cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mencik
Contributor III

Petition to be on the Ballot for the 2022 ISC2 Board of Directors Election

Myself, Diana Contesti, and Richard Nealon are all trying to get onto the ballot for the upcoming ISC2 Board of Directors Election and need your support. For information about us and how you can help, see:

 

Stephen Mencik petition
Diana Contesti petition

Richard Nealon petition

 

Thanks for your support.

 

Stephen Mencik
CISSP, ISSEP, ISSAP

61 Replies
dcontesti
Community Champion

So a little history here:

 

Both Wim Remes and I (Diana Contesti) were past-chairs of the board but yet neither one of us seem to be qualified in the eyes of the existing board to be members or even considered for the ballot.

 

Richard Nealon also petitioning, was Secretary for the organization and chaired numerous committees.

 

My two cents:

 

Each chair should build and improve on what past chairs have put in place, this was the case with Pat Myers who followed Jim Wade.  They looked at processes and tried to make them better.  I did the same and so did Wim.  No process is perfect out the door.

 

However I wonder what the five candidates bring to the floor that two past chairs cannot????? Maybe some politicks going on????

wimremes
Contributor III

Just for transparency, I did not partake in the self-nomination process.

 

I had several reasons for this, the main one being that I did not believe that the board had the capacity and resources to handle dozens of self-nominations, especially given the very short timeline. I did start the process but, if my memory serves me well, I stopped after the first few pages of questions did not even start to touch on a candidates capabilities to serve on the board.

 

I definitely wasn't wrong about my main reason. The board selected 5 candidates for 5 positions out of 85 submissions. It feels like they ran a hiring process more than a nomination process. They "hired" for who fits in their image of a board member and denied the membership choice. 

 

I know it doesn't mean anything to them but I can't even start to explain how disappointed I am in the people I once considered my peers. Some of them even my mentors.

 

Maybe I am most disappointed in myself for not ensuring that the membership would have the tools to recall a board that has forgotten who they serve.

 



Sic semper tyrannis.
Peter
Newcomer I

Given ISC2 is the Trump Tower of the security world, that tells me they think they have a 98% approval rating due to the silent majority.

Peter Hillier, CD, CISSP,
ISO 27001 LA
President, Co-Founder
www.ssenggroup.com


wimremes
Contributor III

@Peter while nothing about this should be surprising, I'm looking at a Board that I served on until 4 years ago (I rolled off at the end of 2018 due to term limits) and that was set up for success. With that I mean:

  • We had implemented term limits
  • We had a framework to renumerate the CEO not solely on financial goals but also on impact to the membership (I negotiated CEO contracts twice as Chair of the Board)
  • We had a product management framework to continuously assess the performance of certifications
  • We had a dedicated, independent, and performant Ethics Committee that wasn't "aligned" with the Board

What I am witnessing right now is very disconcerting. I'm seeing people that were part of the Board the first few years of my service (Houser, Melnick, Slay) and people that I worked with at the tail end of my service (Tudor, O'Neill, Friedman) to establish all of the above throw all of these things out and seemingly delegating to management fully.

 

At this point all I can assume is that the new CEO is much stronger than the combined capability of the Board at running a business and applies their understanding of certifying CPAs to our profession. It's extremely saddening to observe. The Board has allowed our association to be ripped from our hands and doesn't even realize it.



Sic semper tyrannis.
JoePete
Advocate I

@wimremes Thanks for the background and your viewpoint. In my experience, I think many industries have this struggle between boards and management. To me, it gets back to governance. You need to draw the lines of responsibility. Every board is bestowed with both strategic and executive power to start. Through bylaws, and policy they delegate out some of that executive authority to officers, employees, committees and so forth. Ultimately, though, the board is at the top of the food chain.

 

Good executives, however, know how to drive a board. That's not a bad thing. As I am sure you experienced, board members move in through a revolving door with a range of experience, capabilities, and agendas. A good manager knows how to focus a board. But again, it's done through governance. Good policy from the board sets a template for decision making and allows that continuity from board to board. That's not to say a successive board can't change the parameters set by a prior board (or even the policy), but a well written policy off the bat identifies the key metrics and steps. A new homeowner can change the paint color, windows, etc., but they likely working within the walls and footprint. Only in the most dire situation do you bulldoze the house  and rebuild.

 

Honestly, I don't think the (ISC)2 membership is so engaged that we can act on these issues. Personally, I am not in a position to pass judgment on the current board or management. I do surmise, from a lifetime of experience, that we seem a little top-heavy on management for a member association with very limited infrastructure. But one of the challenges for organizations, especially in the face of board turnover, is that management ends up being more stable than the board. Whether intended or not, management starts being the keeper of vision and continuity. What's usually around the corner is dysfunction as management starts doing the board's job (maybe because the board doesn't know its job), and boards start poking their nose into operational issues because that's what gets people's (and those who elect them) attention.

 

It does seem a crucial time and thanks for shedding light on these crucial issues.

ericgeater
Community Champion

You're stating concerns that you believe affect the membership at large, and I completely agree that terms like transparency and ethics tend to arouse an alignment within a group who are, shall we say, innately aware of the importance of clear, just, unbiased leadership.

 

I think your campaign would greatly benefit from succinctly hearing exactly how your concerns would benefit me as a member.  Because, at this point, I'm only aware that there's a beef (or cause célèbre, or struggle, or what have you) with an organization who -- like any other organization -- has the express right to establish its governance as its leadership sees fit.

--
"A claim is as good as its veracity."
mencik
Contributor III


@ericgeater wrote:

You're stating concerns that you believe affect the membership at large, and I completely agree that terms like transparency and ethics tend to arouse an alignment within a group who are, shall we say, innately aware of the importance of clear, just, unbiased leadership.

 

I think your campaign would greatly benefit from succinctly hearing exactly how your concerns would benefit me as a member.  Because, at this point, I'm only aware that there's a beef (or cause célèbre, or struggle, or what have you) with an organization who -- like any other organization -- has the express right to establish its governance as its leadership sees fit.


Do you have any idea what is discussed at Board meetings? I don't, and meeting minutes are kept secret.

 

Do you have any interaction with the Board to suggest programs that might be of value or just to ask questions about specific policies? Have you ever received a reply from any Board member? I have not.

 

Did you know that the Organization has a policy of not disclosing the policy statements they have to the membership? That's what I have been told.

 

Do you realize that 85 people were nominated for this year's Board election and only 5 were selected to be on the ballot? Did you know there were 5 positions up for election? That means that we are not allowed to vote on who we want to be on the Board, we only get to affirm the choices the existing Board made for us.

 

With all of those concerns, how do we know where our money is really being spent? Is it worth having a CEO that makes over $1 million per year, or a General Counsel that makes over $350 thousand? Maybe, but I don't know. Do we know that the expenditures that are reported are correct?

 

Honestly, I don't get any benefit from this organization other than having a ticket punched for my job. But I am trying to get involved in order to find out what is going on behind the scenes and see what can be done more for existing members, rather than just selling training and exam seats. 

All I want is to see the Board add 5 more names from the 80 nominees not selected, and give the membership a true choice. I'm sure there are at least 5 of those 80  that are more than qualified. I will not be upset if I am not one of those 5. We deserve choices.

gidyn
Contributor III

I can buy from Walmart without the foggiest idea or care of how they're governed. That's how the overwhelming majority of "members" view ISC2. Not as a membership organisation, but a certification vendor.
wimremes
Contributor III


@ericgeater wrote:

You're stating concerns that you believe affect the membership at large, and I completely agree that terms like transparency and ethics tend to arouse an alignment within a group who are, shall we say, innately aware of the importance of clear, just, unbiased leadership.

 

I think your campaign would greatly benefit from succinctly hearing exactly how your concerns would benefit me as a member.  Because, at this point, I'm only aware that there's a beef (or cause célèbre, or struggle, or what have you) with an organization who -- like any other organization -- has the express right to establish its governance as its leadership sees fit.


Eric,

 

You make good points. Personally I have elaborated on many of these things at https://www.be-represented.org

 

To your direct question, I think we are at a crucial time for our profession. We are seeing fragmented debates about licensure across the globe. There are concerning examples from Australia, Singapore, Japan, the UK, the US, and many other countries. There is a documented workforce shortage in our industry. Organizations and individuals around the world are continuously hammered with devastating ransomware attacks.

 

The association operates globally as a 501c6 expressly to protect our shared interests as security professionals and, as its Bylaws state, to deliver value to society. 

 

I may not be fully aligned with the other petitioners and might ask questions differently but at the core we as members deserve to be informed about how (ISC)2 is applying its funds to protect our shared interests and to deliver value to society. 

 

I disagree with your assessment that (ISC)2 has the express right to establish its governance as its leadership sees fit. The articles of incorporation, the association's Bylaws, its 501c6 status, and its certifications' ISO17024 significantly restrict what its leadership can do. Changes to the Bylaws can only be implemented after approval by the membership. This is primarily where the Board, over the past 3 years, has changed its approach. When I was on the Board, and I believe the same goes for @dcontesti and @TrickyDicky , we understood that the Bylaws were written succinctly and quite openly. It was our policy to take a very conservative reading of the Bylaws. Most recently the Board seems to have reversed that and it currently applies a very liberal reading of the Bylaws. Running a slate with only 5 candidates for 5 open seats is an example of that. It is not strictly against the Bylaws but it is definitely against the spirit of the Bylaws. This also goes for the composition of the Ethics committee and the merging of the Ethics and the Bylaws committee. These are 3 governance actions that are questionable at best considering all limiting factors mentioned above. If the association continues on this path, ISO17024 accreditation and 501c6 status may even be impacted.

 

The Board overseeing the CEO should ensure that the organization focuses on its 2 stated reasons for existence. 

 

As a member, or generally as a security professional, you would greatly benefit from an association that finds its focus back, that is committed and involved on furthering our profession and not just by giving away 1 million free entry level certifications but by actively helping politics and society globally understand what they can expect from a security professional and how to recognize professionals from amateurs. Not to mention providing society information, insight, and tools that help to protect itself.

 

All that said, (ISC)2's Board is supposed to be elected by its membership. The upcoming election, if no petitions are successful, is just a confirmation of the Board's will. It's counter to anything we should reasonable expect from a representative Board, to the basics of the association's 501c6 status, and to the association's claims on its Form 990 submissions. 



Sic semper tyrannis.
wimremes
Contributor III


@gidyn wrote:
I can buy from Walmart without the foggiest idea or care of how they're governed. That's how the overwhelming majority of "members" view ISC2. Not as a membership organisation, but a certification vendor.

I think that is a fair assessment but then I'd argue that the association can do what the members expect from it for much less than $18,75 million per year.



Sic semper tyrannis.