SANS Presents: People Who Made a Difference in Security in 2019

There is no shortage of publicity around failures in security - constant headlines detailing breaches and vulnerabilities at companies and government agencies. However, what you never hear about are the many organizations who aren't in the news because they have found ways to meet business and mission needs while protecting customer and business data from attackers. There are thousands of security practitioners out there who are quietly succeeding and making breakthroughs in advancing security.

In December at the SANS Cyber Defense Initiative training event in Washington DC, SANS will hold the 7th annual celebration of the most dedicated and innovative "SANS Difference Makers Awards."

We are soliciting nominations from the SANS community for names of individual, teams and groups who implemented security processes or technology in 2019 that resulted in meaningful and measurable advances in security. The criteria for nomination are:

  1. Must have led the implementation and deployment of security processes or controls in 2019 that either (a) made measurable increases in cybersecurity or (b) enabled new business initiatives (such as use of BYOD, cloud, agile development, Digital Government, etc) while maintaining required security levels.
  2. The deployed solutions must show advances or innovation over common levels of practice.
  3. Must be willing, and have management approval, to be publicly acknowledged. Company or agency names can be kept anonymous if necessary.

Awards will be made in several categories, including but not limited to:

  1. Enhancing the Security Workforce
  2. Implementing the Critical Security Controls
  3. Meaningful Security Metrics
  4. Mitigating Advanced Threats
  5. Turning Awareness into Improved Security
  6. Vertical Industry Difference Makers: ICS, Healthcare, Government, etc.

Submissions are due by 18 October 2019, and will be evaluated by a team from SANS, security industry analysts and thought leaders. Nominations should include:

  • Full contact information for the person submitting the nomination
  • Full contact information for the nomination person or the leader of the team or group nominated.
  • A brief description of the accomplishments justifying nomination. This must include indication of the measurable increase in security or the new business initiative enabled.
  • Any additional explanatory information.
  • Confirmation that the nominating person or group can be publicly acknowledged.

Send your nominations or questions to