HomeAbout usAlan Paller Laureate Program

Alan Paller Laureate Program

Alan Paller Laureate Program thumbnail

 

 

Alan Paller, Center for Internet Security (CIS) co-founder, former CIS Board member, and founder of the SANS Institute and SANS Technology Institute—the nation's first regionally accredited specialized cybersecurity college and graduate school—was well-known within the cybersecurity industry for building the cyber talent pipeline. He is also credited with driving change in the public and private sectors to adopt security controls that would result in near-term and quantifiable improvements in cybersecurity resiliency.

Paller’s influence on the cybersecurity industry is vast and multi-threaded. His ideas and work were audacious—yet pragmatic, high-tech—yet propelled by human touch, and business-driven—yet visionary and inspiring.


In recognition of Paller’s legacy, and in particular, his role as a CIS co-founder and Board member, we honor his memory through the Alan Paller Laureate Program. The Alan Paller Laureate Program will award up to $250,000 annually to eligible organizations, academic institutions, or individuals whose pilot projects, proofs of concept, or existing programs are aligned with the outlined program objectives and requirements and will be selected through an annual competitive application process. Administration or overhead costs will not be permitted as part of the funding.


Purpose of the Alan Paller Laureate Program

This program is intended to empower U.S.-based nonprofit organizations, academic institutions, and individuals who are focused on improving cybersecurity by: making cybersecurity controls demonstrably more effective, simpler, and more automated; developing and equipping highly skilled cyber experts, and improving the teaching of cyber defense at every level.


Annual Program Timeline

CIS--Alan-Paller-Laureate--Banner-thumbnail

Funding Criteria

Eligibility

  • U.S.-based individuals, academic institutions, and nonprofit organizations with 501(c) status are eligible to apply.
  • Organizations with active 501(c) status that serve beneficiaries outside of the U.S. are eligible to apply.

Preferred Project Areas

CIS seeks to fund a diverse set of projects that are focused on improving cybersecurity by:

  • Making cybersecurity controls demonstrably more effective, simpler, and more automated
  • Developing and equipping highly skilled cyber experts
  • Improving the teaching of cyber defense at every level

Areas of Emphasis

For the 2025 cycle the Board offers the following specific areas of emphasis for proposals intended to address the Preferred Project Areas.

  • Projects which make use of applied Generative AI tools and techniques
  • Projects which can achieve large scale of use, either through simplicity, low-cost, or easy adaptability to a large variety of audiences or situations
  • Projects which specifically target users or enterprises which are “underserved” by the commercial marketplace because of high cost, complexity, or market failure

Selection Criteria

The Alan Paller Laureate Program Board of Directors will evaluate proposals based on factors that include:

  • Innovative and unique nature of the project
  • Near term impact on one or more preferred project areas and/or areas of emphasis
  • Clearly defined measurable outcomes
  • Viability of proposed sustainability plan
  • Comprehensiveness of the applicant’s proposal and the information requested
  • Submission of the proposal in the correct requested format and within program deadlines

 



Program Board

Past Awardees

2025 Alan Paller Laureate Program Recipient

cyberTAP Program for Rural Electrical Cooperatives – Purdue University

Project Description:

Purdue’s cyberTAP team is delivering cybersecurity advisory services to 25 rural electric cooperatives in Indiana. Each cooperative receives 12 months of support, including risk assessments, vulnerability scans, policy development coaching, and incident response planning—all guided by CIS Controls v8.1. The project will also open-source its methodologies for replication nationwide.

Expected Outcomes or Goals:

  • Conduct cybersecurity assessments for 25 cooperatives

  • Deliver strategic vCISO services and CIS Controls implementation

  • Share tools and templates with at least 10 other technical assistance programs

  • Build internal capacity for long-term cybersecurity management

  • Reduce vulnerability and improve grid resilience

Project Impact or Significance:

Rural cooperatives are essential to powering underserved communities but often lack cybersecurity resources. This project strengthens infrastructure security where it’s most needed and creates a scalable model for other states to follow. By using the CIS Controls and sharing its approach openly, Purdue’s cyberTAP program drives national impact while protecting critical systems.

2024 Alan Paller Laureate Program Recipient

Security Training Scholarship – Women in CyberSecurity (WiCyS)

Project Description:

WiCyS expanded its tiered cybersecurity training program to include CIS Controls education and GCCC certification for 25 specially selected women. Participants receive mentorship, career coaching, and scholarships to attend the annual WiCyS Conference for networking and job placement.

Expected Outcomes or Goals:

  • Identify and upskill 25 high-potential women

  • Provide hands-on training and certification in CIS Controls

  • Achieve 100% job placement within 12 months for Tier 4 and 5 graduates

  • Promote adoption of CIS Controls across the workforce

  • Foster community and long-term career empowerment

Project Impact or Significance:

This initiative addresses the cybersecurity workforce shortage and gender gap by transforming hidden talent into certified professionals. By integrating CIS Controls into a proven training model, WiCyS prepares participants for employment and equips them to strengthen cybersecurity hygiene in their future roles.

2023 Alan Paller Laureate Program Recipients

LA Cybersecure Pilot Program – SecureTheVillage

Project Description:

This Los Angeles-based initiative launched a pilot program to measurably improve the cybersecurity practices of 50 small and mid-sized organizations. The program is built around Implementation Group 1 (IG1) of the CIS Critical Security Controls® and integrates resources from the Cyber Readiness Institute and Sightline Security’s Kickstart program. The goal is to create a scalable model that can be extended throughout the greater Los Angeles region.

Progress So Far:

  • Established and trained a core team of 18 volunteers and staff using CRI’s Cyber Coach Program

  • Designed and launched six-month pilot programs for both SMBs and IT/MSPs

  • Recruited initial cohorts of 10 SMBs and multiple MSPs

  • Attended promotional events and built support infrastructure including databases, registration systems, legal agreements, and marketing materials

  • Developed a sponsorship program and began designing a post-pilot Continuing Cyber-Education Program

Expected Outcomes or Goals:

  • Improve cybersecurity hygiene for 50 organizations

  • Build a replicable model for regional expansion

  • Empower IT service providers with CIS Controls-based training

  • Create long-term educational and support systems for small businesses

  • Reduce cybersecurity disparities by offering free, high-impact resources

Project Impact or Significance:

This program is a game-changer for small businesses in Los Angeles, many of which lack the resources for commercial cybersecurity solutions. By offering free training, coaching, and face-to-face evaluations, the initiative ensures that no organization is left vulnerable due to budget constraints. It’s a bold step toward democratizing cybersecurity and building a more resilient local economy.

Project PISCES Colorado Expansion – National Cybersecurity Center

Project Description:

This initiative expands an existing program that provides hands-on cybersecurity analyst training to students while offering no-cost network monitoring to small, rural jurisdictions. The program simulates real-world SOC environments, giving students operational experience while helping underserved communities defend against cyber threats.

Progress So Far:

  • Increased student analyst training by 111%

  • Awarded $250 scholarships to 20 students

  • Generated 567 threat tickets—up 126% from the previous 16 months

  • Added nine new community partners, bringing the total to 13

  • Helped protect the data of over 439,000 residents

Expected Outcomes or Goals:

  • Train 100 students and expand academic partnerships

  • Increase data-sharing partners from 7 to 15

  • Provide paid SOC apprenticeship opportunities to 5 students

  • Scale ticket generation and threat mitigation efforts

  • Produce a threat research white paper

  • Build a replicable pipeline model for state SOC recruitment

  • Support MS-ISAC’s SOC Apprentice Program development

Project Impact or Significance:

This program bridges the gap between cybersecurity education and real-world experience. It equips students with the skills needed to enter the workforce while delivering critical cyber defense services to communities that would otherwise go unprotected. The model is scalable and already demonstrating national relevance through partnerships with state and federal cybersecurity organizations.

Cybersecurity in Agriculture Initiative – Carroll Technology & Innovation Council

Project Description: This county-level technology nonprofit is building a grassroots program to protect Maryland’s food supply by addressing cybersecurity vulnerabilities in agriculture. The initiative includes a summer enrichment program for high school students, vulnerability testing tools for farmers, and a security audit process developed in partnership with local 4-H chapters, farm bureaus, and Carroll Community College.

Progress So Far:

  • Developed curriculum to teach rural high school students about cybersecurity in agriculture

  • Scheduled first cohort enrollment for Summer 2024

  • Began creating tools for farmers to conduct vulnerability testing and security audits

  • Established partnerships with educational and agricultural organizations across central Maryland

Expected Outcomes or Goals:

  • Educate future agricultural leaders on cybersecurity risks and best practices

  • Provide farmers with accessible tools to secure their operations

  • Build a replicable model for rural cybersecurity education

  • Strengthen food supply resilience through proactive cyber defense

  • Expand the program to other rural regions in Maryland

Project Impact or Significance: As agriculture becomes increasingly reliant on digital technology, the risks to food systems grow. This initiative tackles those risks head-on by educating both current and future farmers, creating practical tools, and embedding cybersecurity into the culture of agricultural operations. It’s a vital step toward securing one of the nation’s most critical infrastructures.

Now Welcoming Discovery-State Projects

We encourage applications for discovery-type projects that explore new ideas or early-stage concepts. Projects with smaller funding needs are welcome, especially those that demonstrate strong potential for impact, innovation, or scalability in the cybersecurity space.

Information Hub

Blog Post10.29.2025
MS-ISAC Member-Reported Phishing Likely from Tycoon2FA PhaaS
Read More
White Paper10.29.2025
CIS Controls v8.1 Data Recovery Policy Template
Read More
White Paper10.29.2025
CIS Controls v8.1 Malware Defense Policy Template
Read More
White Paper10.29.2025
CIS Controls v8.1 Acceptable Use Policy Template
Read More