Alan Paller, Center for Internet Security (CIS) co-founder, former CIS Board member, and founder of the SANS Institute and SANS Technology Institute—the nation's first regionally accredited specialized cybersecurity college and graduate school—was well-known within the cybersecurity industry for building the cyber talent pipeline. He is also credited with driving change in the public and private sectors to adopt security controls that would result in near-term and quantifiable improvements in cybersecurity resiliency.
Paller’s influence on the cybersecurity industry is vast and multi-threaded. His ideas and work were audacious—yet pragmatic, high-tech—yet propelled by human touch, and business-driven—yet visionary and inspiring.
In recognition of Paller’s legacy, and in particular, his role as a CIS co-founder and Board member, we honor his memory through the Alan Paller Laureate Program. The Alan Paller Laureate Program will award up to $250,000 annually to eligible organizations, academic institutions, or individuals whose pilot projects, proofs of concept, or existing programs are aligned with the outlined program objectives and requirements and will be selected through an annual competitive application process. Administration or overhead costs will not be permitted as part of the funding.
This program is intended to empower U.S.-based nonprofit organizations, academic institutions, and individuals who are focused on improving cybersecurity by: making cybersecurity controls demonstrably more effective, simpler, and more automated; developing and equipping highly skilled cyber experts, and improving the teaching of cyber defense at every level.
CIS seeks to fund a diverse set of projects that are focused on improving cybersecurity by:
For the 2025 cycle the Board offers the following specific areas of emphasis for proposals intended to address the Preferred Project Areas.
The Alan Paller Laureate Program Board of Directors will evaluate proposals based on factors that include:
Project Description:
Purdue’s cyberTAP team is delivering cybersecurity advisory services to 25 rural electric cooperatives in Indiana. Each cooperative receives 12 months of support, including risk assessments, vulnerability scans, policy development coaching, and incident response planning—all guided by CIS Controls v8.1. The project will also open-source its methodologies for replication nationwide.
Expected Outcomes or Goals:
Conduct cybersecurity assessments for 25 cooperatives
Deliver strategic vCISO services and CIS Controls implementation
Share tools and templates with at least 10 other technical assistance programs
Build internal capacity for long-term cybersecurity management
Reduce vulnerability and improve grid resilience
Project Impact or Significance:
Rural cooperatives are essential to powering underserved communities but often lack cybersecurity resources. This project strengthens infrastructure security where it’s most needed and creates a scalable model for other states to follow. By using the CIS Controls and sharing its approach openly, Purdue’s cyberTAP program drives national impact while protecting critical systems.
Project Description:
WiCyS expanded its tiered cybersecurity training program to include CIS Controls education and GCCC certification for 25 specially selected women. Participants receive mentorship, career coaching, and scholarships to attend the annual WiCyS Conference for networking and job placement.
Expected Outcomes or Goals:
Identify and upskill 25 high-potential women
Provide hands-on training and certification in CIS Controls
Achieve 100% job placement within 12 months for Tier 4 and 5 graduates
Promote adoption of CIS Controls across the workforce
Foster community and long-term career empowerment
Project Impact or Significance:
This initiative addresses the cybersecurity workforce shortage and gender gap by transforming hidden talent into certified professionals. By integrating CIS Controls into a proven training model, WiCyS prepares participants for employment and equips them to strengthen cybersecurity hygiene in their future roles.
Project Description:
This Los Angeles-based initiative launched a pilot program to measurably improve the cybersecurity practices of 50 small and mid-sized organizations. The program is built around Implementation Group 1 (IG1) of the CIS Critical Security Controls® and integrates resources from the Cyber Readiness Institute and Sightline Security’s Kickstart program. The goal is to create a scalable model that can be extended throughout the greater Los Angeles region.
Progress So Far:
Established and trained a core team of 18 volunteers and staff using CRI’s Cyber Coach Program
Designed and launched six-month pilot programs for both SMBs and IT/MSPs
Recruited initial cohorts of 10 SMBs and multiple MSPs
Attended promotional events and built support infrastructure including databases, registration systems, legal agreements, and marketing materials
Developed a sponsorship program and began designing a post-pilot Continuing Cyber-Education Program
Expected Outcomes or Goals:
Improve cybersecurity hygiene for 50 organizations
Build a replicable model for regional expansion
Empower IT service providers with CIS Controls-based training
Create long-term educational and support systems for small businesses
Reduce cybersecurity disparities by offering free, high-impact resources
Project Impact or Significance:
This program is a game-changer for small businesses in Los Angeles, many of which lack the resources for commercial cybersecurity solutions. By offering free training, coaching, and face-to-face evaluations, the initiative ensures that no organization is left vulnerable due to budget constraints. It’s a bold step toward democratizing cybersecurity and building a more resilient local economy.
Project Description:
This initiative expands an existing program that provides hands-on cybersecurity analyst training to students while offering no-cost network monitoring to small, rural jurisdictions. The program simulates real-world SOC environments, giving students operational experience while helping underserved communities defend against cyber threats.
Progress So Far:
Increased student analyst training by 111%
Awarded $250 scholarships to 20 students
Generated 567 threat tickets—up 126% from the previous 16 months
Added nine new community partners, bringing the total to 13
Helped protect the data of over 439,000 residents
Expected Outcomes or Goals:
Train 100 students and expand academic partnerships
Increase data-sharing partners from 7 to 15
Provide paid SOC apprenticeship opportunities to 5 students
Scale ticket generation and threat mitigation efforts
Produce a threat research white paper
Build a replicable pipeline model for state SOC recruitment
Support MS-ISAC’s SOC Apprentice Program development
Project Impact or Significance:
This program bridges the gap between cybersecurity education and real-world experience. It equips students with the skills needed to enter the workforce while delivering critical cyber defense services to communities that would otherwise go unprotected. The model is scalable and already demonstrating national relevance through partnerships with state and federal cybersecurity organizations.
Project Description: This county-level technology nonprofit is building a grassroots program to protect Maryland’s food supply by addressing cybersecurity vulnerabilities in agriculture. The initiative includes a summer enrichment program for high school students, vulnerability testing tools for farmers, and a security audit process developed in partnership with local 4-H chapters, farm bureaus, and Carroll Community College.
Progress So Far:
Developed curriculum to teach rural high school students about cybersecurity in agriculture
Scheduled first cohort enrollment for Summer 2024
Began creating tools for farmers to conduct vulnerability testing and security audits
Established partnerships with educational and agricultural organizations across central Maryland
Expected Outcomes or Goals:
Educate future agricultural leaders on cybersecurity risks and best practices
Provide farmers with accessible tools to secure their operations
Build a replicable model for rural cybersecurity education
Strengthen food supply resilience through proactive cyber defense
Expand the program to other rural regions in Maryland
Project Impact or Significance: As agriculture becomes increasingly reliant on digital technology, the risks to food systems grow. This initiative tackles those risks head-on by educating both current and future farmers, creating practical tools, and embedding cybersecurity into the culture of agricultural operations. It’s a vital step toward securing one of the nation’s most critical infrastructures.