SANS Honors People Who Made a Difference in Cybersecurity in 2013

BETHESDA, Md., Dec. 17, 2013 /PRNewswire-USNewswire/ -- SANS Institute is pleased to announce the People Who Made a Difference in Cybersecurity 2013 Award winners. Award recipients were announced December 16^th at the SANS Cyber Defense Initiative (CDI) training event in Washington, D.C. The award recognizes security practitioners that are making breakthroughs in advancing cyber security.  

Nominees for the SANS 2013 People Who Made a Difference in Cybersecurity Awards were submitted by the SANS community. This year's award winners include individuals, teams, and groups who implemented security processes or technology in 2013 that resulted in meaningful and measurable advances in security. The nominations were evaluated by a team from SANS, and the awards were presented by SANS Founder, Alan Paller and John Pescatore, SANS Director of Emerging Security Trends.

SANS 2013 People Who Made a Difference in Cybersecurity Award winners include:

• Erica Borggren, Illinois Department of Veterans' Affairs 

Award-winning initiative: Erica Borggren is Director of the Illinois Department of Veterans' Affairs She has provided tireless effort, leadership and expertise to security career training work with Veterans in Illinois. Thanks to Erica, tremendous progress was made in figuring out what works/doesn't work with this constituency.

• Todd Boudreau, US ARMY

Award-winning initiative: Beginning in late 2007 CW5 Todd Boudreau of the Office Chief of Signal began redesigning the Army Signal warrant officer structure to enable establishment of four new key cyber roles: the Army's Expert Cyberspace Content Technician (255A), the Army's Expert Cyberspace Network Management Technician (255N), the Army's Expert Cyberspace Defense Technician (255S), and the Army's Senior Cyberspace Network Operations Technician (255Z). Since then, the Army has graduated over 100 Warrant Officers through an advanced training project to develop people to fill those roles. The SIGCoE is now in the process of jumpstarting the new 26 Charlie Cyber Warrior training for O-grade Officers.

• Mandy Galante, Red Bank Regional High School

Award-winning initiative: Mandy Galante is a NJ-based high school teacher who inspires her students to build their cyber security skills and compete in various challenges. Her students have done really well in the Cyber Aces OnLine competitions. She even competes alongside them to encourage them.

• The Global Industrial Cyber Security Professional (GICSP) Team – Tyler Williams, Auke Huistra, Markus Braendle, Graham Speake, Doug Wylie, Tim Conway and Derek Harp

Award-winning initiative: This team of people drove a collaborative effort with GIAC to develop a unique, practitioner-focused industrial control system security skills certification program – the Global Industrial Controls Systems Practitioner certification. The GICSP is the newest certification in the GIAC family and focuses on the foundational knowledge of securing critical infrastructure assets. The GICSP bridges together IT, engineering and cyber security to achieve security for industrial control systems from design through retirement.

• Jeff Hanson, Damascus High School

Award-winning initiative: Jeffrey Hanson is a MD-based high school teacher who provided tremendous input and expertise for refining the Cyber Foundations competitions, which grew into Cyber Aces OnLine.

• Peter Kaplan, Federal Trade Commission

Award-winning initiative The FTC is an independent agency founded in 1914. It seems like regardless of who is president or what the state of the economy is, the FTC stays focused on its mission of consumer protection and in particular, going after companies that don't protect their customers' information. The FTC doesn't seem to need new laws or more money, it just keeps fighting for its customers.

• Major TJ O'Connor, The United States Military Academy at West Point

Award-winning initiative: Maj. O'Connor built a cyber capability in his team that set the standard for his entire organization. He used the existing Information Assurance (IA) roles in order to have the bodies, and then provided training for them to have a capability way beyond a normal IA type team. He really did create one of the first Cyber Guardian teams, and showed other companies how to do it. He has become the go-to advisor to senior leaders who need help thinking about the skills needed for world class cybersecurity teams.

• Mike Qaissaunee, Brookdale Community College

Award-winning initiative: Mike Qaissaunee has been a tremendous force in recruiting students, encouraging them as they go through the Cyber Aces program, and dealing with a lot of the administrative burden associated with grant applications and fulfillment.

• Alex Ruiz, DHS ICE Social Engineering Training Effort

Award-winning initiative: Alex Ruiz led the Immigration and Customs Enforcement (ICE) Social Engineering Training (ISET) Program to provide evaluation and improvement of the operational security posture of ICE personnel. The ISET evaluations assist ICE in understanding the exposure to social engineering threat vectors by evaluating ICE personnel's ability to identify a social engineering attack and report the incident once it has been identified. The ISET team developed a multiphase approach to ensure awareness of social engineering, phishing, and the importance of safeguarding Personally Identifiable Information (PII).

• Jonathan Trull, State of Colorado, Governor's Office of Information Technology

Award-winning initiative: Jonathan Trull had worked in the Colorado Office of the State Auditor for a decade. As the Deputy State Auditor, he was responsible for overseeing annual audits of the state's systems and kept seeing the same security mistakes uncovered by audits every year. He took over as Chief Information Security Office for the state of Colorado in 2012, starting with a miniscule budget. He quickly pulled together a cross-industry team and put together the "Secure Colorado" plan that focused on the Critical Security Controls and some early quick wins to drive measurable improvements in the security of the State of Colorado's information systems.

• Larry Wilson, University of Massachusetts

Award-winning initiative Larry Wilson is the CISO of the University of Massachusetts. He was brought in after UMASS had serious data breach. Larry focused on moving (UMASS) from a compliance-first approach to a security-first approach. He used the Critical Security Controls to focus on preventing attacks and stayed with ISO 27001 for the management controls, driving UMASS to higher levels of security without impacting compliance. Larry has also supported a consortium of New England universities in making similar advances in security.

• Melanie Woodruff, Experian

Award-winning initiative: Over five years ago, Experian began the initiative to integrate application security testing into the development process of all applications, worldwide. Melanie leads the program, called SecureCORE, and has grown the program to now cover all Experian developed products, whether developed for internal use or for a third party. Her program has educated 3,000 developers across the enterprise and has increased the number of developers participating in the program year over year and number of applications scanned.

• Jack Nichelson, GrafTech International

Honorable Mention: Jack Nichelson identified that GrafTech's biggest productive loss was from Java based malware infections. By leveraging Microsoft App-V they were able to virtualize Java for accessing Java content. They were then able to remove Java from 90% of their workstations and for the remaining 10% that still had a need for Java to run locally they ensured that Java was disabled in the main browser. This lowered their malware infection rate by 60% and lowered the number of systems that required re-imaging by 80%.

To learn more about the SANS People Who Made a Difference in Security in 2013 Awards, please visit: http://www.sans.org/info/146545

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)     

SOURCE SANS Institute