Hi everyone,
I am running for the (ISC)2 Board of Directors this fall.

Basically – I have been a CISSP for almost 15 years and would like the opportunity to help out (ISC)2 more directly. I’d like to spend some time building out the (ISC)2 foundation, and also work on clarifying the strategy and growth plans for the certification/training programs. In addition to my experience in the infosec/risk management space, I have leadership experience with non-profit and volunteer-driven organizations that will be useful. If you are interested in the election and have questions – ask away. Otherwise I feel like I’m talking to myself (more than usual).

About the election (includes Board slate, timeline, & process)

Of course, I will keep updating this with additional content.

About me

I’m adding this section from my statement on (ISC)2 website because it gets to the core of what I’ve been thinking about and discussing with colleagues when it comes to (ISC)2. Check out my full statement on the election website for more details, and come back to me with questions!

(ISC)²’s ambitious vision is to “Inspire a safe and secure cyber world,” and we are strongly positioned to lead the industry forward, as our organization has both the expertise (our membership) and the reach (through the Foundation) to up-level security for businesses AND consumers globally. Since most of my career has been dedicated to protecting consumers and end-users from online threats, I am both keenly interested and uniquely qualified to help the organization refine and achieve this vision.

To pursue this larger long-term vision for tomorrow, today we need to address a few key questions related to the future of (ISC)²’s core program components: certification, membership, and training. The bottom-line is that (ISC)² members need:

  • Confidence in the credibility of (ISC)² certifications
  • A clear value proposition to ongoing affiliation with the organization
  • Access to useful training and education opportunities

While what we expect from (ISC)² is straightforward, what the industry expects from us is a little more complex. Market needs for infosec are evolving, and successful certification/training programs must find a better way to meet practitioner requirements for both specialization (e.g. application security or quantitative risk analytics) and generalization (broad base of “basics,” fluency in companion domains like network operations, law enforcement, software development, or management/business strategy). Professionals already require credibility (and potentially certifications) across several dimensions. With demand for critical skills continuing to increase, to raise the level of our game means as professionals, certification is the beginning – not the end – of our practice.