cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mencik
Contributor III

Petition to be on the Ballot for the 2022 ISC2 Board of Directors Election

Myself, Diana Contesti, and Richard Nealon are all trying to get onto the ballot for the upcoming ISC2 Board of Directors Election and need your support. For information about us and how you can help, see:

 

Stephen Mencik petition
Diana Contesti petition

Richard Nealon petition

 

Thanks for your support.

 

Stephen Mencik
CISSP, ISSEP, ISSAP

61 Replies
denbesten
Community Champion

I post to suggest extending your platform to encourage future independent candidates by simplify/improve the petition process.  Today's process has the following problems:

 

  • Members need to disclose "non-public" information to the candidates -- their email address and member id. 
  • Candidates have a highly burdensome data collection and organization effort.
  • (ISC)² must extend a significant effort to audit ad-hoc data.
  • There is no apparent mechanism for members nor candidates to become aware of nor to fix any data defects.
  • An unethical candidate could use information collected in a prior year to forge endorsements.

A little bit of help from (ISC)² would go a long way towards simplifying the entire process. Imagine, for example, that it were possible for Stephen to advertise a link "https://isc2.org/dashboard/iendorse?email=steve@mencik.com" that upon member click:

  1. Authenticates the member via login to the member-dashboard.
  2. Validates the member is in good standing.
  3. Validates the candidate is in good standing.
  4. Prompts the member to confirm their endorsement.
  5. Records the endorsement in a database.
  6. Emails both the member and the candidate at their "email of record" to memorialize the event.

If something like this were implemented, workload disappears for just about everyone, including the (ISC)² auditor.

wimremes
Contributor III

Discussions 


@denbesten wrote:

I post to suggest extending your platform to encourage future independent candidates by simplify/improve the petition process.  Today's process has the following problems:

 

  • Members need to disclose "non-public" information to the candidates -- their email address and member id. 
  • Candidates have a highly burdensome data collection and organization effort.
  • (ISC)² must extend a significant effort to audit ad-hoc data.
  • There is no apparent mechanism for members nor candidates to become aware of nor to fix any data defects.
  • An unethical candidate could use information collected in a prior year to forge endorsements.

A little bit of help from (ISC)² would go a long way towards simplifying the entire process. Imagine, for example, that it were possible for Stephen to advertise a link "https://isc2.org/dashboard/iendorse?email=steve@mencik.com" that upon member click:

  1. Authenticates the member via login to the member-dashboard.
  2. Validates the member is in good standing.
  3. Validates the candidate is in good standing.
  4. Prompts the member to confirm their endorsement.
  5. Records the endorsement in a database.
  6. Emails both the member and the candidate at their "email of record" to memorialize the event.

If something like this were implemented, workload disappears for just about everyone, including the (ISC)² auditor.


Discussions about this has been had before but given that petitions, by design, challenge the organization and its board any failures in the process could be seen as obstruction by the organization (or the board). I personally like the self-nomination process but I specifically did not follow it this year because I felt the Board was not ready for that challenge. When I was on the board we gradually opened up nominations and the influx of candidacies was a real challenge. Fully open nominations were 100% going to be a disaster, especially with a Board that has not met in person for quite some time. 

 

I like the suggestion of some kind of button as a core functionality of member profiles. Especially because petitions aren't just meant for elections but also to bring items onto the board's agenda. I think this can be considered as part of involving the membership more in the Board's decision making.

 

I have endorsed the other petitioners' candidacies. It's going to be a tall order to add even one candidate to the slate but I am hopeful that we can do it!



Sic semper tyrannis.
denbesten
Community Champion


@wimremes wrote:

@denbesten wrote:

...simplify/improve the petition process....


Discussions about this has been had before but given that petitions, by design, challenge the organization and its board any failures in the process could be seen as obstruction by the organization (or the board). I personally like the self-nomination process but I specifically did not follow it this year because I felt the Board was not ready for that challenge. When I was on the board we gradually opened up nominations and the influx of candidacies was a real challenge. Fully open nominations were 100% going to be a disaster, especially with a Board that has not met in person for quite some time. 

 

I like the suggestion of some kind of button as a core functionality of member profiles.


So, something reminiscent of We the People. I felt that was a great attempt at engaging the constituents.  I especially like the thought that issues generating enough buzz deserves a bit of Board attention and a response of some sort ... even if just "we are aware of the issue, but can not comment on ongoing personnel/legal matters".  And just like We the People, the thresholds can be tweaked over time to ensure a steady stream without a flood.


Allowing ourselves to stop because "...failures ... could be seen as obstruction..."  would be "allowing perfect to become the enemy of good".  The way to avoid this is building (earning) trust.  Trust builds tolerance; lack of trust builds conspiracy theories.  In this case, one first builds in audit evidence (emailing both parties, showing on-going tallies, etc) so that failures become obvious with a focus on data preservation.  Then, when problems do occur, be transparent -- both in reporting the problem and in explaining the mitigation along with any lingering impact. 

 

Nothing really specific with (ISC)² here.  This is just fault-tolerant product design and a customer-focused approach.  

wimremes
Contributor III

Yeah, and the Bylaws provide for that with the petition process for elections and bringing items to the board. Arguably, 500 member votes in an organization that has 150.000 members should be seen as relatively low. 0.33% is virtually nothing. It's extremely hard to gather those 500 member votes though.

 

That speaks more to the engagement and actual involvement of the membership than to the efficiency/transparency of the defined processes.

 

I'd say that member engagement should be a high priority for the board on an ongoing basis. An organization with 150k members where less than 2% actually give a sh*t is dysfunctional and requires significant introspection.

 

 

 



Sic semper tyrannis.
mencik
Contributor III

@wimremes @dcontesti 

 

Screenshot 2022-08-15 211256.jpg

 

Even though the above is on the Election FAQ, per Graham Jackson, General Counsel and Corporate Secretary of ISC2 (see email below), the organization will not send an email on our behalf. Note that the referenced date of August 3, 2022 is long after the election process started. In other words, the ISC2 Organization decided to change the rules in mid-stream. At the very least, that is not fair. Also note that 85 people nominated to be on the Board of Directors. Yet, only 5 were chosen for the 5 vacant slots. This means the Nominating Committee/Board of Directors never had any intention of this being an open and fair election. I can't believe there were not at least 5 additional qualified candidates out of the other 80. What this means is that the Nominating Committee/Board of Directors decided to hold the election with themselves as the only voters and then ask the membership to ratify their decision. That is wrong and unethical.

Every member of the current Board that voted for this has violated the Code of Ethics and should resign immediately. Oh yeah, it was stated this was unanimous. Even the incumbent selected did not recuse (at least it was not noted). Specifically, the first 3 Canons of the Code of Ethics were violated:

  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Act honorably, honestly, justly, responsibly, and legally.
  • Provide diligent and competent service to principals.

I contend their actions of not nominating more than 5 people and changing the rules in mid-stream, and then refusing to discuss any of this, despite multiple complaints, violates those areas I have highlighted.

I suggest the Board resign in total, and the 85 names be presented to the membership to choose 13 replacement Board Members. 

 

Email from Graham Jackson in response to our request to have ISC2 send an email on our behalf.

 

Dear Diana, Richard and Stephen,

 

Thank you for reaching out regarding the (ISC)2 petition process.  As noted in our August 3, 2022, email, (ISC)2 will not email on behalf of petitioners. 

 

In 2021, the (ISC)2 Board embarked on a review of the organization’s nominations, governance, and committee structure practices to ensure that we are creating an inclusive organization that is well poised to serve the needs of the profession into the future. The Board has compared current practices to those of similar global associations, as well as discussed and debated practices in two member-led taskforces. As a result, several recommended improvements were submitted to the full board for consideration, including changes to create a more inclusive board nominations process by hosting an open call for nominations with all (ISC)2 members. The Board approved this recommendation and more than 85 members took advantage of the new open call, which was followed by a rigorous review and interview process. 

 

I appreciate you pointing out the language in the FAQ. The correct instructions were included in the August 3 message to the members announcing the 2023 (ISC)2 Board Slate. I will ensure that information is corrected, and I apologize for the confusion.  

 

More information will be forthcoming regarding governance changes in keeping with our commitment to transparency. Please keep a look out for more details.   

 

Kind regards,

 

Graham

 

Graham Jackson
General Counsel & Corporate Secretary

(ISC)², Inc.
311 Park Place Boulevard, Suite 400
Clearwater, FL 33759
United States 

Office:    +1 (727) 683-0771 


www.isc2.org | gjackson@isc2.org

 

dcontesti
Community Champion

@TrickyDicky @mencik @wimremes 

 

I do not believe the Board is acting ethically nor potentially working within the guidelines of the Articles of Incorporation.  The rules of the game seem to keep changing as if to suit them.

 

Even if the changes were planned, they should have been announced from DAY 1.  This is a sign of sloppy management of processes and playing catch up.

 

I also cannot fathom that 85 people submitted their names for consideration and the best the board could do was to present 4 new people and 1 current board member.

 

(ISC)2 is becoming an organization that puts out paper certificates that may not be worth the paper they are printed on.

 

This organization is acting in poor faith.  We will speak out of both sides of our mouths and NO ONE will notice.

 

Someone said it best "A CROCK OF XXXX"

 

wimremes
Contributor III

As I have mentioned to others before, the actions of the board (and now management) throughout this year's election at least appear to be contrary to its responsibilities under both ANSI27024 guidelines and IRS 501c regulations.

 

ISC2's Board and Management have no intention to hold a fair election this year. 

 

At this point I do not care about the success of my petition a single bit. I believe the current BoD, as a whole, should resign and be charged with Code of Ethics violations.

 

Obviously, Ethics complaints are outside the realm of possibilities because the current BoD *is* the Ethics committee. Even if they wanted to consider the complaints, the committee wouldn't be able to do it as the committee members that are Board members would have to recuse themselves, removing quorum. I rarely assume malice but all of this is shaping up to be a well thought out plan being years in the making.

 

Thank you Zachary Tudor for leading OUR organization to the lowest of lows. I expected nothing less from you.



Sic semper tyrannis.
JoePete
Advocate I


@mencik wrote:


Every member of the current Board that voted for this has violated the Code of Ethics and should resign immediately.

 


That may be a little over the top. I agree there is an incongruity between how this process is proceeding and the way it should be handled under law, bylaw, and the standards for rules of order. The core issues of election and so forth are contained in bylaws - something only amendable by a two-thirds majority vote of the members. A @GJackson apparently wrote to you:

 

The Board has compared current practices to those of similar global associations, as well as discussed and debated practices in two member-led taskforces.


The board took it upon themselves to change the process. I'm not sure I would call that unethical as much as misdirected. The product of the board's research and its subcommittees should have been put into a document, shared with the members, and produced some recommended bylaw changes. While in their current state the bylaws are so poorly worded that they permit a process where the board could basically declare no elections (because they could simply reduce the size of the board by one-third of the current seats) to open write-ins (because the bylaws permit that too). 

 

But I am really curious what other global associations the board studied. I've never come across a member association or the like that has a board design and election like this. This kind of design where the board essentially picks itself and its successors is something you usually see in structures where there is a huge disparity in equity among membership (e.g., you have a single founder who most of the shares). Those with the equity want to preserve or preserve the direction. However, we're a much different animal (150,000 peers).

mencik
Contributor III

I see the Election FAQ has now been updated to remove the statement about sending an email on behalf of a petitioner. It is a good thing that we have time-stamped screenshots.

 

Why is it that such action can be completed so swiftly, when all of the concerns raised in this and other threads go ignored? This is exactly the lack of transparency that we the members have been complaining about. The message being sent to the membership is, "We don't care about your concerns. Just send us a check every year."