SANS Announces the 2021 Winners of the Difference Makers Awards

Honoring People Who Made a Difference in Security

BETHESDA, MD, December 9, 2021 — The SANS Institute (SANS), the global leader in cyber security training and certifications, today announced the winners of the SANS 2021 Difference Makers Awards. This prestigious annual awards program honors individuals, teams, and groups in the cybersecurity community who have made a measurable and significant difference in security. Through their implementation of security processes or technology, each person has raised the bar in enabling secure business operations and reducing risk.

“In another challenging year, the 2021 winners are a diverse group that have used their skills and hard work to overcome obstacles and collectively make the world a safer place,” said John Pescatore, SANS Director of Emerging Security Trends. “The Difference Makers are individual contributors and teams of people, ranging from a security analyst who donated her own time to help cybersecurity job seekers improve their chances, to the Chief Security Officer at a large university, to a group of people who convinced security ‘superstars’ to turn their high-profile social media accounts over to lesser-known minority cybersecurity rising stars and gave them instant visibility and credibility.”

“The common denominator was their willingness and ability to do what SANS calls ‘Fight the Good Fight’ in advancing the state of practice in cybersecurity,” Mr. Pescatore said.

Winners will be honored during a virtual awards luncheon on Wednesday, December 15, during the SANS 2021 CyberDefense International training event. The webcast celebrating the award winners is open to the public – register here to learn about their accomplishments.

The SANS 2021 Difference Makers Awards winners include:

SharetheMicinCyber: Camille Stewart, Lauren Zabierek, Katelyn Ringrose 

    • #ShareTheMicInCyber is a movement started by Camille Stewart and Lauren Zabierek to enable critical conversation on race in the cybersecurity industry, and to shine a light on Black practitioners’ accomplishments by showcasing them as experts in their fields. The first campaign in 2020 was an immediate success, and Katelyn Ringrose joined the team. There have been three more campaigns since. Their hard work gained support from top cybersecurity leaders, such as CISA Director Jen Easterly and NSA’s Cybersecurity Director Rob Joyce, with the campaigns earning 23M impressions across Twitter. The net effect has been to create professional opportunities while also bringing the overall cyber community together.

    Kerry Tomlinson: CyberNews Reporter

    • Kerry has been an investigative reporter and journalist since 1993. In recent years, she has focused on cybersecurity and produced a series of free video resources that provide understandable explanations of cybersecurity incidents and risks to raise awareness and provide clear recommendations that lead to behavior changes. She donates her time to speak at security awareness sessions and has been very active giving information to security awareness professionals as a participant in the SANS Security awareness Community Forum.

    Randy Marchany: University Information Security Officer, Virginia Tech

      • Randy Marchany has been making a difference in cybersecurity for a long time. He became an instructor at SANS in 1992 and was one of the original authors of several security benchmarks published by the Center for Internet Security. He was one of the founders of the US Cyber Challenge project. At Virginia Tech, he is both the CISO and the director of VT’s Tech IT security lab. Across 2020 and 2021, Randy led the effort to securely move VT’s classes to all online and to enable the entire VT community to have secure and reliable connections to educational systems and services. He teaches courses each semester at VA Tech, donates his own time to help Virginia Western Community College and Radford University and other schools, and continues to serve on the board of the Virginia Cyber Range.

      Micah Hoffman: Principal Investigator, Spotlight Infosec LLC

      • Micah is Principal Investigator, Spotlight Infosec LLC, a SANS Senior Instructor, and the author of SEC487: Open-Source Intelligence Gathering and Analysis. In recent years he has served as the President of the nonprofit OSINT Curious Project, which curates quality, actionable, Open-Source Intelligence news, original blogs, instructional videos, and live streams. The Curious Project has served as a free OSINT-learning catalyst.

        Micah also serves as the lead of the Geolocation team for the non-profit National Child Protection Task Force (NCPTF). NCPTF provide detectives, analysts, and officers access to investigative expertise and resources so law enforcement organizations that don’t have the badly needed expertise to investigate important, time-sensitive cases focusing on human trafficking, child exploitation, and missing persons cases.

      Lesley Carhart: Incident Response Practice Lead, Dragos

      • Lesley is an Incident Response Practice Lead at Dragos and a Cyber Transport Section Chief in the US Air Force Reserve. Lesley donates her own time to co-organize resumé and interview clinics at several cybersecurity conferences. She has also mentored colleagues, helped veterans to enter the cybersecurity field, and focused her social media time on fighting the good fight in cybersecurity. She is also a youth martial arts instructor.

       Eileen Manning: Minnesota Cybersecurity Summit

      • Eileen Manning is the President and CEO of the Event Group and Executive Producer of the Minnesota Cybersecurity Summit. one of the top state-level cybersecurity events. Because of Eileen’s energy and personal dedication, this has more than an event, it’s a year-round public-private sharing community through her extensive networking, a large and lively “Think Tank” Advisory council, and frequent webinars, blogs, podcasts, and newsletters. Eileen’s efforts across 2020 and 2021 helped this community thrive over the pandemic. Eileen found new ways to deliver value, and she even grew the Minnesota cyber community with the Summit as the catalyst.

      Britta Glade: RSA Conference

      • Britta has worked in cybersecurity program management and marketing since 1999 and been the “Conscious of Cybersecurity Conference” for the RSA Security Conference since 2014. Over that period, the RSA Conference has grown exponentially, becoming the largest event in the world. Britta has served as a guiding light, making sure hands-on, practitioner-focused content was encouraged and highlighted, even as vendor and political content grew. Not only did Britta help guide the 2021 conference to an all-virtual event, but she also supported numerous mini-forums and sessions to drive security awareness in an uncertain world. While the number of security conferences has skyrocketed, Britta’s effort has made sure that “what will people do differently when they get back to work after the conference” remains the core value in accepting sessions and in guiding review of presentations.

      National CyberSecurity Scholarship Foundation State Efforts

      Alan Paller founded the National Cyber Scholarship program to support the entry of talented students to the cybersecurity industry, through providing talent discovery opportunities, world-class training, and scholarships to fund degree-level study. The overall mission is to rapidly eliminate the cybersecurity expert skills gap in the United States by providing scholarships for students with an innate talent for cybersecurity to study the discipline at the highest level. The NCSF has partnered with governors across the country and in 2021 the teams at the state of Texas and the State of New Jersey put forth extraordinary efforts to bring young people into the program.

      In Texas, a total of 4,960 students participated, 733 were semi-finalists, and 94 won $2,500 scholarships to continue their study of computer-related topics at the college of their choice. This program builds upon their previous involvement in the Girls Go CyberStart Program, a pilot program targeted to young women in which 2,294 students from Texas high schools participated, and 199 succeeded in reaching the national finals.

      In New Jersey, a total of 2,234 students participated, 589 were semi-finalists, and 63 won $2,500 scholarships to continue their study of computer-related topics at the college of their choice. New Jersey produced five times as many NCS Scholars as states of similar population size and was on par with much larger states.


        • Nancy Rainosek, CISO, State of Texas.
        • Sara Jefferson, Education and Outreach Coordinator

        New Jersey:

          • Michael Geraghty, CISO, State of New Jersey
          • Mandy Galante, Training Specialist

          About SANS Institute

          The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cybersecurity training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cybersecurity events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cybersecurity. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s and bachelor’s degrees, graduate certificates, and an undergraduate certificate in cybersecurity. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to manage their “human” cybersecurity risk easily and effectively. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community.