Change is Hard Work - My Bid for the (ISC)² Board of Directors Ballot
ISC2, the institution best-known through the CISSP certification, has been the subject of a lot of discussions in the past few years.
Here on Infosec Island, via twitter or on personal blogs, ISC2 certification holders and the uncertified have written about the value of the certification, the process of obtaining it, ISC2's code of ethics and how the tech industry views the certification.
While some opinions are clearly biased, I don't necessarily disagree with them.
I've always wondered how I, as a member of ISC2 , can make the CISSP process better. How can I bring back the true value of the certification, proving that the holder grasps the knowledge required to be called a security professional? How I can I influence the organization to develop a contemporary view of the information security community and the information security industry? How can I make the organization efficiently engage with that community?
I can't unless I join them in a more effective capacity than as a simple CISSP cert holder.
Not by paying my Annual Maintenance Fees or gathering enough Education (CPE) points. Not by standing on my soapbox and calling them out on every move they make. And not by throwing my certification in the trashbin.
Last year I entertained the thought of running for the ISC2 board of directors, but I was too late to actually do it. This year I'm even more motivated and ready to make the ballot. Based on feedback from the information security community, I believe it's time to be the change I envisioned. I truly believe this is the way forward.
The process is lengthy and cumbersome. I need to convince 500 ISC2 certification holders that I'm not running a major social engineering effort for my next Blackhat talk and have them send me their name, email address and certification number.
If I have 500 people backing me, I will make it on the ballot and cert holders will be able to vote for me starting November 16th. If all that works out, I will be able to join the board and make a difference.
The question you should ask me and *any* prospective board member is: "If you are elected to the board, what do you want to accomplish?" Here is my personal response to that:
One: From within the organization I want to make ISC2 step up their game and reach out to the information security community to actually collaborate with it instead of alienating it.
For me personally, this community is a large part of what energizes me to keep doing what I love most. I think we need to leverage that energy to work on the problems that we are all facing together, whether or not we hold an ISC2 cert or not.
Two: I want to work with ISC2, it's leadership, and it's membership to review the current status of the CISSP certification, how it is perceived by different audiences (the holders, HR people and those opting not to become certified) and improve the exams, the exam process and the long-term value of it. With more than 79,000 certification holders out there, it could be concluded that the certification is doing well.
However, if we don't focus solely on the numbers and look at the way the certification is perceived, the ISC2 needs serious improvement. By focusing on promoting the cert to businesses as a measuring stick for security professionals, I believe we have done a great disservice to our members. The certification should, in the first place, have value for the holder. I want to focus on delivering that value.
Three: I want the ISC2 to drastically improve it's vision of international adoption. We need to step away from a US-focus and engage communities across continents. The challenges we face are the same.
Currently, ISC2 is looking at continents as markets, which in a strict business context makes sense, but the organization remains a not-for-profit organization. I believe that we need to leverage the knowledge from our membership to help solve some of the critical security challenges we are facing on a global scale.
ISC2 is perfectly positioned to play that role and I'm convinced we can do this. I can envision the organization playing a ground-breaking role in resolving the problems posed by international cybercrime. With our international membership, we can help breaking down barriers, remove red tape and work on jurisdiction issues when tracking hackers.
Based on my research, I think it's very important to bring clarity to the members about what the organization does, beyond offering 4 certifications (+3 concentrations for the CISSP).
What happens to the income the ISC2 receives? How is it used to share information with its members? How are the funds used to contribute back to the community, particularly on a global scale?
The board meeting archives of the past few years don't reveal a lot of details about this. I think, as a professional organization, certifying ethical and honest professionals, we are obliged to transparency and clarity on this subject as well.
As the title mentions, this is going to be hard work and I'm ready to help.
If you are a CISSP (or ISC2 certificate holder) in good standing, please visit http://blog.remes-it.be/petition.html and if you agree with my platform, take the time to send me your name, email address and certificate number.
With just 500 signatures, my name will be added to the ballot for the next Board of Directors vote. This will help me get into a position to help improve the organization.
I believe it is needs to be done, I believe it can be done and I believe it can be done now, with your support!