NOMINATION HIGHLIGHTS

Lisa Bergerand Lopez is an independent Cyber Risk and Awareness Advocate specializing in building cybersecurity awareness and behavioral risk reduction programs from the ground up. After more than ten years working within a large multinational organization, she transitioned to an independent advisory role to support growing organizations in designing structured, measurable cybersecurity programs aligned with executive priorities.

In 2022, Lisa was engaged by VoLo Foundation, an environmental education nonprofit that had experienced significant growth and operational expansion over its first decade. As the organization scaled, cybersecurity maturity had not kept pace. At the time, there was no dedicated cybersecurity leadership, no formal awareness training, no phishing simulation program, and no structured behavioral risk measurement framework in place.

Lisa designed and implemented the Foundation’s cybersecurity awareness and governance program from inception. Her work focuses on executive alignment, behavioral risk measurement, policy implementation, and organization-wide change management. She repositioned cybersecurity from an informal IT concern to an enterprise-wide risk management function integrated into leadership oversight.

She introduced baseline behavioral risk measurement using KnowBe4 metrics and implemented recurring phishing simulations, targeted remediation, and structured executive reporting. Under her leadership, behavioral cyber risk decreased by 32%, phishing susceptibility was reduced by more than 50%, and reporting engagement increased significantly, with more than 300 suspicious emails reported per quarter.

Beyond awareness, Lisa partnered closely with the IT team to implement strengthened technical controls and formal governance measures. Through coordinated policy development and structured change management, she contributed to increasing the Foundation’s NIST cybersecurity maturity score from 64% in 2022 to 88% in 2025.

She also led a live tabletop exercise to validate the organization’s incident response process under simulated real-world conditions and institutionalized Cybersecurity Awareness Month as an annual initiative featuring interactive challenges, phishing simulations, and recognition programs to reinforce engagement.

Cybersecurity is now embedded into onboarding, with all new employees completing mandatory training before receiving system access.

Lisa’s work demonstrates how independent cyber risk leadership, disciplined measurement, and executive alignment can elevate cybersecurity maturity within rapidly growing organizations — building structured protection, measurable risk reduction, and operational resilience where none previously existed.