Congratulations to the following security professionals recognized for their outstanding contributions to the cybersecurity industry. The annual (ISC)² awards honor exceptional practitioners for their commitment to a safer cyber world for one and all. Each will be honored at next month’s (ISC)2  Security Congress in Las Vegas.

(ISC)² Senior Professional Award

Recognizing individuals who have significantly contributed to the enhancement of the information security workforce by demonstrating a leadership role in an information security workforce improvement initiative, program or project. The 2022 honorees:

Americas:

Shawn Harris, CCSP, CISSP, CISSP-ISSAP, Senior Director of Information Security and Compliance, Chipotle Mexican Grill

For his involvement in the development and implementation of the Cloud Controls Matrix (CCM), a cybersecurity control framework for cloud computing aligned to the Cloud Security Alliance best practices, considered the de facto standard for cloud security and privacy.

APAC:

Chou Yen Ju, CCSP, CISSP, Chief Information Security Officer, OneDegree Hong Kong Limited

For his role in developing the Digital Asset Risk Assessment, a methodology to help the insurance industry better manage escalating cyber risks.

The methodology contributed by this project has been reviewed and approved by the Hong Kong Insurance Authority. An insurer/reinsurer can provide insurance coverage to the industry based on this methodology.

OneDegree is the first insurer in APAC and the second insurer in the world that provides digital asset exchanges, custodians, and wallet solution providers the insurance coverage. The project helps the industry with the best practice to manage the escalating cyber risk. Chou Yen Ju led a task force to contribute the Digital Asset Risk Assessment methodology to the underwriting, which realizes Chou Yen Ju’s vision of reducing the knowledge gap between the underwriters and cyber professions. The methodology can evaluate the digital asset’s risk and provide the clients the best practice to manage the risk with the insurance coverage.

EMEA:

Ali Isikli, CCSP, CISSP, Systems Security Engineering Manager, ASELSAN Inc.

For founding the ASELSAN Cyber Security Team to oversee customer, internal development and management efforts to assess, identify and evaluate the cybersecurity maturation of systems. The initiative is said to have impacted more than 10,000 people tied to Turkey’s defense industry.

(ISC)² Mid-Career Professional Award

Recognizing individuals at their mid-career stage who have demonstrated commitment and achievement in managing or implementing a vital component of a cyber, information, software or infrastructure program/project. The 2022 honorees:

Americas:

Benjamin T. Koshy, CISSP, Chief Information Security Officer, Indian Health Service

For expanding the utility of Indian Health Service’s security information and event management (SIEM) system, which was previously only used to gather a small subset of security logs from information systems for use in incident response. This enabled Indian Health Service to not only satisfy the cybersecurity logging requirements but also provide the service analytics to enhance the IHS mission objective.

APAC:

Shakthi Priya Kathirvelu, CISSP, VP and Head of Information Security and IT, Funding Societies | Modalku Group

For her efforts to build out and lead a dedicated information security team developing a digital financing and debt investment platform for Southeast Asian small and mid-sized enterprises. She’s also recognized for expanding into a leading neobank to provide a secure customer experience, while ensuring regulatory compliance in the countries the business operates in. In addition to contributing to fundraising for the organization, her efforts have also helped secure corporate resources during a period of significant growth for the organization.

EMEA:

Lucy Prudence Shenton, CISSP, Expert Associate Partner, McKinsey & Company

For her role in building a cybersecurity roadmap for a large, global financial institution. Lucy led the strategic vision and secured a multi-million-dollar, board-level commitment to drive maximum impact—and data security—for all internal and external customers.

The program continued with a deep dive architectural design into improving user experience and strengthening the security of the organization’s identity and access management (IAM) capabilities as well as implementing a proof-of-concept of its Zero Trust identity architecture. In the end, this program not only helped to secure and protect enterprise-wide data, it also resulted in a differentiator for the organization by envisioning a streamlined identity and access management process for its millions of external customers and internal users.