SANS Institute, the global leader in cyber security training and certifications, today announced the winners of the SANS 2019 Difference Makers Awards. This prestigious annual awards program honors individuals, teams and groups from within the SANS community who have made a difference in security. Through their implementation of security processes or technology, each person has demonstrated meaningful and measurable advances in security.

"The 2019 winners are a very diverse group that have made real progress in increasing cyber security levels in a number of key areas," said John Pescatore, SANS Director of Emerging Security Trends. "The Difference Makers range from a CEO to a high school teacher. The progress includes increasing diversity in the cyber security workforce, fighting fake account creation and implementing many areas of the Critical Security Controls, to name just a few."

Winners will be honored during an awards luncheon on Monday, December 16, at the SANS Cyber Defense Initiative® 2019 training event in Washington D.C. The SANS 2019 Difference Makers Award winners include:

Conor Callahan, Technical Lead, Platform & Infrastructure, Zoosk
Callahan and team put forth a successful effort to stop fake account creation and account take overs. In so doing, they helped put a stop to associated fraud and scams like the "romance" scam, which costs, on average, $12,000 per scam.

Jason Gray, CIO, US Department of Education
Dorothy Aronson, CIO, National Science Foundation
Doc McConnell, Office of the Federal Chief Information Officer, Office of Management and Budget
Trey Kennedy, Office of the Chief Information Officer, U.S. Department of Justice
Through a strategic partnership between the U.S. Department of Education, the National Science Foundation, the Office of Management and Budget, the U.S. Department of Justice, and the CIO Council, with leadership by US Federal CISO Suzette Kent, the first-ever Federal Cyber Reskilling Academy (FCRA) was created to offer Federal employees hands-on training in cyber security. Launched in November 2018, this program demonstrates the ability to reskill employees into cyber security professionals by identifying hidden internal talent – specifically employees who had no formal IT training or work experience. This program provides a model for the rest of government and for large industrial organizations, and has already served, in part, as the model for a large-scale cyber talent development program being launched in Canada.

Jose María Labernia, Head of IT Security & Internal Control, LafargeHolcim IT EMEA
Labernia was instrumental in helping redefine LafargeHolcim's vulnerability management program through such efforts as the introduction of newly defined key performance indicators (KPIs). As a result, rather than report thousands of vulnerabilities to senior management, the number is significantly scaled down. Senior leaders' sponsorship to resources allocation and the organization's security posture have improved.

Victor Givers, Founder, GDI.Foundation
Givers has been a driving force behind the GDI.Foundation, an international non-profit organization. GDI's mission is to protect the Internet by trying to make it safer for users, and to prevent and mitigate digital abuse. Members focus on responsible disclosures and assist anywhere in times of need. Givers has more than 5,000 responsible disclosures on his name and is progressing internet safety in The Netherlands, and worldwide.

Jamie Graves, Senior Cyber Security Training Analyst, BlueCross BlueShield of Louisiana
Graves took compliance-focused, annual training to a robust awareness program with measurable metrics that focuses on long-term sustainment and culture change. He also created an Ambassador Program to further advance security awareness programs throughout the state.

Mark R. Estep, Teacher, Poolesville High School, Poolesville MD (MCPS)
Estep was awarded a Maryland Governor's Citation for his work in developing a cyber-workforce of tomorrow. His efforts have helped students gain national recognition at cyber security competitions and earn many scholarships.

Steffanie A.K Schilling, Information Technology Marketing & Communications, Program Lead for Cyber Security Awareness, Steris
Schilling designed and implemented a measurably effective Cyber Security Awareness program for Steris. This program covers 12,000+ employees in more than 30 countries.

Sherrie Caltagirone, Founder and Executive Director, Global Emancipation Network
Caltagirone has dedicated herself to creating new solutions to end human trafficking. Included among her many efforts is the use of cyber data to identify human trafficking victims around the world.

Eric Zimmerman, former FBI Special Agent and SANS Instructor
Zimmermanhas written more than 20 open source and free digital forensics utilities and DFIR tools throughout the past three years. These tools provide rapid and accurate capabilities that match or exceed many commercial products. Zimmerman's efforts in developing and supporting these tools have enabled many enterprises to increase the efficiency and effectiveness of their cyber security operations.

Sylvia Acevedo, CEO of the Girl Scouts
Acevedo helps fuel the pipeline of female leadership, STEM leadership and entrepreneurship in Birmingham. As part of this effort, Girl Scouts of the USA has unveiled several new program badges and goals, most of which involve STEM and the outdoors.

Neal Richardson, CISO-Director of Technology, Hillsboro-Deering School District, New Hampshire
Richardson successfully implemented the CIS Controls Implementation Group 1 (IG1) across his network and brought the school district into compliance with New Hampshire's student privacy law.

Lieutenant Colonel Shane F. Liptak (Retired), U.S. Army
LTC Liptak helped create the training program for the Army 255S "Information Protection Technician" military occupational specialty (MOS). This program literally launched the Army into Cyberspace and helped make Fort Gordon the cyber hub of the Army.

Jefferson Gilkeson, Director of Information Technology Audit, U.S. Department of the Interior
Gilkeson was a driving force in increasing the effectiveness of cyber security audits that are typically performed by Inspectors General (IG) in the US Government. He actively advocates these advancements to IG special interest groups so other auditors can achieve similar success.

To learn more about the SANS Difference Makers Awards, and the 2019 winners, visit:
https://www.sans.org/cyber-innovation-awards

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)