.jpg?format=png&auto=webp&height=390&crop=3:1)
On December 17, 2018 SANS Institute announced the winners of the SANS 2018 Difference Makers Awards at the SANS Cyber Defense Initiative conference in Washington DC, celebrating the most dedicated and innovative "People Who Made a Difference in Security in 2018."
According to John Pescatore, SANS Director of Emerging Security Trends, "The winners of this year's Difference Makers Awards were selected from among a stellar group of individuals and teams from within the cyber security community. Their successful implementation of security processes and/or technology have resulted in meaningful and measurable advances in security. It is my pleasure to recognize this year's group of talented individuals for their outstanding achievements."
Winners of the 2018 SANS Difference Makers Awards include:
Page Hoeper and John Manferdelli, Defense Science Board (DSB) Task Force on Supply Chain Cybersecurity
Hoeper and Manferdelli played leading roles on the task force which
recommended a set of technical and organizational measures for acquiring
and developing more secure hardware and software technologies. The task
force also recommended validating the security of deployed systems.
These recommendations led to changes in DoD acquisition policy (an
enclosure to DoD Instruction 5000.02), chartering of a central DoD
organization to improve the security assurance of newly developed
systems (the JFAC or Joint Federated Assurance Center), and enhanced
security testing of deployed systems. The work of the DSB task force has
led to effective actions by the DoD that address the challenges of
supply chain security.
Michel Cukier, Director for the Advanced Cybersecurity
Experience for Students (ACES) at the University of Maryland Institute
for Advanced Computer Studies
Cukier established a pathway for
the brightest and most talented high school students to have an
intense, industry-supported focus on cyber security as early as their
freshman and sophomore years. His efforts are paving the way towards
providing much needed answer to the question those talented young people
will be asking when they start looking at colleges.
Deb Snyder CISO, State of New York
Snyder
integrated the CIS Controls as a critical component of New York's
statewide cyber security program framework. Under her direction, the NY
CISO office created a Critical Security Controls Assessment Model, based
on the CIS Controls, and used it to conduct gap assessments, determine
capability maturity, and establish current and desired future state
security profiles. This model provided a practical means of quickly
building an understanding of cyber risk concerns. It also helped define a
clear roadmap for monitoring and enhancing the state's security
posture. The CIS Controls served to validate and provide specific cyber
defense actions and industry-recommended practices to reduce risk.
Chris Sanders, Director, Rural Technology Fund
Sanders is a highly skilled cyber security practitioner and author. He
founded and serves as the director of the Rural Technology Fund which
works to lower the barriers faced by rural students and ensures that
they have an easier road to technology-based careers. Sanders is
actively involved in the mentorship of high school and college students
who are interested in computer science and information security. He
helped found the first-ever Computer Security Club at the College of
Charleston as an industry sponsor and mentor.
Hernan Armbruster Vice President, Trend Micro
Armbruster led Trend Micro's efforts to work with the Organization of
American States (OAS) to create the OAS Cyberwomen Challenge, a capture
the flag (CTF) event series. These events focus on developing cyber
security skills in women who are new to the field or want to expand
their skillset. The program encourages female engineers to build and
grow their careers in cyber security by hosting CTF competitions across
Latin America and Washington D.C.
Colonel Donald Bray (Retired)
As part of a long and
distinguished career, COL Bray served as the first Commander of Cyber
Protection Brigade (CPB) responsible for establishing the Army's 20
active duty Cyber Protection Teams (CPTs) and six Command Cyber
Readiness Inspection (CCRI) teams. He established a comprehensive
assessment and training program, training range/environment and R&D
section - Network Engineering Research and Development (NERD) - to
support CPT and CCRI missions.
Lieutenant General Ed Cardon (Retired)
LTG Cardon
has commanded at every level, from company through Army Service
Component Command. As the Commanding General of ARCYBER, he, along with
COL Don Bray, stood up the Army Cyber Protection Brigade (CPB) in
September of 2014. The CPB commands 20 Cyber Protection Teams (CPTs)
that are operational and responding to real-life cyber and ICS security
missions around the globe. LTG Cardon also inspired the creation of the
SANS Cyber Situational Training Exercises (Cyber STX) in which the CPB
partakes today for CPT validation.
Chet Maciag, Professor, Utica College
Professor
Maciag teaches CYB 671-Open Source Intelligence. He has inspired
students in a wide variety of fields (such as nuclear physics) to apply
open source intelligence concepts to their research and future careers.
He contributes to measurable increases in cyber security and encourages
women to enter the field. He has also demonstrated innovation by
applying open source intelligence concepts to the field of nuclear
non-proliferation.
John Scott, Security Awareness Director, Bank of England
Scott is a thought leader in the awareness field, leading new projects
and concepts at the Bank such as at home, personalized security
briefings for executives, hosting onsite mobile device clinics and
hacking demos. Even more important are his contributions to the
awareness community, including being one of the most active members of
the security awareness community forum, holding board member positions
for numerous security awareness summits, and looking to grow that
passion into become a SANS instructor.
Matthew Witten, Information Security Officer, Martin's Point Health Care
Witten's nimble, five-person IT department protects critical health
records for more than 70,000 patients. Witten and his team identified
and implemented process and technology changes that have enabled him to
reduce the expertise required and dramatically improve the performance
of the organization's security operations center by leveraging
newly-minted and second-career security professionals. His team includes
a SOC of five individuals - one, a registered oncology nurse who found a
second career with the MPHC security operations team.