNN, BBC, and other high-profile media outlets. A forward thinker in the security field, David has had the privilege of speaking at some of the nation’s largest conferences, including Microsoft’s BlueHat, DEF CON, and Black Hat.
Camille Stewart Gloster, Esq., Deputy National Cyber Director for Technology & Ecosystem for The White House
Camille Stewart Gloster is a strategist, attorney and executive whose crosscutting perspective on complex technology, cyber, and national security, and foreign policy issues has landed her in significant roles at leading government and private sector companies like the Department of Homeland Security, Deloitte, and Google. Camille builds global cybersecurity, privacy, and election security/integrity programs in complex environments for large companies and government agencies.
Open-Source Tool Creator of the Year
Created an open-source tool that is of significant value
Arctic Wolf Labs – Log4Shell Deep Scan Tool
Identifying all vulnerable instances of Log4j within an organization was a significant concern and challenge for IT and security after it was disclosed in late 2021. In a matter of days after the Log4Shell vulnerability was published, Arctic Wolf Labs published the Log4Shell Deep Scan tool to GitHub. This script—provided for Windows, macOS, and Linux devices—conducts a deep scan of a host’s filesystem to identify Java applications and libraries with vulnerable Log4j code.
Alexis Brignoni's XLEAPP series
Alexis develops and maintains his xLeapp tool, supporting the DFIR community for free.
Alexis constantly mentors others and takes feedback from the community that he translates into new features of his tools.
Team or Practitioner of the Year
An individual or team who has done extraordinary work
Toni Benson, Associate Director Cyber Defense Education and Training (CDET) at CISA
Toni Benson leads a team of 24 Federal employees as the Associate Director of CISA’s Cyber Defense Education and Training (CDET). Under her leadership, CDET thoughtfully addresses today’s cyber workforce challenges through innovative education and training opportunities.
“To be nominated for this award means so much to me because it came from my team,” says Toni Benson. “As a leader you hope you are having an impact, but it's solidified when your team does something like this. Then to have your peers and a staple institution in our community like SANS, come together and also say ‘job well done,’ ‘we see you,’ ‘we appreciate you’. It means a lot to know you as an individual and the work you are doing is making a difference.”
Navy Cyber Defense Operations Command
During 2022, Navy Cyber Defense Operations Command (NCDOC) boldly and innovatively designed, deployed, and operated the Department of Defense’s (DoD) first cloud-native extended detection and response (XDR) environment that resulted in unprecedented cybersecurity enhancements and modernization for DoD information networks (DoDIN) Navy. The team skillfully handled unique requirements from nearly 100 distinct network owners on the path to universal deployment, ultimately surpassing more than 400,000 covered endpoints.It is extremely difficult to be transformational in an organization and culture as monolithic and bureaucratic as the military, so it is no exaggeration to say that the Sailors and civilians of NCDOC over the last year have put forth herculean efforts to ‘Fight the Good Fight’ in advancing the state of practice in cybersecurity for the Navy.
Researcher of the Year
Security researcher who has contributed significant work to the community
Sharon Brizinov, Director of Security Research at Claroty
Sharon has led a team that has performed impressive research into the security of industrial control systems. Claroty Team82 research team releases in 2022 have included disclosed hard-coded encryption keys in SIMATIC S7-1200/1500, Evil PLC Attack research resulting in working proof-of-concept exploits against seven market-leading automation companies, Splunk Patches Indexer Vulnerability Discovered, and others.
Eugene Neelou, Co-Founder & CTO at Adversa AI
Eugene Neelou is pioneering a new direction in cybersecurity - the Security of AI algorithms. He is a co-founder of the world-first vulnerability research company focused on mission-critical AI systems. As a CTO at AdversaAI, which is like OpenAI for Infosec, Neelou leads internal R&D and external industry collaborations. He focuses on productizing adversarial machine learning research and sharing cutting-edge expertise about the problems of AI security and safety.
Lifetime Achievement Award
Transcends categories; has made substantial contributions to cybersecurity over many years
Lesley works every day to help so many people defend themselves against cyber aggressions. She is well-known and a trusted source on Industrial Control Systems security.
Sounil Yu, CISO & Head of Research, JupiterOne
Sounil is a distinguished security innovator with a deep knowledge of computer systems and a career spanning over three decades as an executive leader of information technology and security in the federal government, military, and private sectors. Currently, he is the CISO and Head of Research at JupiterOne, a fast-growing cybersecurity startup building the first cloud-native asset management and security platform.