What do the CSO30 awards recognise?

The CSO30 Awards recognise 30 security professionals – including CSOs, CISOs, Heads of Security etc – within the UK for demonstrating outstanding business value and thought leadership within their organization.

Did the CSO:

• Rewrite and re-deploy its overall security strategy?
• Create new business processes to better manage your organization’s risk posture?
• Leverage advancements in security technology?
• Develop new initiatives around security education, awareness, mentoring, or recruitment?
• Work with outside groups to drive better cybersecurity in their industry?
• Partner with other groups in your organization to improve security?
• Create innovative ways to detect and mitigate threats?

These are just a few examples of possible nominations. The award is for the work the CSOs and their teams have done, and this is your opportunity to tell your peers about efforts that lead the way to greater success for your organization.

To be selected, nominations must not only show not that they have executed their ideas well, but that they have done so in uncommon, innovative ways: pioneering a new technology, applying a familiar technology to a new purpose, setting the bar higher for their organization’s security objectives. Ideally, they must demonstrate business value, not just the benefits of better security and risk management programs.

Who nominates?

The CSO30 program is open to entries from internal business, security, and PR stakeholders as well as vendors and their PR companies who are nominating customers. If you are a third party creating a nomination, you must agree to notify the nominated organization before submitting the nomination.

Note: The CSO30 Award is not awarded to technology vendors for their external products. However, we will consider nominations for technology-driven services that leverage a company’s non- technology core competency — as long as the service is a natural extension of the company’s core business. For example, a nomination from a financial institution would be considered for offering additional identity theft protection as part of a revenue-generating initiative. Technology vendors will be considered for their own internal projects or initiatives.

Companies that have won CSO50 awards in the US are welcome to apply as long as they have a presence and cybersecurity executive in the UK.
If you have questions about the eligibility of your project/initiative for the CSO30 awards, please contact cso@idg.co.uk

Does the nominated organisation need to be aware of their nomination?

CSO requires that the nominated company MUST be made aware that they are being nominated before submitting the nomination. If you are a security vendor who would like to nominate a customer for a CSO30 Award, we strongly recommend you to and enlist the CSO or another security manager within the organization you wish to nominate to submit the nomination.

Is there a fee to nominate?

There is no cost to nominate.

How does CSO judge the CSO30 awards?

Working with judges including security experts, academics and CSOs, the CSO30 honorees will be selected by the CSO editorial team based on information submitted in this online nomination. Since we are unable to review any additional materials beyond information submitted in the nomination form, nominators are encouraged to include any information about their project or initiative that they would like the judges to consider in their answers to the questions on the application.

Each entry will be judged based on how it compares with all other entries submitted. Honorees selected for the final winner list are not ranked on that list.

Judging Criteria

To be selected for a CSO30 Award, your nominated project or initiative must demonstrate excellence in:

Innovation: The extent to which your organization used security in a new way or enabled new ways of improving the organization’s security and risk posture.

Business results and value: The measurable impact, backed up by supporting data that your project has had on your organization’s business.

Judging Process

Each nomination will be read by members of the CSO30 judging panel. Final selections will be confirmed by CSO editors. All scores will be kept confidential, will not be released publicly, and won’t be discussed with any individual submitters.

How to increase your chances of winning

Nominations that focus on the business goals and results of the project and provide detailed answers to all questions have a better chance of winning. The most successful applications are written by the CSO or another business-oriented security or risk manager.

If you are a security vendor who would like to nominate a customer for a CSO30 Award, we strongly recommend you enlist the CSO or another security manager within the organization you wish to nominate to submit the nomination.

To win a CSO30 Award, submitters must support their claims of innovation and business value. For example, it is not enough to tell us that an identity management system reduced the volume of compromised credentials, include metrics that illustrate your claim and explain why the security lead deserves kudos. Winning applications should also include narrative examples or anecdotes that illustrate value; how new processes brought in by the CSO created efficiency, how employees embrace security more widely, or the impact the project has had on your organization’s risk profile.

How we use your information

The information you provide in your CSO30 nomination will be used by CSO for judging the awards and potentially for online articles or other publicity relating to the CSO30 Awards. Application information will be used for editorial and CSO30 conference purposes only, with the exception of contact information and vendor information, which may be used to market CSO content and programs.

If you have information about your project (such as internal metrics) that you would prefer not be published, but which you would like us to consider as part of your application, please note this where the information appears or where asked to do so specifically in the nomination form. Information not labeled in this way will be considered by CSO editors to be publishable.

Deadlines and Expectations

If your company is selected as a CSO30 award winner, a member of the nominated company will need to formally acknowledge and accept the award within one week of receiving the notification. If you do not complete this step, you will forfeit your award and the CSO editors will select another winner from the pool of finalists.

Some winning projects will be invited to present at the CSO30 Celebration. Selected winners will receive the option to present after final winning notifications have been made.

Nomination overview and instructions

Complete your online application HERE.

There are three parts to the nomination questionnaire you will be completing:

• Nominee non-technology company/organization and CSO’s information: Here we are asking for basic information about you and/or the person as well as the organization you are nominating.
• Detail on reasoning: Explain why this person deserves to win an award.
• Additional optional questions
Be aware that once you have clicked on the “Submit” button, you will not be able to revise youranswers.

Contact information
For questions regarding the CSO30 Awards or the nomination process, please email your questions to cso@idg.co.uk