Ok Wim that was an intense set of questions. But here is my pass at answering them. Invite other candidates to offer their point of view.
1/ challenges for the profession over the next 5 years
While we could discuss the evolution of the threat landscape and security vendors tools and techniques to respond, I think the most difficult challenge will be around the evolution of the security role in an organization. We need to support our community as our scope of practice becomes increasingly recognized as strategic risk for companies leading to higher visibility and expectations of the security practitioner’s role. Security professionals have to be groomed to become executives who can combine understanding of the security tools and techniques with the ability to develop, communicate and execute a security strategy.
2/ In a cybersecurity training and certification market that is exploding and flooded with high price/low quality solutions, how can ISC2 ensure that its services and certifications stand out?
On a fundamental level, we need to create more value through the life cycle of our cert so that the CISO recognizes that value as a part of his/her core continuing education program. When we create that value story, the CISO will support their team's efforts to get and stay certified. Additionally, we need creative marketing and PR programs that target CIOs, CISOs and other business executives that directly engage or hire security professionals. Finally, we should continue to work with large hiring organizations, e.g. governments, to include our certs as hiring criteria.
3/ Why should the membership trust you with their vote?
While you didn’t mention my name Wim, we served together, and I hope you would agree in my time on the Board, I fought for positive change and always tried to do the right thing. My executive level experience with Boards, as well as my experience starting and running security companies also gives me a different field of view around governance and how to drive change. Most importantly, this profession has provided me with so much. Since selling my company (Weblife) to Proofpoint in 2017, my focus has changed to how I can give back to this community that has given me so much.
4/ I'm disappointed that this years slate is lacking diversity on almost every axis. What are your plans to make ISC2 as an organization more representative of the membership it supports?
This is always a tough question, as change is difficult. We live in a time when it appears that isolationism and xenophobia are on the rise. I have been and continue to be a globalist who recognizes the incredible value of different points of views. As an organization we need to cultivate different points of view, different ideas, folks with different backgrounds and different ways of looking at problems as it will make us stronger, more creative, more innovative and just better.
5/ What are the three things that you’d want to get done if you were elected?
- Drive strong governance at the Board level to ensure we work with management to drive an intentional 3- and 5-year strategy, and continue the process of institutionalizing governance practices like transparency
- Strike a balance in our strategic goals between driving big ideas for the profession and ensuring management has the resources and focus on blocking and tackling issues like basic services for our members
- Seek to cultivate, mentor and bring into the process our next generation of leaders to drive our community forward
