If yesterday we presented the finalists to “Better CIO” today we do it with the five candidates to obtain the “Best Ciso” awards of the Byte Ti 2025 awards that will be held this Thursday.
In this case, the variety of projects has been the most remarkable of all the candidacies presented, which have exceeded 90. As each of the five finalists demonstrates, the projects cover all kinds of projects and definition of strategies: from a complete transformation of the cybersecurity strategy, through cost reduction policies without compromising the safety and the clear commitment to incorporate the culture of cybersecurity.
The jury, composed of the members of the writing and regular collaborators of the magazine Byte Ti, has valued, above all, the impact on the organization, the leadership capacity shown and the degree of innovation provided in each initiative.
The decision has been made to select these five finalist projects from which the future winner will come out, which will be announced and recognized in the same awards ceremony, and demonstrates how cybersecurity is one of the fundamental pillars of corporate strategies.
These are the finalists to “best ciso” of the Byte Ti 2025 awards
Gabriel Moliné, Ciso by Carrefour Spain
As Ciso de Carrefour Spain, Gabriel has led a deep transformation into cybersecurity against threats, regulatory pressure (NIS2, Dora, GDPR) and the need to guarantee the continuity of the business. Its strategy focuses on four points: operational resilience, technological modernization, compliance and governance. His department has implemented a ZTNA Zero Trust model, network segmentation, safe navigation tools and protection against data leaks, along with a professionalized soci with threat intelligence, specific use cases for Spain and automated response playbooks. In the preventive field, highlights systems hardening, the reduction of vulnerabilities and a safe password portal. In governance and compliance, they have created a GRC office, with continuous supplier evaluation, access controls and a business continuity framework backed by 18 critical CIS controls. Finally, they have promoted a solid cybersecurity culture through training, crisis drills and internal awareness campaigns.
Daniel Ladies, Nationale-Enderland
In the hands of Daniel Damas, Nationale-Environmentan has revolutionized the insurance sector with its “It Assurance” project, establishing an automated model that guarantees the safety and quality of software from the beginning, without friction or manual intervention. This system is articulated in three pillars —it Security, Quality Assurance and Platform Engineering – that ensure compliance throughout the development cycle. Thanks to automation, each phase autonomously validates the controls, offering real -time recommendations to engineers, eliminating the dependence of safety and QA equipment, and accelerating the deployments. The solution acts as guardrails that apply automatically standards, minimizing risks and errors, while reducing complexity and costs through the use of reusable blocks. In addition, It Assurance drives observability, continuous improvement and a cultural change that promotes autonomy, collaboration and innovation, allowing teams to work more efficiently and responsible, achieving measurable results from day one.
Laura Baus, director of Cybersecurity of Vodafone Spain
In a year marked by uncertainty, pressure and a complex organizational environment due to a restructuring and strong budget cuts, BAUS led an ambitious project of transformation of cybersecurity. Its objective was to turn adversity into an opportunity to redefine the strategy, optimize resources and reinforce the organization’s resilience. Evolve security without incurring additional costs. The project focused on maximizing the value of existing technologies, eliminating redundancies, consolidating tools and redesigning critical processes. Thanks to this rationalization, we manage to maintain operational excellence without new investments. Do much more, with less.
One of the most relevant pillars was strategic renegotiation with suppliers, which allowed to reduce costs, guaranteeing at the same time technical support and operational continuity. These savings were reinvirted in high -impact initiatives, such as team training and the strengthening of key processes. At the same time, it was possible to integrate cybersecurity into the life cycle of all the strategic projects of the company. This assured that 100% of the new initiatives will be evaluated with security criteria from the design phase, converting cybersecurity into a business habilitator instead of a brake.
The biggest challenge, however, was human. In a context of uncertainty and emotional demand, the team needed close, empathic and motivating leadership. He opted for transparent communication, to recognize collective effort and strengthen a common purpose: evolve security.
Lucero Ramos, Ciso de Idealista
Under the direction of Lucero, in idealist, they have reinvented cybersecurity campaigns to be fresh, visual and close, integrating digital protection in organizational culture as something everyday and natural for all. Their approach prioritizes people, with strategic workshops and interactive roles for managers, which transform the vision of key investment security. For employees, they bet on community: challenges, real stories and memes, avoiding traditional formations and promoting participation in a collaborative blog and recreational simulations with incentives and rewards. With customers, they have created practical workshops and direct communication to empower them in their digital protection, facilitating real cooperation and applied knowledge. All actions of the Cybersecurity Department seek to inspire trust, prevent attacks and make cybersecurity live with enthusiasm, shared purpose and constant innovation, making digital protection a positive and fundamental value in the company, always connected with people and authentic collaboration.
Jesús Abascal, ciso de eni fullitude
As Ciso, Jesus had to face the challenge of establishing a solid and effective security baseline, laying the technological and organizational basis to protect the company’s assets. However, the true transformation came when building a culture of cybersecurity that goes beyond technology: it personally designed and taught a gamified course-workshop, with recreational dynamics and awards, to capture the attention of each employee, generate direct confidence and turn them into the first detection level. Thanks to this face -to -face initiative, the number of clicks on phishing campaigns has been drastically reduced and the pHishing, visging, malware and bad practices reports are significantly indicated, these indicators show that they are not only preventing attacks, but that employees have become active security allies. Now, to consolidate this change, internal ambassadors are being formed that guarantee that good practices are transmitted to all levels and resolve critical doubts in real time. Abascal’s passion for involving people, added to a robust technical base, has been key to transforming awareness of constant and measurable action.
