Security Project / Awareness Initiative Of The Year

This category recognises outstanding and successfully delivered information security projects or initiatives. It could be an amazing security awareness campaign, an organisational cyber uplift program or some other awesome security project.

Who Can Enter:

This category is open to organisations who have successfully implemented an information security project or awareness initiative or have delivered a collaborative project with a client.

Judging Criteria:

1. Were the objectives (issue to solve, improvement to be made, information to be communicated etc,) clearly articulated and met.
2. Was success able to be measured and was it deemed successful.
3. Was it delivered to its budget and time targets.
4. How was the impact of change to the organisation determined and was it seen as positive.

Senior Cybersecurity Professional Of The Year

This category is open to senior professionals who, through a hands-on role, influence and drive better security outcomes for an organisation. Candidates will need to have over 10 years experience in a security, security architecture, infrastructure or risk role, and be in a relevant full or part-time during the past 12 months.

Who Can Enter:

This category is purposefully broad, designed to attract applications for experienced cyber security advisors, consultants (internal and external), security architects, security or risk experts who take leadership on cyber security work.

Note this category is not open to CISOs or equivalent managerial roles, however Security Manager of the Year will return in 2024.

Judging Criteria:

1. Has the entrant held a hands-on full or part-time position as senior security leader during the previous 12 months (e.g., Lead Cyber Security Consultant, Security Architect, Principal Security Advisor).
2. Does the applicant have over 10 years experience in security roles.
3. How does the entrant lead security outcomes to the business through their work.
4. What evidence is given that the entrant is a cyber security champion who has made a measurable difference to improving cyber security.
5. What evidence is given that the entrant is a trusted security professional who makes a difference within the organisation they work for and/or the wider NZ cyber security industry.

Start Up Or New Business Of The Year

This category celebrates the best new security companies that are making their mark and helping to raise the cyber resilience of Aotearoa New Zealand.

Who Can Enter:

This category is open to new information security / cyber security businesses founded in New Zealand and which have been operating for no more than five (5) years.

Judging Criteria:

1. Has the entrant demonstrated what problem their business is solving and a good understanding of this challenge.
2. Has the entry demonstrated a good rate of growth during the period of operation.
3. Has the entry demonstrated they are successfully delivering quality services and/or products into the NZ market that make a difference to customer security.
4. Has the entry demonstrated a values driven approach to building a company and is this sustainable.
5. Has the entry provided evidence they are building a resilient, diverse and inclusive culture in their company.
6. Has the entry demonstrated a successful, innovative approach to starting a security company in NZ.

Security Team Of The Year

This category celebrates high performing security teams that are improving the cyber security posture of their organisation day in, day out.

Who Can Enter:

This category is open to outstanding information / cybersecurity teams who work closely together to achieve the best possible performance, creative contributions – and/or go above and beyond in contributing to information security.

Judging Criteria:

1. Does the entry demonstrate continuous development and improvement of infosec and or cyber capabilities by providing a holistic security solution – ensuring strong defences while keeping in view evolving threats.
2. Do the team members come together as individuals and a group to strengthen the way they work and create a strong team culture.
3. How does the team forge security learning paths and transfer knowledge to retain top talent and break down skill-development barriers for aspiring new cyber professionals.

NZ Secure Development Team Of The Year

This award celebrates the teams of people across Aotearoa New Zealand who are building great secure-by-design software to ensure that their customers can safely and confidently use their product without having to harden it first, and can rely on the development team to factor in security at all stages of the development lifecycle.

Who Can Enter:

This award is open to teams (2 or more people) of software developers who deliver responsible software development, and demonstrably do so in a way that delivers secure-by-design software to their customers or colleagues.

Judging Criteria:

1. Does the team demonstrate clear and honest communication with customers concerning software security issues.
2. How does the team demonstrate its use, and continuous improvement, of a security development lifecycle.
3. How does the team demonstrate commitment to quickly remediate and deploy fixed versions of their software.
4. Does the team have a vulnerability disclosure policy / bug bounty policy and do they follow security standards (e.g. security.txt).
5. Does the team have a commitment to continuous testing and vulnerability discovery.
6. How does the team use and enforce best practice patterns and secure development frameworks in their software development.
7. How does the team develop a strong collaboration between security, product and development areas
8. Has the team demonstrated they are working towards more diversity in their team.

Up And Coming Cybersecurity Star Of The Year

This category focusses on our new cyber security professionals, celebrating the best and brightest who have joined our awesome, growing cyber security industry.

Who can enter:

This category is open to all individuals who are a newcomer to the world of Cyber/ InfoSec in NZ with less than 3 years experience and who have made a positive and impressive impact to our community.

Judging Criteria:

1. Does the entrant show excellent potential and have they demonstrated remarkable talents at an early stage in their InfoSec / cyber career. Qualities may include fresh thinking, determination, inspiration and communication.
2. Is there a description of the role played by the entrant and evidence of how the entrant has shown innovation and leadership in developing and implementing successful projects, publications, activities or initiatives.
3. Has the entrant demonstrated leadership and ability to think strategically about information security.