Announcing the Winners
At the Third Annual Cyber Policy Awards™ gala, seven individuals and organizations were awarded the Atlas trophy for outstanding contributions to cyber policy.
Meet the Finalists
The Cyber Policy Awards™ organizing committee is pleased to announce 23 finalists who are in contention to receive The Atlas trophy, selected by an august panel of judges.
The Third Annual Cyber Policy Awards™ took place on the evening of Thursday, February 5, 2026 at the National Press Club in Washington, DC.
Hosted by the Institute for Security and Technology (IST) at the National Press Club, the event recognized and celebrated those whose work defined the cybersecurity landscape in 2025. The winners were selected by a panel of independent judges following an open nomination period.
Held as a gala dinner with live entertainment, the event blended celebration and ceremony, featuring suspenseful and heart-warming award presentations alongside other engaging program elements.
Inspired by the style of major U.S. entertainment awards, distinguished members of the cyber policy community introduce the nominees and present each award. Now in its third year, the Cyber Policy Awards are quickly becoming the defining annual moment for this community.
Subscribe to Cyber Policy Awards updates
Receive information about the nominations process, registration details, and important updates in your inbox.
Organizing Committee
Steve Kelly (chair)
Megan Stifel
Institute for Security and Technology
Ari Schwartz
Bri Law
Center for Cybersecurity Policy and Law
Michael Daniel
Jeannette Jarvis
Cyber Threat Alliance
Chris Painter
The Cyber Policy Group
Vince Voci
Cloudflare
Iranga Kahangama
Cape
Meredith Burkart
Halcyon
Anjelica DortchIndependent Community Bankers of America
Alison King
Forescout
Shane Tews
Logan Circle Strategies &
The American Enterprise Institute
Tatyana Bolton
Monument Advocacy
Sponsors
Platinum Level
Gold Level
Silver Level
Bronze Level
Award Categories
README: Rules
- Definition. The term “cyber policy” shall be broadly defined as: “Governance efforts to advance for the common good any aspect of the global digital ecosystem, including but not limited to interoperability, access, trust, privacy, safety, security, stability, human rights, workforce, and the rule of law.” This may include thought leadership and action from individuals, academia, non-governmental organizations, technical standards bodies, industry specific fora, state or national governments, and formal or ad hoc international bodies.
- Period of performance. Except as otherwise set forth in the special criteria of a particular award category, nominations must have an articulated nexus to the performance period in question. For the third annual event to be held in February 2026, the performance period is November 1, 2024 through December 31, 2025. This two-month overlap with the previous award cycle’s performance period ensures that late-year achievements have an opportunity for recognition; however, work from November–December 2024 that was previously nominated is not eligible for re-nomination.
- Qualified nominators. Anyone may submit an award nomination; however, a proposed recipient may not self-nominate.
- Eligible recipients. The description for each award category may specify it as being intended for an individual recipient, a small group (defined herein as consisting of five or fewer named individuals), or an organization (which may involve a named subdivision of an organization). Where no such criterion is specified, nominations may involve any of the three recipient types. In all cases, submitters are encouraged to narrow a nomination to the key person, or people, who championed the celebrated achievement. Submissions must include details regarding each listed individual’s specific contribution. Judges have been instructed to favor individual and more tailored nominations over those involving larger groups or an organization.
- Lobbying Exclusion. Nominations involving persons or activities regulated under the United States Code that seek to influence legislation (commonly known as lobbying), including equivalent state statutes and regulations, shall not be considered.
- Judge and organizer eligibility. Judges and members of the organizing committee are not eligible for awards recognizing individual achievements during the awards cycle in which they serve. Nominations for Lifetime Achievement will be automatically carried over until such time as the nominee is no longer serving as a judge, consistent with the category’s existing carryover procedure. Judges nominated for a group award (to include Research Impact, for which there are two or more named authors) shall recuse from deliberations and voting in accordance with the conflict of interest policy.
- Nomination narratives. A nomination’s justification narrative is limited to 2500 characters in length and must provide details responsive to the award’s description, special criteria, and nexus to the period of performance (see above). Nominators are encouraged to address the requested elements using the “situation, actions, outcomes” format, in order to clearly tie the nominee’s actions to confronting a defined challenge with specified results. A lack of any of those elements would weaken the nomination.
- Trust and transparency. The organizing committee is committed to maintaining a diverse judging panel to ensure that finalist and recipient selections are fully informed and insulated from any appearance of favoritism. The Cyber Policy Awards maintains a rigorous conflict of interest policy. Beginning with the third edition, the organizing committee will publicly disclose which judges, if any, recused from each award deliberation.
- Judging process roles. The chair will serve in a ministerial capacity to facilitate the judging process, supported by a small triage team of organizers to assist in carrying out the tasks described in the procedure below. Only designated judges designate finalists and select winners. Judges may request advice or views of the chair or other members of the organizing committee to aid their deliberations.
- Selections. Judges may select up to four finalists per award category. If an award category yields two or more finalists, they will be publicly announced in advance of the ceremony. Judges may decline to name finalists or a recipient for an award category if, in their view, no nominee warrants selection. Lifetime Achievement award finalists will be retained for future consideration, and therefore, only the recipient will be publicly announced. In general, only the judges and chair will know the award recipient prior to the ceremonial reveal.
U.S. Domestic Policy Impact
This award recognizes those whose efforts have had significant impact on the U.S. domestic policy landscape, such as by materially influencing the community’s thinking and trajectory, overcoming a longstanding and intractable obstacle, or galvanizing broad stakeholder support to take some action.
International Policy Impact
This award recognizes those whose efforts have had significant impact on the international policy landscape, such as a shift in international narratives, viewpoints, or prioritization; the emergence of international consensus or an agreement; or collective action when previously unlikely.
International Partnership
This award recognizes those who have demonstrated a unique level of commitment to, or teamwork with, a foreign entity regarding a cyber-related foreign policy issue or a significant cybersecurity challenge.
Ecosystem Champion
This award recognizes those whose tenacious efforts have led to broad structural and long-lasting positive impact on the cyber ecosystem through policy changes or by putting policy into action at scale; or those who enable the ecosystem-impacting work of academic institutions, think tanks, or other civil society organizations through significant financial or in-kind support.
Research Impact
This award recognizes those whose novel scholarly research has led to a conclusion, discovery, concept, tool, approach, or proposal that can be shown to have advanced or made a substantial contribution to domestic or international cyber policy. Special criteria are as follows:
- Nominations must identify a specific paper, report, or research publication as the primary basis, but may be supplemented with context on how it fits within a larger body of work.
- Research must have been published in a peer-reviewed journal, conference proceedings, or otherwise subjected to a credible organizational-level pre-publication review process, and not individually self-published.
- Research should test a hypothesis or present findings that have policy implications. This category excludes research on specific malicious actor activities, vulnerabilities, or adversary techniques. Research on macro trends in aggregate adversary behaviors, vulnerability exploitation, or effectiveness of adversary techniques is acceptable.
Excellence in Journalism
This award recognizes journalists who positively contributed to their readership’s understanding of complex cyber policy issues by correctly detailing technical aspects, drawing complex connections with other relevant events and proceedings, fairly representing tradeoffs and divergent viewpoints, and accurately reflecting policy substance. Special criteria are as follows:
- Only individual or small group nominees (no organizations).
Lifetime Achievement
This award recognizes those who had a sustained and significant impact on domestic or international cyber policy over the course of their career. Such impact might be evidenced by contributions on numerous issues, a long-term sustained effort on a single issue that eventually culminated in a watershed development, or a combination thereof. Recipients of this award will be listed as members of the Cyber Policy Awards’ Hall of Fame. Special criteria are as follows:
- This is an individual award.
- Nominees’ duration of impactful service must equal or exceed 25 years.
- An articulated nexus to the current award cycle’s performance period is not required.
