Hi All! I'm another board candidate jumping into the fray here. First, thanks David for posting this question! It was very similar to the question I was thinking about posting when I jumped into this discussion board for the first time yesterday morning. I hope you don't mind me tagging in here.
And thanks everyone else for the great feedback that you've provided. Your comments are very much in line with my own personal experiences as an (ISC)^2 member for the past 8 years, and align with the reasons I wanted to run for the board.
Here are a few points that I want to amplify from the discussion:
- Streamlining processes and improving the user experience for members. Many may only interact with (ISC)^2 once or twice a year to renew their membership and update CPEs. This process should be as painless as possible. (I wonder how many people end up dropping their certifications and memberships simply due to frustrations with maintaining them.) Improving user experience is a space that my current employer works in, so I hope that I could bring some of what I've learned from our product managers to this discussion.
- Making sure that the value of our certifications remains high. Sadly, many other CISOs and senior-level security professionals I know have been intentionally letting their CISSPs and other certifications lapse because they no longer see value in paying the dues to maintain them. I believe there are multiple facets to this problem, not just that the perceived value of the certification is lower because more people are capable of getting it, but also because they are not seeing a personal return on the investment from their membership dues. I'm not going to claim to have the answers to this problem right now, but it is something that I strongly believe needs to be closely analyzed by (ISC)^2 management and the board to ensure we are on the right track for delivering value to members.
- Transparency and engagement are also key for me. I've been on both sides of this issue before - as a member of organizations that lacked these attributes, and as an executive or board member of groups that were striving for it. I understand how a lack of transparency and engagement by leadership can poison the well for an organization, with the resulting distrust causing unnecessary friction that can prevent the organization from reaching its goals. While fiduciary responsibilities may not allow full transparency on some sensitive matters, I would strive for as much openness as possible. I would also commit to being engaged with the (ISC)^2 community through as many channels as possible, starting with being active on these message boards. I will acknowledge here the "one voice" challenges mentioned on another thread; I do not interpret this as something that would prohibit me or any other board member from engaging with and capturing the feedback, concerns, and questions of the members.
- I would add to the above one additional concern that I've heard from others: making sure that (ISC)^2 certifications and programs are designed to recognize the needs of the international community instead of being focused on the US.
I'm also fairly certain that the management and the current board are all acutely aware of the above issues as well, so I don't mean to imply that they are not already digging in to try to solve them. I'd simply like to add my shovel to the efforts.
Thanks again David for starting the conversation, and to everyone reading here for considering me as candidate for the board!
Chuck Kesler, MBA, CISSP, CISM
CISO @ Pendo.io