SANS Announces Winners of the 2015 Difference Makers Award

Bethesda, Md. – SANS Institute is pleased to announce the winners of the SANS 2015 Difference Makers Award which celebrates those individuals whose innovation, skill and effort have driven real advances in information security. While there is no shortage of publicity around failures in security, there are thousands of security practitioners out there who are quietly succeeding and making breakthroughs in advancing security. The SANS Difference Makers Award was created to honor these individuals.

The 2015 Difference Makers Award winners will be celebrated on Tuesday, December 15th at the SANS Cyber Defense Initiative ® Training Event in Washington D.C. Ron Gula, CEO and founder of Tenable and inventor of Nessus, will speak at the ceremony, giving his perspective on how to continue advancing the state of the practice in cybersecurity.

The 2015 list of cybersecurity Difference Makers include:

Lori Rosenberg, Intuit - Lori continually helps develop materials and ideas for the Security Awareness Community, including working with people one-on-one to help improve their own programs. She is a leader in the concept of self-education, security learning portals designed to engage people and train them on their own time and in the ways they want and can best utilize.

Bob Rudis, Verizon - Bob is an active volunteer and contributor to the security awareness community. He has volunteered for the last two years as a lead editor for the OUCH! security awareness newsletter, which is translated into over 20 languages and distributed to over 80,000 people. In addition, he is the lead architect for the annual Security Awareness Report and the 2015 Verizon DBIR and has championed efforts to best use the DBIR to reduce vulnerabilities and increase security.

Integrated Application Security Testing Team, ADP: V.Jay LaRosa, Chris Olsen, Atanas Dimitrov, Craig Butler, Owen Buckingham, Joseph Kraft, Devi Nekkanti, Raghunath Kunta, Nagasuman Veeranala, Ramakrishna Marella , Sumeet Lakhwani - The Integrated Application Security Testing (IAST) program provides continual analysis of application code running in Java or .net to provide visibility into vulnerabilities as code is executed in the QA testing environments. By utilizing the IAST program, development teams are able to perform minor fixes and patch releases without direct interaction from the security testing team. This project initially covered the top 10 percent of or targeted application base and is expanding to 25 percent within the first year of service.

Steve Idelman, CEO, Arlin Halstead VP Human Resources, Solutionary - Under the leadership of Steve and Arlin, Solutionary has played a key role in the development of the VetSuccess Program. They have continued their involvement by hiring Academy graduates, sharing their experiences at industry conferences, and supporting program innovations such as the near-base academies. In 2016, Solutionary will be the first employer to sponsor a VetSuccess Academy, guaranteeing every graduate a high-paying, challenging position.

Rebekah Mohr, Shell, Austin Scott, Cimation - Rebekah and Austin have been providing ongoing contributions to broaden and deepen educational materials and other resources for the Industry Control System (ICS) Security Specialist community. Austin created a workforce development suite and an innovative virtual reality room as part of a Think Secure campaign. Rebekah designed an ICS Cybersecurity Remediation Program which will be implemented globally across all Shell lines of business, as well as an ICS-focused Cyber Risk Assessment Process and Model.

Jack Daniel, Michelle Klinger, Bsides - Bsides is a community driven framework for organizing and holding content-rich security conferences that was created in 2009 by Jack Daniel, Mike Dahn, Michelle Klinger and others. In recent years Jack and Michelle have played key roles in expanding Bsides' impact through a lot of hard work that enabled the number and variety of events to expand, as well as linking Bsides to other efforts to increase the level of expertise in the cybersecurity community.

Charles E. (Chip) Campbell, CMSgt and Alexander E (Alec) Hall, SMSGT, USAF - SGTs Campbell and Hall have made significant contributions to the VetSuccess program since its inception. They provided important insights into program curriculum and admissions standards, the military career fields where prospective candidates can be found, and the optimal pathways to engage transitioning veterans. Their enthusiasm for the program resulted in numerous opportunities to engage employers, military leaders, and security industry representatives. Perhaps their most important contribution has been their unfailing advocacy for their Air Force brothers and sisters. 100 percent of transitioning Air Force veterans accepted into the program to date have completed the VetSuccess curriculum and landed challenging, high paying jobs in the industry.

Doug Logan, Cyber Ninjas - Doug has progressed through the US Cyber Challenge (USCC) program, volunteered as a Teaching Assistant (TA) and continued to donate significant time to advancing the program. Doug led a team of former TAs from the camp and developed the Capture the Flag (CTF) competition which was used by the campers when the USCC's former provider had to pull out this past summer. His efforts help make the camp a success and continued the learning experience for each and every camper.

Gary Hayslip, Department of Information Technology, CISO, City of San Diego - Gary has used the Critical Security Controls and others security frameworks to take a risk-focused approach to protecting city services and citizen information while successfully communicating the value of security to his Mayor. Gary also donates his time to serve as an advisor to cyber security incubator companies and gives real-world and operationally focused feedback to these companies.

Heather Meeds, Senior Cyber Advisor, US Army National Guard Bureau - Heather has been instrumental in driving the Army Guard annual Cyber Shield exercise for 2015 and 2016. She implemented team-based CyberCity training for 20 teams. The training was so effective that the top four teams and their commanders were invited to participate in a CyberCity "Best of the Best" Tournament. Heather is also the driving force behind building a life-size CyberCity curriculum at Muscatatuck, which will include a Cyber Remote Operations Center (CYROC) and three Cyber Mission classes built on top of the CYROC.

Loilette Loderick, Netcentrics/USCG contractor - Loilette lead the development of web application security for the United States Coast Guard. Over a period of a year and a half, with no previous program in place, she single handedly initiated the web application security program and began extensive training with web application developers in order to inspire a secure coding approach and remediate vulnerabilities. She manually walked through many thousands of web application risks and expertly maintained Coast Guard accountability of all outstanding vulnerabilities; reporting directly to the Defense Information Systems Agency and CG Cyber Command on a weekly basis.

ICS Lifetime Achievement and Scholarship award

In honor of Ernie Rakaczky Jr., Invensys, who passed away in 2015, SANS has created the annual ICS Lifetime Achievement and Scholarship Award. Ernie was best known by his peers as an advocate with a passion for progress, innovation, and investment in the ICS field. He was a strong supporter of US and Canadian efforts to enhance the security of ICS on an international scale, and an activist to bridge the gap between IT and Operational Technology (OT) through education and awareness of proper automation systems for security professionals. Ernie served on the GICSP steering committee, where his expertise and insight directed the formulation of the certification.

To learn more about the SANS Difference Makers Award winners, please visit:

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (