Following are the categories and information on the submission fee.

You may submit to multiple categories, each with their own fee:


Best Use of AI - NEW

Generative AI is having a dramatic impact on security products as they take the first steps to use large language models to improve the understanding of raw data from logs and telemetry. This category is for the vendors that have made the best use of generative AI in their products to reduce hunt time, find problems quicker, and create playbooks on the fly.

Visionary Vendor

Established vendor or start-up whose solutions are built on technologies that can evolve with the CISOs’ needs or solutions that are forward-looking, to address potential new threats.

Premier Security Company

Established vendor that is providing either overarching security solutions or solutions that help safeguard key security components in a CISO’s infrastructure.

Start-up Security Company

A company whose solution has been in beta or generally available for under 2 years.

Partner in Success

Providers who have working relationships with CISOs or their employees to meet their needs of today while being responsive to the CISOs’ enterprises’ changing needs.


API Security

These solutions offer standalone capabilities and are separate from application security. They touch on code but are not only about the code.

Application Security (included DevSecOps)

This includes DevSecOps as well as the tools for code analysis, putting apps in containers, and hardening apps, etc.

Breach and Attack Simulation

These solutions are part of a CISO’s fast-growing operations security program.

Cloud Security Solution

There are primarily two types of vendors in cloud security. Those that serve their solution from the cloud, or SaaS, instead of an on-premises license and those that offer protections for cloud workloads including firewalls, WAFs, and encryption.

Cloud Workload Protection Platform

These solutions are the modern endpoint security for the cloud and can be agent or agentless.

Data Security

Data security includes vendors from database protection to encryption as well as Digital Rights Management (DRM), Information Rights Management (IRM), Data Loss Protection (DLP) and data discovery and classification.

Email Security (Phishing)

Email is a separate category because it crosses the bounds of endpoint, network and data security. It includes email encryption as well as anti-phishing, anti-spam, blocking business email compromise, and outbound email security.

Endpoint Security

Endpoint security includes the vendors that provide anti-malware solutions, endpoint monitoring or Endpoint Detection and Response (EDR), configuration management, server monitoring and protection, and even vulnerability management and container security. This category includes mobile device security vendors.

Identity and Access Management (IAM)

IAM includes all of the authenticators, from 2FA to typing patterns and biometrics. It also includes the identity stores, and directory services.

IoT Security

Solutions that secure a myriad of verticals from medical to industrial to automotive to critical infrastructure to business systems and more. They can be solutions that are securing new IoT or solutions CISOs can use to secure existing infrastructure.


The Managed Security Service Provider category are those that provide the front lines of defense for their customers. Their SOCs monitor network and endpoint activity and the SIEMs and TIPs that make sense of all the data. SOC teams will also assist in remediation and configuration.

Network Security

From next-generation firewall hardware appliances to cloud-traffic analysis, network security is the biggest security vendor space and the first line of defense against attacks.

Risk Management

Risk management in cybersecurity is at the core of many organizations’ approach to maintaining a strong security posture. Products help highlight the most important risks and funnel resources towards reducing those risks.

Security Analytics

Threat hunting, correlation, visualization, graph analysis are all included in this category. All are used to help the SOC engineer do their job.

Security Awareness Training

These solutions provide training exercises (i.e. anti-phishing simulations), educational videos, and information security awareness training.

Security Operations

Security Operations includes SOAR, Orchestration, and tools to enable the SOC.


Secure Service Edge is the name given to distributed security control technology that is pushed out closer to the assets being protected. This could be the home office, remote locations, even vehicles.


Security information and event management is at the center of SOC operations. All alerts and logs are centralized, deduped, and prioritized in the SIEM.

Third Party Risk Management (TPRM)

These solutions help CISOs extend their policies to their supply chain.

Threat Intelligence

Solutions include those that gather activity on threat actors. It includes platforms that combine and rationalize feeds as well as those vendors that use open source intelligence, Dark Web monitoring and Domain Name System (DNS) to create those feeds.

Vulnerability Management

The plethora of scanning tools that identify when a vulnerable application or Operating System (OS) is deployed.