SANS Honors People Who Made a Difference in Cybersecurity in 2014

Originally posted on PRNewswire-USNewswire

BETHESDA, Md., SANS Institute is pleased to announce the winners of the SANS 2014 Difference Makers awards. While the headlines focus on security breaches, there are thousands of security practitioners out there who are quietly succeeding and keeping their companies and customers safe from attacks. The SANS Difference Makers award celebrates those individuals whose innovation, skill and effort have driven real advances in information security.

The award winners were announced at the SANS Cyber Defense Initiative Training Event in Washington D.C. on December 16th during an expanded evening awards ceremony. Nominations were evaluated by a team from SANS, security industry analysts and thought leaders.

The 2014 Difference Makers Award winners include:

Joyce Brocaglia, CEO Alta Associates – Joyce has long been a force in helping skilled cybersecurity professionals move up to CISO positions. She established the Executive Women’s Forum in 2002, exposing more women to IT and cybersecurity, and has personally funded several scholarships.

Dr. Martin Carlisle, Professor and Head, Department of Computer Science, United States Air Force Academy – Dr. Carlisle was instrumental in adding a cybersecurity major to the Air Force Academy curriculum, even as other areas were being reduced. He also created and led the USADA Cyber Competition Team.

Cheryl Conley, Lockheed Martin, Corporate Information Security, Security Education and Awareness – Lockheed Martin has been a trailblazer in effective employee security awareness and education. Cheryl has led that program, tirelessly collaborating with other security leaders to share her ideas and to support other efforts.

Department of Homeland Security National Cybersecurity Assessment and Technical Services Team Members: Rob Karas,Sean McAfee, Dave Link, John Bush, Mark Feldhousen, Jason Hill, Willio Jean-Paul, Lorenzo Miller, Teodorico Trajano, Ken Vrooman, Scott Wallace, Joshua McAllister, Dave Redmin – The DHS NCATS team uses a proactive approach to provide vulnerability assessment and risk analysis services to DHS and other agencies. By showing how vulnerability scanning could be increased from quarterly to weekly, the team showed an 86% reduction in critical vulnerabilities. NCATS lead the response to the Heartbleed vulnerability and coordinated a response effort that mitigated 99% of all vulnerabilities within 3 weeks.

Sarah Edwards, SANS Institute DFIR Instructor TeamSarah Edwards has put SANS on the map with cutting edge Mac OSX and file system forensic expertise. Throughout 2014, she has contributed her time at national Law Enforcement industry events, regional B-Sides and national technical conferences, educating fellow professionals in her area of expertise.

Freedom Mortgage National Operations and Control Center – The team at Freedom Mortgage was able to both support business demand for BYOD and mobility and to build out a NOC capability to securely monitor operations. They were able to develop their own central monitoring capability, reducing hundreds of thousands of security alerts per day down to an average of twenty events per day that required action.

Scott Goodhart, CISO AES Corporation – The AES team was able to rapidly recognize the threat posed to AES by advanced targeted attacks and over a nine month period demonstrate an approach to detect and mitigate those attacks, demonstrating avoidance of over$10M in incident impact and response costs. In addition to being able to demonstrate to management both the need and the benefit, they also were able to rapidly implement the solution in a complex organizational environment.

Michele D. Guel, Distinguished Engineer, Cisco – Michele lead the development and implementation of Cisco’s Security Knowledge Empowerment (SKE) program that produced tremendous gains ensuring continuous adoption of security into the DNA of all areas of Cisco’s operations.

Mike Knight, Naval Network Warfare Command (NNWC) (NETWARCOM) – Mike was instrumental in making the DoD 8570 implementation produce meaningful results in increasing the skills of those getting 8570 certification.

Heather Mahalik, SANS Institute DFIR Instructor Team – Heather played a key role in revitalizing mobile forensics training. She also spent her free time teaching workshops at the CyberJutsu Women in Tech group, and even participated in the Cyber Girls outreach training, ensuring middle school and high school girls would have the confidence to pursue whatever profession they so desire.

Cindy Murphy, SANS Institute DFIR Instructor Team – Cindy also played a key role in developing SANS’ groundbreaking mobile forensics training course. She also volunteered much of her time to provide guidance and mentoring to cybersecurity investigators in the Law Enforcement community, as well as serving as a mentor for new SANS instructors.

Laks Prabhala, CISO, US Department of Justice Office of Justice Programs – Laks has been the driving force behind the OJP’s Next Generation Security implementation and their Secure Cloud initiative. He quickly pulled together a cross-department team that focused on the Critical Security Controls to define the OJP “Secure Cloud Initiative” and focused on early wins to demonstrated immediate security improvement.

Scholarships for Women Studying Information Security, Applied Computer Associates (ACSA) and HP ACSA, a non-profit organization, founded the SWSIS program in 2011 to help address the shortage of skilled people in the cybersecurity field and with a special focus on encouraging young women to consider careers in security. In 2014, with funding from HP, the SWSIS program has awarded scholarships to 11 young women.

Tyler Williams, ICS Solution Manager, Shell – Tyler was the leading force in the development of the Process Control Design and IT Security Domain Competency Guidelines that defined the specific security skill areas needed in Industrial Control System environments. Tyler chaired the broad industry consortium that turned this into the basic for the Global Industrial Cyber Security Professional (GICSP) certification.

To learn more about the SANS Difference Makers Award winners, please visit: