Trust & Transparency Awards

The Trust & Transparency Awards highlight people and organizations within the security industry that emulate trust and transparency.

Meet the Award Winners!

Each winner was chosen based on criteria that promoted overall trust and transparency in the cybersecurity industry, whether through the creation and design of products, pushing for equitable pay and hiring, or educating about the need for transparency in the cybersecurity industry at large.


Award Winner

Devon Bryan

Devon Bryan, Managing Director, Chief Information Security Officer at MUFG Union Bank, was selected for his founding of the International Consortium of Minority Cybersecurity Professionals (ICMCP) a non-profit dedicated to increasing diversity in the field of cybersecurity by funding scholarship opportunities.

Learn More

I’ve had the pleasure and honor to work with Devon Bryon for over a decade in different roles and his commitment to openly sharing information on cybersecurity IOCs, practices, and leadership techniques has been instrumental for many cybersecurity professionals in multiple sectors. Devon is a CISO that all cybersecurity professionals look up to and benefit from his wisdom.

Jim Routh CISO, MassMutual

Award Winner

Rob Joyce

Rob Joyce, Senior Advisor to the Director for Cybersecurity Strategy, NSA, was selected for his public presentations beginning with his 2016 USENIX presentation on Disrupting Nation State Hackers.

Learn More

I am thankful for the recognition. Trust and transparency in security is indeed important. NSA has made a determined effort to talk more about what we do and why we do it, even if specific aspects of how we conduct our missions still need to be protected. We understand transparency is a key element in earning trust.

Rob Joyce Senior Advisor to the Director for Cybersecurity Strategy, NSA

Award Winner

Olav Lysne

Olav Lysne, a director of Simula Metropolitan, and professor of Communication Systems at the Oslo Metropolitan University, was selected for his book, The Huawei and Snowden Questions: Can Electronic Equipment from Untrusted Vendors be Verified?

Learn More

Security cannot be viewed in isolation; a single organization has little influence over the motivations and controls of others. A weakness at any point in the supply chain can have a devastating effect on a downstream organization. Olav Lysne’s book, “The Huawei and Snowden Questions”, raises visibility to the risk presented by solutions for which trust is difficult or impossible to verify. Only through greater transparency can this trust be established.

Dan Geer Senior Fellow, In-Q-Tel

Award Winner

Anne Neuberger

Anne Neuberger, Director, Cybersecurity Directorate, NSA, was selected for leading an agency push to be more transparent and shedding some of the NSA's secretive reputation.

Learn More

It's been my wonderful pleasure to have known Anne Neuberger for many years - and to recognize first-hand her amazing contributions to our nation's global cybersecurity posture. Anne has been a great symbol of transparency in working so closely with industry leaders to improve sharing, to optimize communication, and to bridge the gap between our nation's intelligence community and the rest of our society.

Dr. Edward Amoroso CEO, TAG Cyber

Award Winner

MITRE Corporation

The MITRE Corporation was selected for its ATT&CK Framework, a comprehensive matrix of tactics and techniques used by threat hunters, red teamers, and defenders to better classify attacks and assess an organization's risk.

Learn More

The ability for people and organizations to maintain control over their private information is under constant threats from sophisticated groups of hackers, including nation-states. The MITRE ATT&CK Framework provides organizations with visibility to the tactics, techniques, and procedures used by criminal organizations to steal confidential information on citizens and organizations. By providing this information in a transparent and open forum, MITRE and its sponsors help organizations protect the privacy of all of us, the intellectual property of organizations, and the security of governments worldwide.

Dr. Ann Cavoukian Executive Director, Global Privacy & Security, Design Centre

Meet the Judges

Dr. Ed Amoroso

Dr. Ed Amoroso is currently Chief Executive Officer of TAG Cyber LLC, a global cyber security advisory, training, consulting, and media services company supporting hundreds of companies across the world. Ed recently retired from AT&T after thirty-one years of service, beginning in Unix security R&D at Bell Labs and culminating as Senior Vice President and Chief Security Officer of AT&T from 2004 to 2016.

Ed has been Adjunct Professor of Computer Science at the Stevens Institute of Technology for the past twenty-seven years, where he has introduced nearly two thousand graduate students to the topic of information security. He is also affiliated with the Tandon School of Engineering at NYU as a Research Professor, and the Applied Physics Laboratory at Johns Hopkins University as a senior advisor. He is author of six books on cyber security and dozens of major research and technical papers and articles in peer-reviewed and major publications.

Ed holds the BS degree in physics from Dickinson College, the MS/PhD degrees in Computer Science from the Stevens Institute of Technology, and is a graduate of the Columbia Business School. He holds ten patents in the area of cyber security and media technology and he has served as a Member of the Board of Directors for M&T Bank, as well as on the NSA Advisory Board (NSAAB). Ed’s work has been highlighted on CNN, the New York Times, and the Wall Street Journal. He has worked directly with four Presidential administrations on issues related to national security, critical infrastructure protection, and cyber policy.

Dr. Ann Cavoukian

Dr. Ann Cavoukian is recognized as one of the world’s leading privacy experts. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices, thereby achieving the strongest protection possible. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by Design as an International Standard. Since then, PbD has been translated into 40 languages! In 2018, PbD was included in a sweeping new law in the EU: the General Data Protection Regulation.

Dr. Cavoukian is now the Executive Director of the Global Privacy & Security by Design Centre. She is also a Senior Fellow of the Ted Rogers Leadership Centre at Ryerson University, and a Faculty Fellow of the Center for Law, Science & Innovation at the Sandra Day O’Connor College of Law at Arizona State University.

Edna Conway

Edna Conway currently serves as Vice President of Global Security, Risk & Compliance for Microsoft’s Azure Platform. She is responsible for the security, resiliency and governance of the cloud infrastructure and supply chain upon which Microsoft’s Intelligent Cloud business operates. She has built new organizations delivering trust, transparency, cybersecurity, compliance, risk management, sustainability and value chain transformation.

Prior to joining Microsoft, Conway served as Cisco’s Chief Security Officer, Global Value Chain, driving a comprehensive security architecture across Cisco’s third-party ecosystem.

She is recognized domestically (U.S. Presidential Commissions) and globally (NATO) as the developer of architectures delivering value chain security, sustainability and resiliency. Conway was appointed to the Executive Committee of the U.S. Department of Homeland Security Task Force on ICT Supply Chain Risk Management. Her insight is featured in a range of publications, analyst reports, and case studies, including Forbes, Fortune, Bloomberg, CIO Magazine and the Wall Street Journal and she currently serves on the board of directors and the executive advisory boards of several companies.

Recognition of her industry leadership includes membership in the Fortune Most Powerful Women community, and awards including: Top 50 Women Leaders in SaaS (#5 – The Software Report 2020), Who’s Who in Cybersecurity (Onalytica 2020), Fed 100 Award, Stevie Maverick of the Year Award, CSO of the Year Award at RSA, Machine to Machine and IOT Trailblazer Award (Connected World Magazine), Reboot Leadership Award (SC Media), Columbia University’s Barnard College Distinguished Alumna Award 2019 and New Hampshire TechProfessional of the Year 2018 Award

Prior to Microsoft and Cisco, Conway was a partner in an international private legal practice and served as Assistant Attorney General for the State of New Hampshire. She holds an AB from Columbia University, a law degree from the University of Virginia and additional credentials from MIT and Stanford, Carnegie Mellon and New York Universities.

Dan Geer

Dan Geer is a Senior Fellow at In-Q-Tel, not-for-profit venture capital firm that invests in technology to support the Central Intelligence Agency. Dan is also a pioneer in cybersecurity. Starting in the 1980’s, he was a key contributor to the development of the X Window System as well as the Kerberos authentication protocol while a member of the Athena Project at MIT. In the 1990’s, Geer created the first information security consulting firm on Wall Street, organized the first academic conferences on mobile computing (1993) and electronic commerce (1995). His 1998 speech, “Risk Management Is Where the Money Is,” changed the focus of security from one of ensuring trust to evaluating risk.

In recent years, Geer has gained additional recognition for his 2003 paper on the national security risks of Microsoft’s dominance in desktop operating systems: "CyberInsecurity: The Cost of Monopoly". He cofounded SecurityMetrics.Org in 2004, convened MetriCon in 2006 and is the author of several books and book chapters including "Economics & Strategies of Data Security," and "Cybersecurity & National Policy." He also created the Index of Cyber Security in 2011 and the Cyber Security Decision Market in 2012.

Geer was awarded the Lifetime Achievement Award from the USENIX Association in 2011, entered the Cybersecurity Hall of Fame in 2016, and the ISSA Hall of Fame in 2019. He has testified before Congress five times, helped launch six companies, and has consulted with numerous startups and their investors. He is a 1972 graduate of MIT with a Bachelors of Science in Electrical Engineering and Computer Science, as well as a 1988 Harvard graduate where he received his Doctor of Science (Sc.D) in biostatics.

Jim Routh

Jim Routh is the Head of Enterprise Cyber Security for MassMutual in Boston.

Mr. Routh was formerly a security leader for many large companies including: CVS Health, Aetna, JP Morgan Chase, KPMG, DTCC and American Express. At Aetna, he developed one of the most mature converged security programs in the private sector.

He serves as a board member and advisory board member for several companies including: University of California Berkeley Center for Long Term Security, Clear Sky Advisory Board, Cyber Starts Advisory Board and the Global Cyber Alliance. He is the former Chair of the Health Information Sharing & Analysis Center (H-ISAC) and former board member of the FS-ISAC. He serves on the board of Acceptto and ZeroNorth.

Mr. Routh has been recognized by many industry awards for Cyber Security Leadership (CSO Hall of Fame, Shared Assessments Lifetime Achievement Award, SINET Impact Award and others). He regularly publishes articles on innovative practices and capabilities to improve enterprise resilience across industries.

Frequently Asked Questions

Trust & Transparency Awards FAQs

What are the Trust & Transparency Awards?

The SecurityScorecard Trust and Transparency Awards honor people and organizations that have demonstrated a commitment to operate in a fully open manner with their customers, partners, and employees.

How were the award winners chosen?

Each winner was chosen by the judges based on criteria that includes whether the individual or organization designed products that limited the collection of user data and were transparent and free from bias on how data is stored and used; if they responded to an incident in a transparent and ethical manner; if they published salary information and criteria for setting compensation rates; and made solid, clear attempts at educating about the need for trust and transparency in the cybersecurity industry at large.

Do the judges receive anything for their participation?

In return for the judge’s participation, SecurityScorecard will make a donation to a STEM charity of their choice. Each of the five winners above will have the option to serve as judges for the awards in 2021 and will then be afforded a donation to a STEM charity of their choice.

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!