cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I

Are Officers & Board Members Required to Monitor The Community?

It is very gratifying to know that (ISC)2 CEO @david-shearer keeps an eye on the Community discussions here. Thank you, David.

 

Is it an operational requirement that all officers and board members also do so? If not, I recommend the Board make it a standard policy and actual practice. Board awareness of member concerns, questions, and problems will benefit us all. And it should NOT be based on a headquarters staff member preparing a summary report for the officers and board members. Such filtering done by a staff member opens the likelihood of self-protection censoring by the staff in the US versus THEM quandary I discussed in a separate post here on Member Support versus Customer Support

 

The best example of the need for such focus is the current mess that is the terrible CPE portal, with no reasonable correction in sight, and an attitude expressed by (ISC)2 staff in the responses here of "don't bother us; we'll have it fixed in a year or so." 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
17 Replies
eparedes_214
ISC2 Team

Good morning Dr. Shelton,

 

I would like to offer my assistance to you in your CPE submissions moving forward.  I do understand your frustration, but hopefully I can alleviate some of your challenges by providing some help.  You may contact me at eparedes@isc2.org or at 727-339-6524.

 

Looking forward to hearing from you.

 

Best regards,

Beth

david-shearer
ISC2 Former Staff

 

Hi CraginS,

 

I do my best to keep up with the Community, but I often fall behind due to travel and other commitments. I will take your comments forward to the board. I cannot speak for our Board of Directors, but some things to keep in mind.

 

1. This is not a "members only" community.

2. Our board is a governing board of volunteered Association members.  They're not paid for their service.  They are elected by the membership. I've watched board members since January 2013 juggle their real jobs (i.e., professional life), family & personal life, and participating on the (ISC)2. It's not always easy to do.

I'll have to defer to the board regarding whether monitoring the community would become a requirement. It is not a requirement this point in time. Again, I will take the matter forward.

 

3. We appreciate you expressing concerns about the CPE process.  The Community is supposed to serve as a way of improving us hearing our membership's voice.  Toward this end, if you have time would you mind sharing the specific things about the CPE submission process that displease you. To be action oriented, I want to ensure we look at those concerns against any others we've received.  I'd love to receive the concerns at dshearer@isc2.org to make it easy for me to get the concerns shared with my staff.  Is that acceptable to you?

 

That's all for now.  I wanted to get back to you to let you know I saw you message.

 

Thanks,

David Shearer
| CEO | dshearer@isc2.org | www.isc2.org | iamcybersafe.org |
CraginS
Defender I

@david-shearer

Thank you for the quick and positive response. I do understand that you cannot speak for the Board. You are doing precisely what I had hoped.. carrying my suggestion to them to consider. 

 

The Community site is relatively new and still maturing, so I hope we see it continue to improve in being a significant support and communication mode among all memebrs.

 

Very best regards,

 

Cragin Shelton

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
CraginS
Defender I


@eparedes_214 wrote:

Good morning Dr. Shelton,

 

I would like to offer my assistance to you in your CPE submissions moving forward.  I do understand your frustration, but hopefully I can alleviate some of your challenges by providing some help.  You may contact me at eparedes@isc2.org or at 727-339-6524.

 

Looking forward to hearing from you.

 

Best regards,

Beth


Beth,

Thank you very much for your offer. As it happens my CPE postings are all working just fine. My concern, and that of others like @Shannon, is that the PDF output reports are not properly informative. The reports show the general categroy of each CPE event, but not the specific detail we used to describe what we did. We need that level of detail in teh report to track what is approved agaisnt what we have done. If I take part in several webinars and podcasts in a week, all of them look identical, undifferentiated on the report.

 

Unless the under-the-hood system for the CPE portal is astoundingly different from every database with report-writer system I have ever seen, changing the template for the reports by changing the database fields for the columns should not depend on a total re-work of the entire site. That is our frustration; we keep hearing that fixing ALL of the problems must wait for a major overhaul of the site a year from now. If the CPE portal does not work like a normal database for creating standard reports, please let us all know why and how it is different. We may not like it but we might understand why we keep hearing 'just wait, it will be better in a year' when it was so massively in error when implemented last spring.

 

Thank you very much.

 

Bset regards,

 

Cragin Shelton

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
eparedes_214
ISC2 Team

Hi Dr. Shelton,

 

We recognize that the transcript view is a huge pain point.  It is definitely top of our list to prioritize, and I am hoping that we can do this fix earlier.

 

Please let me know if you want me to pull a better report for you.  I am sure I can do this from the back-end and generate a report that might serve as a better reference for you.

 

Please don't hesitate to let me know how I can help out.  

 

Thanks again!

Beth

denbesten
Community Champion

 

 Beth @eparedes_214,

 

Over the past four months, (ISC)² has shown compassion for member concerns, positive reception to suggestions, and willingness to work around the current CPE portal problems (such as your offer to pull a "special" report for @CraginS). The missing part is visible evidence that improvements are underway.

 

Making a massive change all at once is kinda what got us where we are today. The current plan is to implement another "massive change" in a year. This risks a similar outcome in 2019. Even UAT (User Acceptance Testing) does not solve the very basic problem that if the 2019 version is not "perfect", waiting for the 2020 edition will be even more painful.

I urge you to instead consider smaller, more frequent releases, perhaps fixing one or two things each month.  Frequent releases would go along way to demonstrating (ISC)²'s commitment to the portal improvement and would help build patience as the members see that good things are happening.  I also encourage (ISC)² to maintain a member-visible bug-list including remediation priorities so that we can easily see that progress is being made, even it our individual pet-peeve has not yet been addressed.

 

Those familiar with software development (part of one of the CISSP domains) will recognize that I am advocating replacing the current linear/waterfall development model with a rapid/agile model.

 

There should not be much difficulty starting down the agile path as many of the requests are quick and easy to implement, such as adding "order by begin_date" to the report queries and forcing the "View Transcript" tiles to be 1-up and full width. 

 

As your developers consider improvements to the CPE Portal, I do encourage them to check out DataTables, especially the editor and the export/print extensions. The capabilities offered by this relatively simple module are inspirational.

 

As management considers improvements, I encourage them to consider how CPE rules can be simplified to minimize the overall complexity, such as making multiple certs coterminous and reducing the disparity of reporting requirements for different categories.

 

 

CraginS
Defender I

William  @denbesten is right, In every case of a specific CPE problem raised by a member here, Beth @eparedes_214@ or another staff member has offered personal support That is great, and we all appreciate that level of concern.  Thank you, all.

 

Those of us raising these issues are well aware that the staff who support members directly and interact with us here are highly likely NOT to be in the chain directing the development team responsible for the CPE portal site. But, as the front line group they have to face the members, representing the back office management and (probably contracted) development team. Members like myself and @Shannon  raise the issues here in hopes that our message gets through to the back office management leaders so they understand how significant the problems are.

 

William has good advice to consider modifying the portal maintenance approach. It may not be essential to move from waterfall to Agile development, but it would be great if the change and update requirement list were maintained with two priority scores, one based on criticality of the need and the other on the expected workload needed to incorporate the need. A balance of meeting critical needs as soon as possible and pushing quick and easy ones forward to get the m out of the way can make a huge difference.

 

I will repeat my previous observation that holding all changes for a major overhaul a year or more after initial fielding is not acceptable in the software development industry. 

 

 

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
gthompson
Newcomer II

Hello Mr. Shelton, My name is Greg Thompson, I'm a member of the (ISC)2 board of directors. I've been involved as a volunteer with (ISC)2 for many years, first as a member of the North American Advisory Board, and now I'm in the middle of my second term as a board member. David Shearer passed along your feedback from this forum and I also read his response to you. 

 

David is correct that as board members we often have to juggle multiple responsibilities, but that doesn't mean we can't participate in member forums such as this - after all, we are members first and we have a stake in ensuring the ongoing success of (ISC)2.

 

As a governing board, we don't currently have a mandate to "operationally": monitor the member site per se, but we do have a responsibility as a member of a non-profit board to serve as advocates for the organization's mission - and to this end I think the community forum that (ISC)2 developed provides an excellent opportunity to do just that. So You have my commitment that I will be actively participating in member discussions - as a member first, and as a board member second.

 

Also, the board has a committee responsible to oversee the organization's business practices and while I'm not on this committee, I think the concerns you are raising regarding the CPE process would be something they'd like to hear, and I'm certain David will raise these at our upcoming meeting.

 

Lastly, I'll leave you with some insight into how the board and management work together toward driving member value. This is my personal insight. The board is made up of information security leaders from a broad range of backgrounds (Government, Private sector etc). We are a global group with members from Canada, US, Europe, Asia & Pacific Rim, and so we represent members with varied needs and priorities.

 

Our role is to ensure the CEO has the resources he needs and is capable of executing on our member-centric mission. We take this accountability seriously. We have a very good working relationship with the CEO and his officers and I can tell you that in my time volunteering with the organization, I've seen an amazing positive evolution of the organization and indeed of the board.We meet in person every quarter, the Board Officers meet regularly with the CEO and each committee of the board works toward ensuring the organization is delivering the value that its mission requires. The commitment is a serious one, which requires us to take a great deal of personal time to meet our responsibilities  - and we gladly do it to serve our membership the best we can!

 

I love hearing from fellow members and truly appreciate your feedback!

 

I'm proud of holding my CISSP since 2001 and I'm proud of (ISC)2 for the positive impact it's had on our profession since it was founded in 1989. I know that the organization is thriving and that our membership is stronger now than it's ever been!

 

Best Regards

Greg Thompson CISSP

Member, (ISC)2 Board of Directors and Treasurer of (ISC)2

gthompson@isc2.org

 

 

Shannon
Community Champion

Dear Beth (@eparedes_214),

 

 

The reason I've not pursued this further after you provided a prospective date for the CPE portal fix is that I met the CPE requirements for my current cycle long back, & have not been adding any more / tracking the earlier added ones for quite some time now. (I also maintain a worksheet to track my CPE credits to avoid having to depend on the portal, & have also got membersupport@isc2.org to confirm that my requirements are met and my CPEs valid.)

 

That being said, the portal issues could potentially affect members who have assumed that the system is flawless. 

 

Lets take a hypothetical situation:

 

Jack is a CISSP in the process of accumulating CPEs. He makes use of sources which credit his account automatically as well as others where he adds them manually. After the portal shows that he's met his cycle requirements (120 CPEs), he stops adding CPEs or tracking them. When the new cycle begins, he pays the AMF and expects to start again. Then he happens to be selected for an audit, and it's found that he has 10 duplicate CPEs --- 6 added automatically & 4 manually --- so he falls short of the CPE cycle requirements.

 

What will be the result of this? Will (ISC)2 revoke his certificate or make an exception? And if an exception is made, will it apply to all the duplicated CPEs or just the 6 that were automatically added? (Take the manually added duplicate CPES to be the result of him not being able to track them easily)

 

As @CraginS said, the CPE portal issues should be prioritized, and addressed before the expected site revamp in 2019. While we truly appreciate the support we've been getting, the root cause of the problem will have to be tackled...

 

 

Best regards,

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz