Bethesda, Md. – SANS Institute, the global leader in cyber security training and certifications, today announced the winners of the SANS 2020 Difference Makers Awards. This prestigious annual awards program honors individuals, teams and groups in the cybersecurity community who have made a measurable and significant difference in security. Through their implementation of security processes or technology, each person has raised the bar in enabling secure business operations and reducing risk.
"In a very challenging year, the 2020 winners are a very diverse group that have used their skills and hard work to overcome obstacles and collectively make the world a safer place," said John Pescatore, SANS Director of Emerging Security Trends. "The Difference Makers range from individual contributors to teams of people, from a Secretary of State to a Biotechnology Threat Focus team to a supply chain security program lead. The common denominator was their willingness and ability to do what SANS calls 'Fight the good fight' in advancing the state of practice in cybersecurity."
Winners will be honored during a virtual awards ceremony on Thursday, December 17, during the SANS 2020 Cyber Defense Initiative online training event. The webcast celebrating the award winners is open to the public - register at https://www.sans.org/webcasts/2020-difference-makers-awards-ceremony-117154 and attend to learn what made their accomplishments so special.
The SANS 2020 Difference Makers Award winners are:
2020 SANS Difference Makers' Awards Winners
Frank LaRose, Secretary of State of Ohio
During these challenging times, Frank LaRose played a proactive and
pivotal role in ensuring that election security was a top priority
across Ohio. He authorized a statewide rollout of Albert, the MultiState
ISAC network monitoring and managing service on-premise for Ohio's
Election systems. Frank was part of the team that mandated the CIS
Controls be adopted across all County & Elections entities.
Margaret Latimer, Vice President/Provost -Germantown Campus
and Collegewide STEM Unit at Montgomery College, and Dr. Sanjay Rai,
Senior Vice President for Academic Affairs at Montgomery College
Montgomery College changed the game for high school and community
college students who seek to enter the cybersecurity profession. Their
new program, Bachelor of Professional Studies in Applied Cybersecurity
(BACS), provides an assured pathway for talented students to launch
their careers in cybersecurity.
Margaret Latimer (with the help of previous SANS Difference Maker Joe Roundy) created the program at Montgomery College. Dr. Lai saw the benefits that could be realized and provided critical support from the top, assuring the success of this innovative program.
Katie Nickels, Director of Intelligence at Red Canary and SANS instructor
Katie Nickels is a growing leader in the cybersecurity community. Not
only is she highly skilled technically, she also has extremely strong
communication skills and is dedicated to helping the community. She was
one of the principal developers behind the MITRE ATT&CK(R) model,
and she is the Program Manager for the Cyberjutsu Girls Academy.
Jamie Williams, Lead Cyber Adversarial Engineer at MITRE
Jamie was instrumental in development of sub techniques for the MITRE
ATT&CK(R) knowledgebase and has also been a core member of the
ATT&CK Evaluations team. Both efforts have been widely used by
thousands of cybersecurity professionals to reduce time to
detect/respond/restore as well as identify and close gaps in security
controls.
Carrie Roberts, Dynamic Defense Engineer at Walmart
Carrie Roberts is a highly skilled blue teamer at Walmart and a
maintainer of the Atomic Red Team framework, which has been instrumental
in helping teams adopt ATT&CK. She also regularly gives back to the
community with talks and other volunteer efforts.
Tom Jennings, USAF 33rd Network Warfare Squadron in San Antonio, Texas
Tom's contributions to this elite group of defenders over a long period
of time has made him a true Difference Maker, most recently as the
Deputy Flight Commander, Operations Training of the 33rd - Air Force
Computer Emergency Response Team (AFCERT). He has continually championed
cybersecurity education and skills advancement, fighting for and
managing one of the Cyber Wing's largest training budgets. He led the
first- ACD Cyber Range effort through the initial dry run and feedback
effort.
Sean Pruitt, FBI Unit Chief
Historically, cyber training offered by the FBI was either technical or
investigative. As Chief of FBI's Cyber Training Unit, Sean Pruitt
realized there was a critical need for a blending of the two after
taking command more than three years ago. Using a combination of working
groups and input from senior cyber investigators in the field, special
mission experts from industry and government, Sean led a team that
developed a brand-new series of cyber operations and investigative
courses that has become the benchmark within the United States
government.
Dennis Antunes, Cybersecurity Research Analyst at Wells Fargo
Dennis has six years of tenure on Synack's 1,500-person crowdsourced
security testing team, the Synack Red Team (SRT). He is the SRT's top
rated SANS-certified penetration tester in 2020 and has been a top
performer every year. He has found more than 120 security
vulnerabilities so far in 2020 for customers around the world.
Annie Salem, Third Party Risk Management Program Lead at Mass Mutual
Annie Salem is the TPRM program lead at Mass Mutual, reporting to the
CISO. She was instrumental in re-designing the Mass Mutual 3rd party
risk management program. Annie developed their holistic risk model
including partitioning Mass Mutual's third-party inventory into eight
risk categories based on the classification of data and how it is
accessed by whom. Annie was also instrumental in bringing in various
AI/ML tools to detect changes in risk posture, which allows MassMutual
to focus on those third parties representing the greatest risk to Mass
Mutual in real time and on an ongoing basis. Mass Mutual's use of data
science, AI and ML to monitor their third-party risk management program
has resulted in efficiency gains, requiring less staff for manual
processes to more effectively manage and mitigate third-party risk.
Didier Stevens, Senior Analyst at NVISO
Didier has spent an enormous effort in creating a library of open-source
python scripts to analyze malicious Office documents. The effort he put
into those scripts, and the blog posts he is writing on isc.sans.edu,
and the time he spends explaining and educating analysts in the
effective use of his scripts have helped countless organizations defend
against and recover from compromises. His work has been so impressive
that SANS has unofficially named one day of the reverse engineering
malware class (FOR610), the "Didier Day" as it deals pretty much
exclusively with the use of his scripts. Didier has been an Internet
Storm Center volunteer handler since March of 2015 and has posted about
360 different times just on isc.sans.edu, often discussing some recent
update to his famous scripts.
BG Paul Stanton, Deputy Director of Current Operations US
Cyber Command and John Womble, Training Manager for the US Army Cyber
Effects Program
Starting as far back as 2016, BG Paul Stanton and John Womble played
critical roles in the creation and success of Cyber STX, one of the very
few live Army exercises that ran in the summer of 2020. This is
especially unique as it contained physical elements, in person
activities, and travel that all had to be managed during the pandemic.
Without BG Stanton and John Womble's vision to push forward with a plan that involved the whole of CPB's logistics, transportation and cyber teams in this realistic Red on Blue fight, it never would have come to fruition and become the Military's most exciting and realistic CPT Validation exercise in history. John Womble was so intrinsic in the creation of Cyber STX that they named the deep-water port "Camp Womble".
Jason O'Dell, Director, Incident Management at Walmart
Jason is an industry leader who embraces large scale cyber education and
was an early adopter for team based training and corporate Netwars
ranges. Jason has also volunteered to serve as a panelist for SANS
Hackfest Summits and was instrumental in bringing together 70 students
for a private Core NetWars Tournament in 2020. Walmart offered this as a
"October/Cyber Security month" thank you for key InfoSec professionals,
and as a recruiting tool for Walmart Associates considering a transfer
into cyber.
Lee Whitfield, SROC Senior Advisor
During the early stages of the pandemic, Lee Whitfield saw that teens
were stuck in quarantine and isolated while learning remotely. He
recruited SANS professionals to provide free online training, hands-on
activities, and CTFs for a new cyber camp for teens, parents and even
instructors. The effort really hit home and the impact on the next
generation of Infosec professionals was impressive. Unique material was
created and provided to cater to this age group.
FBI Biotechnology Threat Focus Cell Team, Newark NJ
- SA Scott R. Nawrocki, FBI, BTFC Lead
- SA Tammybeth McHugh, FBI
- Detective Sergeant Anthony Correll, NJ OHSP
- SA Timothy Cho, FBI
- IA Jesus Lopez, FBI
- IA Gerard Martin Jr., NJ OHSP
- IA Christopher Lynam, NJ OHSP
- IA Steven Ford, FBI
- SSA Christian Schorle, FBI Newark Cyber Program Coordinator
- SSA David Miller, FBI Newark CI Supervisor
- Lieutenant Michael Podolak, NJ OHSP CT/CI Lead
- Detective Ed Kelly, New Jersey Office of Homeland Security & Preparedness
The mission of the Biotechnology Threat Focus Cell (BTFC) is to identify, mitigate, neutralize, and share cyber, national security and insider threats to the biotechnology sector. The BTFC is an FBI Newark and New Jersey Office of Homeland Security and Preparedness joint initiative formed in October 2019. Industry partners join Federal and State government during monthly threat exchanges to collaborate, share trends, threat information, and address concerns facing industry.
The CTI-League
The Cyber Threat Intelligence (CTI) League is an online, global
volunteer community of cyber threat intelligence researchers, InfoSec
experts, CISOs, and other relevant people within the industry, whose
goal is to neutralize cyber threats exploiting the current COVID-19
pandemic. It is essentially an open-source CERT for that community,
helping hospitals and health care facilities protect their
infrastructures during the pandemic and creating an efficient channel to
supply support services.
Established in March 2020, the CTI League grew from 2 users to over 100 volunteers in only one week. In 20 days, more than 1,000 new volunteers joined the league and currently there are more than 1,400 volunteers from almost 80 countries within the league.
Founders: Ohad Zaidenberg, Nate Warfield, Marc Rogers
To learn more about the SANS Difference Makers Awards, and the 2020 winners, visit https://www.sans.org/cyber-innovation-awards
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (https://www.sans.org)