Thousands of attendees joined virtually on April 21, 2022, from across the globe to attend dozens of sessions to learn about MITRE ATT&CK, purple teaming, the future of AI, evidence-based security, how to be happy, and more. And we added a new segment — Purple Hats Customer Awards — to honor the experts who put threat-informed defense into practice and make a difference in the cybersecurity community.
This year’s awards were judged by Ronald Eddings and Chris Cochran of Hacker Valley Media, Allan Alford, CISO at TrustMAPP, and Lori Reynolds, former Lieutenant General of the US Marine Corps.
We were thrilled to celebrate the winners live during the Purple Hats event, and here we give you a recap. Congratulations to the finalists and winners! You can also watch the entire Purple Hats 2022 Conference on YouTube here.
Thought Leadership Award: Cybersecurity Trailblazer
This award recognizes an innovative cybersecurity leader (CTO, CISO or VP-level) who has delivered a threat-informed defense strategy in their company and across the community through publications, speaking at industry events, or by making other public contributions to help further the practice of a threat-informed defense.
Winner: Christopher Frenz AVP, IT Security at Mount Sinai South Nassau
Under Christopher’s leadership, the hospital had been one of the first in the country to embrace a zero-trust model for network security. Christopher has also played a role in pushing for the adoption of improved security standards within hospitals and is the author of the OWASP Secure Medical Device Deployment Standard as well as the OWASP Anti-Ransomware Guide. Frenz holds the CISSP, CISA, CISM, HCISPP, CIPP/ US, CIPT, CIPM, and CCSK security credentials and was inducted as a Fellow of Information Privacy by the International Association of Privacy Professionals.
For more on Christopher Frenz and adopting a threat-informed defense, check out his episode on the Think Bad Do, Good Podcast here.
Finalist: Uma Mahesh Reddy CISO at Prime Healthcare Services
Entrepreneur and Intrapreneur at heart, Uma Mahesh Reddy is an experienced CISO and IT leader with a demonstrated history of working in the software and healthcare industry. His goal is to lead the enterprises’ cyber security program to a greater maturity with improved results and enhance organization risk management program that is focused and aligned to organizations success in a cost-effective way. He has saved hundreds of millions of dollars in contract negotiations and operational efficiencies. He is skilled in Healthcare Information Technology (HIT), Security, Management, Business Strategy, Vendor Management, Software development. Mr. Reddy is a strong information technology professional with Master’s in Information Technology (Security) degree from Central Queensland University, Melbourne Campus. He also built and sold two products (Tele-Medicine platform and Secure texting).
For more on Uma Mahesh Reddy and adopting a threat-informed defense with AttackIQ Vanguard, check out his Think Bad, Do Good podcast here.
Finalist: Nathan Morelli, Head of Cyber Security and IT Resilience
Nathan Morelli is the Head of Cyber Security and IT Resilience at SA Power Networks. As a member of the IT Leadership Team at SA Power Networks, he is responsible for leading the capability responsible for protecting the reliability and integrity of SA Power Networks systems through the delivery of the following;
For more on Nathan Morelli and SA Power Networks, check out the AttackIQ case study here.
Team Transformer Award: The Purple Team Transformer
This award celebrates a team that has leveraged the MITRE ATT&CK framework and AttackIQ Security Optimization platform to improve their cybersecurity effectiveness. They use data to adjust their security programs and create a purple team construct to improve their team’s overall cyberdefense posture.
Bupa is an international healthcare company, serving over 38 million customers across the world and employing 84,000 people. Bupa’s businesses operate in both health insurance and health provision (which includes dental care, outpatient clinics, hospitals, GP services, digital healthcare and aged care).
Bupa uses the MITRE ATT&CK framework to create a threat informed defense strategy. “To keep up with the onslaught of new attacks, security programs must evolve from reactive and siloed to proactive and collaborative.” – Paul Haywood, CISO of Bupa.
Finalist: General Electric
General Electric (GE) is a multinational corporation that has been built on the legacy of innovation. Through their mission statement of “building a world that works,” GE has long been a leader in Power, Renewable Energy, Aviation and Healthcare. Today, GE also leads in delivering solutions across Additive Manufacturing, materials science and data analytics.
GE’s detection framework largely requires that custom content adhere to MITRE ATT&CK as best it can. Meaning, when analysts author new detections, they pair them with the most closely matching tactics and techniques so that these detections can be correlated, suspicious activity can be identified, and incidents can be studied.
Best Citizen Award: Cybersecurity Community Builder
This award is for an individual that is committed to serving our cybersecurity workforce, from bringing in new training programs to supporting leadership development to make cybersecurity a more inclusive and equitable field.
Winner: Neal Bridges, Chief Information Security Officer, Query.AI
Neal Bridges is a cybersecurity professional with over 20 years of experience in information technology and security. Over his career, Neal has exceeded in the strategic, operational, and tactical arenas of cybersecurity.
His work building security teams at multiple Fortune 100 companies has highlighted his versatility in, not only providing offensive capabilities, but being able to transform that knowledge into an effective detection, response, and threat hunting strategy for a Fortune 135 (2017) and Fortune 117 (2021) company.
He has developed, implemented, and executed a global Incident Response capability, successfully developed a robust M&A strategy for pre-and-post day one cyber threat hunting and assessment capabilities to identify any potential risk and quickly develop mitigation and/or remediation strategies.
Neal consults with organizations regularly applying his experience in diverse, large-scale enterprise environments. Experienced in making strategic level decisions to achieve tactical level objectives in arenas ranging from Department of Defense to the commercial sector and is an industry leader in bringing adversary tactics to the operation execution of penetration testers through North America.
Finalist: David Das Neves, Head of Computing, Director, MMS
David Das Neves is the Head of Computing at Media Markt Saturn, focusing on the Global IT Platforms with an overall number of 7 teams, 40 engineers and architects, and 9 IT Country managers. As a seasoned engineer and influencer, David drives the strategic initiatives at MMS and redefining the company-wide IT-Platform strategy. Typical initiatives are the Engineering Community, the Engineering Board, the MMS Tech Radar, and many more.
Finalist: Sylvia Worlali Azumah, PhD Student, University of Cincinnati
Focused M.S Information Technology student currently attending University of Cincinnati, with 2+ years of work experience in the field of IT. Her goal is to acquire hands on experience and knowledge in Cyber threat Intelligence, Machine learning, IoT Security, Project Management , Criminal Justice and Digital Forensics. Her current research is geared towards creating an anomaly detection model for IoT security on a regular PC and on a Cloud system. She is passionate about volunteering, especially teaching high school students and females Python. Sylvia also serves as the Director of Community Engagement at APNET (African Professional Networking).
Again, congrats to our winners and our nominees for our first inaugural Purple Hats customer awards. Hats off to you!
For those of you who missed out on Purple Hats fun, catch the on-demand content on YouTube for free.
Stay tuned for Purple Hats 2023!