Board Elections

You Control the Future

The (ISC)² Board Election is conducted over the course of two weeks each year. All members in good standing as of the date specified in the notice may vote in the election. The Board puts forth several recommended candidates each year, and members in good standing as of the date specified may petition to have their names added to the ballot.

The (ISC)² Board Election is now closed! Thank you to all who voted!

There were FOUR board seats open this year. The candidates below received the endorsement of the entire Board of Directors.

Click on the Board Slate below to read candidate bios and learn what they would like to do as members of the (ISC)² Board.

Board Slate

Board Slate Candidates

Gabriel Alexander Bergel, CISSP
Country/Region: Chile
(ISC)² Certified Since: 2006
Twitter: @gbergel | LinkedIn: https://www.linkedin.com/in/gabrielbergel

Experience in Business Strategy

For years, I have been in charge of the strategic planning of the units that I lead in my previous jobs as CISO. I am referring mainly to the areas of cybersecurity. And currently, I have seven years of experience as the founder, organizer and CEO of the 8.8 Computer Security Conference, where one of my main functions is strategic planning. Furthermore, since last year in Dreamlab Technologies as the CSO, I am responsible for the strategic planning of the company, PR and strategic alliances.

Education

Computer System Engineer since 2002
CISSP certified by (ISC)² since 2006
ISO 27001 Lead Auditor certified by BSI since 2007
DRI CBCP certified since 2009
CISM certified by ISACA since June 2010
C|CISO certified by EC-Council since February 2013
Management Skills and Business Leadership postgrade 2013-2014
Masters in Cybersecurity in the IMF Business School and the University Camilo José Cela (Spain) 2016-present

Industry Board Experience

I was President (and founder) of the (ISC)² Chile chapter (2012-2016). During my tenure, we managed to attract the community, and we gathered 40 signatures to start the chapter in 2012. Since that date, we have stayed active by giving talks for the members, giving safety talks in the schools, reviewing scholarships of the different programs, translating the Safe and Secure Online material into Spanish and our main achievement was to successfully hold SecureChile, the 1st secure event in Chile and the 1st secure event in Spanish in South America. I am currently the vice president of the (ISC)² Chile chapter (2016-present). I was also president (and founder) of the ISSA Chile chapter (2010-2016). While serving in that role, our main achievement was to make the international organization well known, attract members, obtain legal personality, give talks, organize events and create BD of more than 100 partners. Through the (ISC)² Latin America Advisory Council (LAAC) (2011 - present), I achieved the confidence and support of (ISC)² to hold Secure Chile. I was also founder and CEO of the 8.8 Computer Security Conference (2011 - present). In 2011, we held the first hacker conference (technical, non-commercial) in Chile, with the main objective of sharing knowledge, research and experiences in a relaxed and comfortable environment. Every year, we bring together world-renowned hackers who reveal the latest hacking techniques, the vulnerabilities of new technologies and the most effective methods to repel these IT attacks. It is worth highlighting that we are a nonprofit company, and after six years, we have positioned ourselves as the 2nd most popular security conference in Latin America (Concise).

Skills & Expertise

I consider myself a natural leader, and I usually achieve the goals that I set. I am a very proactive, motivated, ambitious, committed, responsible and self-critical person. I feel that my experience in the formation of the Chilean chapters of ISSA and (ISC)2 gives me an in-depth knowledge of the idiosyncrasies of the Chilean and South American professionals, as well as the strategies and techniques necessary to achieve the objectives that we set out as an organization. All my work and time invested in the community through the leadership of the ISSA and (ISC)2 chapters and as founder of the 8.8 has made me a very popular person in the Latin American information security community, and the opportunity to be able to represent them on the board motivates me very much.

Goals & Objectives

I am interested in serving the board so that they can better understand the Latin American culture. Jointly, we would design a strategy to bring (ISC)² closer to the Latin American community. Even though the organization is known in the region, mainly due to its certifications, a lack of full knowledge of the organization and its main pillars exists. One of my objectives is to get the professionals to be keen again, and to ensure that they get actively integrated into the organization as members. I would also like to increase the development of the certifications and have a larger presence in our region. Since I understand that there are only approximately 1,300 members in Latin Americas against 85,000 in the U.S. alone, I think my main contribution is in line with the number of members in Latin America. I would like to lead the development of the members with the integration of the chapters in our region, while also expanding the number of members with the support of the business area of (ISC)². I would also like to lead the Safe and Secure Online program for Latin America.

(ISC)² Strategic Contributions

I want to see the number of members in our region increase significantly, seeking to reach the number of members in other regions such as Asia-Pacific. I would like to see more material, programs and events in Spanish, so that the region takes a quantitative and qualitative leap in relation to information security. In my opinion, despite agreeing that English is a more important and universal language, the only way to get closer to the Latin community is to use the language spoken in the region. In fact, I consider that to hold the LATAM congress in Brazil in Portuguese has contributed to the low participation of the rest of the Latin community (who all speak Spanish).

Regional & Cultural Perspectives

I can bring to the board all my experience gained when putting together the local chapters of (ISC)² and ISSA as well as when I created the 8.8 conference. It was hard and arduous work, but it was worth it. Today I consider that I have a broad base of lessons learned, critical factors of success and characteristics of the Latin American culture. Without this knowledge, it is very difficult to approach the Latin American culture. I have had the opportunity to work on projects, give courses and talks in most of the countries throughout Latin America, and at present in my company, we are a team formed by colleagues from different countries in Latin America and Europe.

Professional Recognition

(ISC)² Volunteer 2015 Premio Alumni Ingenierías 2015 description of the acknowledgment http://premiosalumni.unab.cl https://www.facebook.com/AlumniUNAB/?fref=ts

I have been recognized by the media as one of the most renowned security professionals in Latin America http://securityaffairs.co/wordpress/54225/hacking/hacker-interviews-gabriel-bergel.html

Speaker at various local and international security and hacking conferences, such as:

Segurinfo Chile, Novared Security Workshop (Chile)
ESET Security Day, FIDAE (Chile)
Seminario de Riesgos en Banca Electrónica y Canales Alternos (Chile and Peru)
Cyber Security Banking (Peru)
8.8 Bolivia, Lima Hack (Peru)
Congreso of the UNAM (Mexico)
DragonJar (Colombia)
Seminario Mind The Gap, SBIF (Chile)
Andsec (Argentina)
Foro Latinoamericano de Medios de Pago (Colombia)
Patagonia Hacking (Chile)
Congreso Internacional de Ciberseguridad Industrial (Chile)
Campus Party Sao Paulo (Brasil)
MoscowC0n (Rusia)
PHD (Rusia)

Some TV and news appearances:

Cyberwar https://youtu.be/_OIdogrtNCU CSA https://youtu.be/hi5_BeaJIGA

¿Cómo son los hackers chilenos? - El Interruptor - VIA X https://youtu.be/vvZFCUU26xY

CIA and Car Hacking https://actualidad.rt.com/video/233610-cia-recurrir-sistemas-inalambricos-controlar-coches

Information Security Experience

I have had the opportunity to work in large multinational companies leading information security. I’ll highlight the work I’ve done in Unimarc (the 3rd largest retailer in Chile), where I had the mission of arming the area from scratch, hiring people, developing policies, buying all the necessary security technology, defining the architecture and finally managing to integrate more than 21 supermarket chains in a safe and technologically controlled way. Currently, I work at Dreamlab Technologies Chile, which is my own company (partner). After serving as the director of professional services, I am now the CSO. As CSO, I’m in charge of defining the strategy that allows us to reach the goals defined by the parent company (Switzerland), PR and company representative at international conferences, and defining strategic alliances. For the past year, I have also been the chief security ambassador (CSA) at Eleven Paths (Cybersecurity Brand of Telefónica). They offered me this position based on my knowledge of the region and my recognition in the community. Furthermore, I am the CEO of 8.8, the coordinator of the CCI (Center of Industrial Cybersecurity of Spain), and an information security teacher at the Andrés Bello University.

Leadership/Management Experience

I have had the opportunity to lead and manage areas of information security by developing important projects such as Unimarc and Transbank (the only acquirer in chile). I also led the creation of the Chilean chapter of (ISC)² and I was part of the board that created the Chilean chapter of ISSA. I am the founder, organizer and CEO of 8.8 (www.8dot8.org). Two years ago, we created the CISO Club, which gathers more than 60 CISOs from large companies bi-monthly to share successes, projects and research. Last year, we also created the 8.8 Junior – a security conference that orients young students. Last year, we had 400 students from different schools in Santiago. Finally, I was part of the board that created Bsides Chile, which we then transferred to a group of colleagues.

Volunteer Experience

My main job as a volunteer has been with (ISC)² and ISSA where I have spent a lot of time forming the local chapters and keeping them active. For the past six years, I have been part of the (ISC)² Latin America Advisory Council. I am passionate about giving safety talks in schools and I do them ad honorem. Monthly, I contribute financially to the Rose Foundation (which cares for the elderly), the Down Foundation (children with Down's syndrome), Firemen of Chile (volunteers) and annually to the Teletón (foundation that rehabilitates people with disabilities).

Biljana Cerin, CISSP
Country/Region: Croatia
(ISC)² Certified Since: 2013
LinkedIn: https://www.linkedin.com/in/biljanacerin

Experience in Business Strategy

I am director of Ostendo Consulting, a company founded 2011 in London, UK and Zagreb, Croatia, where I am responsible for providing information security and risk management, IT governance, audit and compliance related services for clients operating in complex, highly regulated environments. I have 17+ years’ experience in leading many successful projects in financial, telecommunication, government, oil and gas, energy, biotechnology, higher education and IT services sectors worldwide. My primary focus is taking responsibility for the smooth execution of consulting projects and services, ensuring high quality of services delivery, achievement of visible results and exceeding of stakeholders’ expectations. I am closely liaising with CEOs, CIOs, CISOs and responsible board members in deciding how to most efficiently incorporate good information security and risk management practices in accordance with the business, legal and regulatory requirements (such as EU GDPR, HIPAA, EU GMP Annex 11, PCI DSS, ISO 27001), while leveraging existing resources, processes and technologies. Besides taking responsibility for consulting business development, my team has invested its experience, expertise and funds into an innovative solution for electronic delivery of payment card PINs, which was selected by UBS, the leading Swiss bank, as one of the regional finalists of the global Fintech “Future of Finance Challenge”. The competition involved over 700 FinTech companies worldwide. This is now PINswift, operating as an Ostendo Consulting's brand specialized for Fintech solutions. Before starting Ostendo Consulting, I was manager of the Business Applications business unit at leading European IT services and solutions provider, S&T, and business development manager responsible for growing its Governance, Risk and Compliance services. I won the “S&T Extra Mile Award” as a recognition for my professional achievements.

Education

I earned my Master of Computing from the Faculty of Electrical Engineering and Computing, Zagreb, Croatia. I’m currently enrolled in PhD studies at the faculty of organization and informatics in Croatia, with major in information risk management. Besides CISSP, I hold CISA, CISM, CGEIT, CBCP, PMP professional certifications and ISO 27001 and 9001 Lead Auditor certificates.

Industry Board Experience

I have served as president of the (ISC)² Croatia Chapter since November 2014 Since its formation, the chapter has experienced rapid growth and recognition in the Croatian information security community, as well as in surrounding countries. Besides serving as chapter president, I am also a member of (ISC)² Scholarship Committee and (ISC)² Chapter Governance Committee. I have participated in the following industry organizations and initiatives: ISACA EuroCACS/ISRM 2013 London Conference Program Task Force, ISACA EuroCACS/ISRM 2012 Munich Conference Program Task Force and ISACA ISRM North America and Europe 2011 Conference Program Task Force, where I contributed to the speakers’ selection and program development. In HZN-Croatian Standardization Body, as a member of international standards adoption working group, I initialized and justified the reasons for the prioritized adoption of the ISO 27001 and 27002 international standards as Croatian standards. As a founder of the InfoSeCon association Croatia, I organized the first international information security conference in Croatia, InfoSeCon, which brought together over 30 of the most recognized industry experts as independent speakers and over 200 attendees to share top-notch knowledge with the Croatian information security community.

Skills & Expertise

I have strong expertise in making connections between the professional information security community and organizations that I believe can support its growth and recognition, such as Chambers of Commerce, leading universities, embassies and other professional bodies which (ISC)² can benefit from cooperating with. I have established good connections with leading regional media and am able to clearly formulate messages that are important for gaining stronger recognition in the community, while also ensuring we as professionals give back to the people we live and work with. My colleagues often describe me as a positive, proactive person with a strong ability to motivate others in achieving set objectives.

Goals & Objectives

I would like to lead (ISC)² initiatives in having a stronger presence outside the information security community, since I believe knowing and understanding people coming from other professional fields is important for successful growth of our field as well. Most specifically, I would like to see greater involvement of (ISC)² with young people at the moment when they choose their career path, at the end of high school or at first university years. We all experience a lack of professionals in this important field, and I believe that with right strategy and initiatives, we can make young people recognize the beauty of our profession and see themselves as part of it, especially for women, as they are often hesitant to enter the field. One important part of my efforts will be to emphasize the importance of having more women in information security and bringing this profession closer to them. As a result of my initiatives in this domain, in 2016, I was included in the list of the Top 50 Women in ICT in Croatia. I believe there is much more that can be done in this field, such as mentoring and encouraging women’s presence as speakers at professional events.

(ISC)² Strategic Contributions

I would like to see (ISC)² communicate more outside the community, having a stronger presence in the media, and cooperate more with universities and high schools. I also would like to see greater formal involvement of (ISC)² in creating the new regulations in our fields, since we can as professionals often recognize the lack of professional expertise and input in development of these regulations, which sometimes makes information security be perceived as an obstacle to business, while it is actually a business enabler if understood and presented well. Often this negative perception comes from inadequately formed compliance requirements in various regulations. This is where I think we can achieve more.

Regional & Cultural Perspectives

I come from a part of the world known for its rich and complicated history - Croatia and surrounding countries - and these historical events resulted in very specific cultural perspectives. From my work on projects worldwide, I also get to experience a number of different cultures, and am often in a position to have professionals from different cultural backgrounds work together. I believe the experience I’ve gained from working in such an interesting environment can help (ISC)² more easily communicate its messages, as well as enable professionals coming from various cultures to better communicate with each other. A very important part of our professional work comes down to good communication mechanisms and then can easily be influenced by regional specifics and sometimes challenges, which I can help successfully overcome in communicating the (ISC)² messages and initiatives and hence, enable the further growth of (ISC)² community.

Professional Recognition

Selected in “Top 50 Women in ICT in Croatia” in 2016
Founder and President of (ISC)² Croatia Chapter in 2014.-today
ISACA EuroCACS/ISRM conferences Program Task Force Member in 2011, 2012, and 2013
S&T Extra Mile Award winner in 2009

Published scientific and professional papers:

MIPRO 2013 – “IT governance, audit and project management in public and state administration”
MIPRO 2012 – “Managing risks of IT projects in public and state administration”
MIPRO 2009 – “Tributaries of the Information security measures directive and ISO 27001”
MIPRO 2006 – “Assessing and managing information security risks”
MIPRO 2005 – “Managing information security in business environment”
MIPRO 2004 – “Implementing an Information Security Management System”
(MIPRO is international convention on information and communication technology, electronics and microelectronics held in Croatia for over 35 years)

Selected lectures held at professional events:

CyberRisk Conference Croatia, 2016: “Cyber risk insurance”
EuroCACS/ISRM Barcelona, 2014: “Managing information security for generation Z-ers”
IDC Adriatics Expo, Croatia, 2014: “Manage security risks to speed up your business”
Infosek, 2013: “New ISO 27001 is on the stage – are you ready for the transition?”
EuroCACS/ISRM London, 2013: “Assurance forum – assurance professionals’ challenges—are we quick enough and how far can we go?"
EuroCACS/ISRM London, 2013: “Formal ISO 27001 certification – gains vs. losses”
EuroCACS/ISRM Munich, 2012: “KISS principle for information security, compliance and risk management in complex environments”
EuroCACS/ISRM Munich, 2012: “Moving forward with technology”
The IIA Croatian branch, 2011: “ERM and GRC approaches to risk management”
PMI Project Management Institute, 2009.: Information security and business continuity management projects – why the crisis does (not) help them?“
IDC IT Security and Storage Road Show 2008.: "Case study: ISO 27001 implementation at Privredna Banka Zagreb"
IDC Security Road Show 2006.: “ISO 27001/27002 standards: How to effectively implement them into your organization and get certified?"
Microsoft Security Days 2005.: “How to build an effective information security team?"

Information Security Experience

I am passionate about designing and establishing efficient information security risk assessment and management processes, which are fully supported across the organization, therefore enabling timely identification and communication of information security risks in order to make informed and cost efficient decisions on how to mitigate them. I designed such processes for leading organizations in healthcare, biotech, government, oil and gas, energy, telecom and financial industry organizations in Europe and the U.S. I establish business-aligned security control frameworks to handle overwhelming compliance requirements (EU GDPR, HIPAA, EU Annex 11, PCI DSS, MICS, SOX, ISO 27001...) by making sure existing internal resources, tools, policies and processes are utilized as much as possible, instead of building parallel systems just in order to "comply". "Security as a business enabler" is my motto and the objective I strive towards in performing everyday business activities.

Leadership/Management Experience

I have served as president of the (ISC)² Croatia Chapter since November 2014 Since its formation, the chapter has experienced rapid growth and recognition in the Croatian information security community, as well as in surrounding countries. I am a business director of Ostendo Consulting, where I am responsible for the constant business growth and acquiring of the right talent able to provide sophisticated services to the most demanding clients. I am founder of InfoSeCon, the first independent association of information security professionals in Croatia, and also organizer of InfoSeCon 2005 and 2006 international conferences, which attracted the most recognized industry experts at the time to share the top-notch knowledge with young Croatian information security community. In S&T, the leading European IT services and solution provider, I was a business unit manager and business development manager. Previously, I was consultancy manager at Croatian Quality Superintending Company, and information security projects manager for a highly specialized team of information security consultants and researchers at the Faculty of Electrical Engineering and Computing in Zagreb, Croatia.

Volunteer Experience

Besides serving as a chapter president, I am also a member of (ISC)² Scholarship Committees, (ISC)² Chapter Governance Committee, and I have participated in the following industry organizations and initiatives: ISACA EuroCACS/ISRM ConferenceS Program Task Force, HZN Croatian Standardization Body’s ISO 27001 international standards adoption working group and InfoSeCon association Croatia.

Tony Cole CISSP, SSCP
Country/Region: USA
(ISC)² Certified Since: 2000
Twitter: @nohackn | LinkedIn: www.linkedin.com/in/wmtonycole

Experience in Business Strategy

I have a deep level of expertise in business strategy, initially from government work and honed over a fifteen-year career in the commercial world after my military retirement. I built many different successful product and service offerings at two of the world's largest cybersecurity companies. I ran two government consulting practices, one utilized across the globe and quite often brought into commercial accounts for our expertise. I recruited to, and consulted on Wall St around cybersecurity technology companies and where they were likely going from a product perspective. I was a strategist and advisor for Secure Elements on their Advisory Board to help build their vision prior to their sale to Fortinet. I was cyber business strategist advising numerous government agencies and companies around the globe on cybersecurity investments, processes, architecture and policy. I was appointed to the FCC CSRIC-V council by the FCC commissioner, to the NASA NAC Institutional Committee by the NASA administrator and to the President’s NSTAC Subcommittee on the Security of IoT Devices under President Obama. I’m currently an independent director on Silent Circle's board of directors and was recruited to help with strategy.

Education

B.S. in Computer Networking, Strayer University, Summa cum Laude. Current certifications are the CISSP and SSCP. Previous certifications include the FoundStone Corporation’s- Ultimate Hacking Course, Carnegie Mellon University Computer Incident Handlers Course. Also, certified as a Level III Vulnerability Assessment tech under the U.S. Army. Numerous commercial and military courses in Leadership and Technology. Certified by Blue Streak Communications in media training for executives.

Industry Board Experience

As a member of the Advisory Board for Secure Elements, I helped to drive successful growth leading to an acquisition by Fortinet. I was recruited by Silent Circle as an independent director to help them expand and move into the enterprise software world. I am a founding member of the not-for-profit WhiteHat USA Gala charity organization benefitting Children's National Medical Center, which has raised over $1.4 million dollars to date. I’ve been on the board of the ISSA-DC Chapter for seven years, culminating as president for the last two years. I built out membership and activities across the chapter. I’ve also briefed numerous boards around the globe on cybersecurity issues and the risks they pose.

Skills & Expertise

I’m a well-known leader and mentor in the cyber security space. I have a deep level of expertise in the cyber domain, covering a multitude of areas, including services, products, architecture development, policies, risk, people development and much more. I’m able to take low-performing teams, products or organizations and redevelop them into a cohesive and over-achieving unit. I have tackled problem areas in government and the commercial world and helped turn things around in many challenging areas. I have a deep understanding of cultures around the globe at the senior executive level in industry and government. I possess great speaking skills, refined through decades of briefing at the cabinet, congressional, minister, boards and CEO levels, and through speaking at a multitude of conferences often at the keynote level around the globe.

Goals & Objectives

I'm interested in serving on the (ISC)² Board of Directors because I think I could help further elevate the organization as the provider of the recognized certification of the cyber professional around the globe. From there, we could build a comprehensive system where it was recognized internationally as a requirement for certain positions of trust in our profession. Although the (ISC)2 certifications are widely known and respected today, the requirement for a true cybersecurity expert is still somewhat vague and varies from nation to nation and recruiter to recruiter looking to hire cyber experts.

(ISC)² Strategic Contributions

Additional thought leadership from the (ISC)² Board of Directors in areas that showcase a forward leaning organization thinking about the future enablement of the cybersecurity certified expert. This should be independent of vendor bias and completely focused on creating a higher playing field for the holders of the CISSP and associated certifications. One area to tackle right away is ensuring the right requirements are in place to weed out those without operational experience in the field seeking the certification. We need to raise the level of the CISSP to where it’s highly respected by all.

Regional & Cultural Perspectives

I've lived in Asia, Central America, across the United States in various places and in Europe for six years. I've traveled the globe working on cybersecurity issues (including Africa) in numerous jobs and currently travel extensively to speak and provide strategic services focused on cybersecurity. I have a pretty solid understanding of most cultures and have worked and lived in many of them. I’m quite comfortable in most major cities around the globe and have worked on cybersecurity issues in the majority of them. The type of travel I’ve done and the interactions I’ve had with the people I’ve met around the globe have given me what I hope is a broader perspective than most people in our industry. I believe it also allows me to connect with and understand diverse requirements from different regions.

Professional Recognition

I was recognized by my peers through my selection as Government Computer News IT Industry Executive of the Year award for 2014. In 2015, I was inducted into the Wash100 by Executive Mosaic as one of the most influential executives in cyber. In 2016, I was an awardee for Trending 40 Cyber Innovators and Entrepreneurs. I was selected for Symantec’s Horizon Award for Excellence in Leadership. I was given the Bronze Order of Mercury for lifetime contributions to the U.S. Army Signal Regiment. I was given numerous military awards over a twenty-year Army career, including four Meritorious Service Medals.

A few interviews and publications:

@ the World Economic Form – A Closer Look at the Perfect Storm Threatening Europe https://www.fireeye.com/blog/executive-perspective/2017/01/fireeye_and_marsh.html
Cole guides agencies in next-gen cyber warfare https://gcn.com/articles/2014/10/09/gcn-awards-industry-exec-tony-cole.aspx
Understanding Cyber Risk to Adopt the Appropriate Security Framework http://cybersecurity.cioreview.com/cxoinsight/understanding-cyber-risk-to-adopt-the-appropriate-security-framework-nid-15404-cid-145.html
Gov Matters Interview – a discussion on government “cyber hygiene” http://govmatters.tv/trump-calls-for-cyber-plan-in-first-90-days/
Steptoe Cyberlaw Podcast, Episode #92: An Interview with Ellen Nakashima and Tony Cole https://www.lawfareblog.com/steptoe-cyberlaw-podcast-episode-92-interview-ellen-nakashima-and-tony-cole
Cybersecurity and U.S. Voting Systems https://www.c-span.org/video/?417203-1/discussion-focuses-cybersecurity-us-voting-systems
US Government Target of 61,000 Attacks http://wwlp.com/2014/12/20/u-s-government-target-of-61000-cyberattacks-in-the-past-year/
Gov Matters Interview - An interview about the OPM breach and advanced threats http://igovtv.com/Home/VideoId/1710/UseHtml5/
Contributing author to SANS GSEC and many public speaking events at conferences like RSA, G20, BH, and more, on TV such as CNN, BBC, ABC, CNET, and more, radio, in blogs and online media such as Politico, The Hill, FCW, GCN, CNET, Washington Business Journal, CSO, Dark Reading, and many more around the globe.

Information Security Experience

I spent twenty years in the Army, and was one of the first in cyber helping to build and run the Army CERT, the Army Regional CERT-Korea, the Network Security Services-Pentagon (NSS-P), which included PENT-CIRT, SOC, V/A, Sec Engineering, etc. I built networks around the globe for the Department of Defense, and have advised numerous companies and agencies on cyber around the globe in the last fifteen years. I ran two large consulting practices focused on cyber for two of the largest cybersecurity companies in the world. I was recruited for my expertise by the U.S. FCC, NASA, DHS, Banks, Wall Street and many others as an advisor on cybersecurity strategy and trends.

Leadership/Management Experience

I have led numerous teams from initially a small eight-man team to one with a couple of hundred people, including numerous subcontractors. I’ve rebuilt teams that weren’t functioning up to their potential by finding the great performers inside the organization and promoting from within, along with bringing in additional expertise, cutting low performing products and services, adding a focus on people and lowering attrition. I have succeeded by continuously hitting targets and ensuring the entire team shared in the reward. I’ve continuously increased customer satisfaction with services by ensuring our consultants were well trained, enabled and ready to deliver. I've been a mentor to literally more people than I can count as they looked to the future for potential paths of their own careers.

Volunteer Experience

I have participated in the WhiteHat USA Gala, a charity benefiting Children's National Medical Center where they do over $50 million dollar’s worth of surgeries for children in need. I’m a fellow at the Aspen Institute, which helps to make the world a more civil place. I’m a supporter of Good Shephard charity in my own neighborhood, helping those in their time of need. As an Army retiree and fellow disabled vet, I support the DAV(.org) program as well. They have help many disabled veterans that can’t help themselves. My family and I believe strongly in giving back.

Earl Crane, CISSP
Country/Region: USA
(ISC)² Certified Since: 2004
Twitter: @mystie3k | LinkedIn: https://www.linkedin.com/in/earlcrane

Experience in Business Strategy

Dr. Earl Crane is the founder and the chief executive officer of Emergent Network Defense, Inc. (Emergent). Dr. Crane has advised the President of the United States, Wall Street executives and multiple Fortune 100 corporations on their cyber defensive strategies. From 2009 – 2011, Dr. Crane led the implementation of the Department of Homeland Security’s information security strategy. As the Director of the Cybersecurity Strategy Division, he supervised the staff charged with creating and implementing the DHS enterprise-wide security risk-management strategy, and led the development of DHS security architecture, policies and procedures to address issues including intrusion detection and response security operations, threat intelligence, cloud computing security and data-loss prevention. As a member of the President’s National Security Council staff from 2011 to 2013, he was the lead for federal cybersecurity policy and oversight for the Cybersecurity Coordinator, responsible for aligning and responding to shifting cybersecurity threats and vulnerabilities. He led multiple coordination efforts with senior government leaders across domains to provide direction, streamline processes, and reduce burdens across the federal government.

Education

Education:

BS, Mechanical Engineering – 2000 – Carnegie Mellon University Masters
MISM, Information Security – 2001 – Carnegie Mellon University – Graduation Summa Cum Laude (Highest Honors)
PhD, Engineering Management, Information Security – 2013 – The George Washington University
Tau Beta Pi (Engineering Honor Society)

Certifications:

Certified Information Security Manager (CISM) – ISACA License 0606289 Date: Nov 2006 – Jan 2018
Certified Information Systems Security Professional (CISSP) – (ISC)² License 55226 Date: Jan 2004 – Jan 2018
Certified in the Governance of Enterprise IT (CGEIT) – ISACA License 0901526 Date: Jan 2009 – Jan 2018

Industry Board Experience

As director at Promontory Financial Group, Dr. Crane regularly briefed board members and executives at multiple well-known firms on cybersecurity risks and risk management. He has spoken multiple times on cybersecurity and risk management to boards and executives through the National Association of Corporate Directors (NACD). These programs educate board directors on current and emerging cybersecurity risks and mitigation strategies. He understands the roles and responsibilities of board members to help navigate the organization’s goals of creating and implementing effective, ethical and legal governance and financial management strategy, and to ensure that the organization has adequate resources to instrument proposed policies.

Skills & Expertise

Federal Government Insight: As director on the White House NSC, Dr. Crane served as an advisor to the President of the United States and was responsible for creation and oversight of intergovernmental cybersecurity policy. In this capacity, he worked with all federal agency CISOs to understand their unique mission requirements, and enabled policies and support for a proactive defense program. This included coordination with senior leadership across multiple federal executive branch departments and multiple White House offices. He led multiple interagency working groups and advisory boards focused on improving cybersecurity government-wide. Dr. Crane’s role at DHS and the White House provides him with extensive experience in policy and strategy development and implementation, from information sharing programs across public-private partner relationships, including members of federal government, industry participants and financial sector institutions. One of the persistent challenges facing federal agency CIOs is the lack of resources and leadership support for cybersecurity. Dr. Crane addressed this challenge by shifting the visibility for cybersecurity performance to the performance improvement officer (PIO) and deputy secretary or deputy administrator of the agency. He did this through focusing on cybersecurity performance metrics and measurement, incorporating context and eliminating jargon, to focus on agency mission impact.

Financial Industry Expertise: Dr. Crane has wide-ranging experience applying various policies, guidelines, rules and regulations from federal and financial sector regulatory bodies to current sector industry organizations. He has extensive experience with the FFIEC IT security handbook, various FFIEC, OCC, FDIC and FRB information security requirements. He also has experience with emerging requirements under EO13636 and the NIST cybersecurity framework.

Executive Cybersecurity Education: Dr. Crane is on the faculty at Carnegie Mellon, including an instructor at the CISO Institute for executive management, and Heinz College for cybersecurity public policy. His students are regularly CISOs for large commercial institutions, where they discuss the latest cyber defense capabilities and technologies.

Strategy and Planning: One of Dr. Crane’s primary roles as the director for cybersecurity strategy at DHS was to stay abreast of emerging technology and cybersecurity challenges, and to build a strategy to position the department to address these challenges. His background as the chief information security architect for the Department of Homeland Security provides expertise in architecting and developing defensive strategies for large-scale enterprise systems. His expertise was further extended working with many of the top 20 banking institutions and Fortune 50 companies providing the same service.

Future Vision of Cyber Risk: Dr. Crane identified the power of cloud computing as a game changer, and following the draft release of the social media guidelines in May 2009, he pulled together another interagency group to focus on cloud security. As the co-chair of the Network and Infrastructure Security Sub-Committee of the Federal CIO Council, he organized an interagency team to develop the first federal-wide “Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies.” NIST Cloud Security guidelines and the FedRAMP program incorporated elements of these guidelines, and he was a senior advisor to the federal CIO on cloud security, attending weekly cloud meetings at the White House. Dr. Crane received the Federal 100 award from Federal Computer Week in March 2010 for my work in cloud security.

Goals & Objectives

Dr. Crane has a passion for cybersecurity, and is thankful for his almost 20 years in the field, which has included a successful information security startup, government cybersecurity and cybersecurity education as both a student and professor. Dr. Crane is interested in giving back, to help build the next generation of cybersecurity professionals through certification, education, training and road mapping to identify critical skills for future security and prosperity. He would like to bring the same emphasis to (ISC)2 that he has brought to Carnegie Mellon through advisory sessions with university leadership – how do we continue to prepare the cybersecurity leaders of tomorrow? To identify the tools and talents necessary for cyber leaders throughout their career progression, from entry level to CISO and beyond – and to be able to deliver on these needs.

(ISC)² Strategic Contributions

One of the most challenging elements of this field is the use of data to drive change. Cybersecurity risk management is a continually evolving field. As a board member, Dr. Crane would like to emphasize three key areas: career development, education and membership.

Career development: Dr. Crane is interested in career path progression and training programs, as they are critical for the development of the field. This includes early engagement with professionals through trainer and mentoring programs.

Education: Dr. Crane is interested in cyber education, from some of the earliest K-12 cyber education programs, through cyber competitions, college programs and beyond. He would like to see continued improvement of cyber education based on standards like the NIST National Initiative for Cybersecurity Education (NICE).

Membership: Finally, an organization is only as strong as its members – and membership grows through value creation and community for (ISC)2 members around the world. Continued outreach to determine what (ISC)2 members find most useful and need the most from (ISC)2. Dr. Crane’s goal is to contribute innovative solutions and ideas to (ISC)2’s outreaching capabilities for the information security community.

Regional & Cultural Perspectives

As the director of the cybersecurity strategy division at the Department of Homeland Security, Dr. Crane faced the challenge of building a new team comprised of diverse staff transferred from other regions and teams, in addition to identifying new division needs and seeking out those with special skill sets. He dedicated himself to building a diverse team across a multiple racial, ethnic, religious, gender, age and education backgrounds, where he focused on an individual’s unique capabilities, contributions and needs to create a highly effective team. For example, Dr. Crane quickly identified the need for DHS to develop a robust cybersecurity knowledge management capability to manage the large amounts of cybersecurity data and information. Experts are hard to find in this highly specialized field, but he identified a brilliant individual with two PhDs focusing in knowledge management and cybersecurity. Though he was currently in a comfortable job with academia and operating a data center, Dr. Crane attracted him to his team as an opportunity to implement his theories on a large scale. Dr. Crane also recognized that to implement the DHS cybersecurity strategy, the strategy must be communicated effectively. One of Dr. Crane’s strategic communication programs led a department-wide collaboration initiative, and developed two annual “State of DHS Cybersecurity” reports. He also personally engaged across the diverse set of DHS regional offices, travelling locally to embed with national and international teams, including San Diego/Tijuana MEX, El Paso/Juarez MEX, Puget Sound/Vancouver CAN and Newfoundland CAN. As a result, the strategic communication team won the 2011 (ISC)² Government Information Security Leadership Team Award. The team was one of the most diverse within the OCIO organization, representing an audience of 240,000 employees. At the time of Dr. Crane’s departure, almost every member of the team had returned to school part-time for a higher education degree (Bachelor, Master or Doctorate). Additionally, since his departure, every member of the team has remained with the DHS CIO, a level of retention that is difficult in a competitive cybersecurity environment. Finally, prior to Dr. Crane’s government service, as a security consultant with Foundstone, he worked closely with clients and taught classes around the world, including London, Barcelona, Tokyo and Panama City.

Professional Recognition

Selected Recognition:

Senior Cybersecurity Fellow - The Robert S. Strauss Center for International Security and Law
Carnegie Mellon Heinz College Distinguished Alumni Award – Oct 2014
Letter of Commendation, Executive Office of the President of the United States
Executive Leadership in Cyber Security – Jun 2011 – Association for Federal Information Resources Management (AFFIRM)
Federal 100 – Mar 2010 – Federal Computer Week - http://fcw.com/articles/2010/03/22/federal-100-crane-earl.aspx
Government Information Security Leadership Award, (Strategy Communication Team), (ISC)² Selected

Publications:

Council on Foreign Relations points out pitfalls of scapegoating the CISO Link: https://medium.com/endsecurity/council-on-foreign-relations-points-out-pitfalls-of-scapegoating-the-ciso-40f5b7bc447a#.kuv3ie80b
ANTS(TM): A Biologically-Inspired Model for Agile Cyber Defense Link: http://onlinelibrary.wiley.com/doi/10.1002/inst.12086/abstract
Emergent Network Defense – GWU Dissertation Link: http://gradworks.umi.com/35/48/3548491.html

Selected Speaking Engagements:

RSA Conference
SXSW Security & Privacy Finalist
ACT-IAC Executive Management Series
Government Technology Research Alliance (GTRA)
AFCEA Keynote Speaker
International Monetary Fund
Symantec Government Symposium
ISC² Government
Information Systems Security Association (ISSA)
Information Security and Privacy Advisory Board (ISPAB)
Interview: "The importance of personnel to national cybersecurity" - Government Matters TV http://govmatters.tv/the-importance-of-personnel-to-national-cybersecurity/

Information Security Experience

One of my most unique information security experiences has been the requirement to cross boundaries from the most technical to the highest policy level. I was the only member of the national security staff able to both clearly explain how a botnet operated, how a DDOS attack was performed, the strategic and policy solutions we could put in place to help address these issues on a management, operational, AND technology level. This comes from my background of four years of penetration testing, remediation, and forensics with Foundstone, and later my executive experience with DHS. I developed the first DHS SOC CONOPS providing the vision, leadership and guidance for the initial operations of a “world-class” Security Operations Center. The DHS SOC now operates as the front-line defense for DHS IT systems to secure and enable mission readiness for the department. This and other experiences gave me insight to help with policy formulations such as Executive Order 13587, to address and re mediate vulnerabilities that resulted in the Wikileaks incident (as the technical principle for DHS), and later Edward Snowden (as the policy director).

Leadership/Management Experience

At Emergent we have put together a strong, highly experienced team of cybersecurity professionals where we have developed a truly unique and innovative solution to combat today’s evolving enterprise digital risks. My greatest accomplishment at Emergent so far has been the discovery and successful alignment of individual’s hidden talents to best be used within an emerging organization. As the first Chief Information Security Architect and later the first Director for Cybersecurity Strategy at the US Department of Homeland Security, I had the responsibility to build a defensible infrastructure and architecture to combine 23 disparate agencies representing 240,000 employees into a single enterprise. I developed policies, procedures, tactical guides, training programs, and architectural documents for promulgation throughout the homeland security enterprise. I facilitated the DHS CISO Council and led the coordination effort among nine other DHS Component CISOs. I worked closely with the DHS Chief Privacy Officer for cyber defense programs, FOIA requests, and implementation of privacy and security best practices. Later, as the first Director for Federal Cybersecurity Policy on the White House National Security Council staff, I was the sole advisor to the President of the United States and to to the National Cybersecurity Coordinator on federal cybersecurity issues. I advised two Federal Chief Information Officers (CIO) on their cybersecurity programs, from cloud security to classified system defense. In this program I built a number of cybersecurity risk management programs, including leading the federal cybersecurity metrics program (CyberSTAT) which measured and drove operational improvements in federal cyber defense. I established the minimum standards for cybersecurity reporting among federal agencies, and monitored for their improvement and compliance against defined metrics. My experience is not limited only to government. As a practitioner in higher learning for almost twenty years, I have worked closely with Carnegie Mellon leadership on cybersecurity program development and delivery. This includes within the classroom as an adjunct professor for masters and professional students, at the facilities level for establishing infrastructure for classroom delivery, and at the administration level for curriculum program development and delivery. I helped to develop the initial program for Carnegie Mellon’s Chief Information Security Officer (CISO) Certificate Program, and I teach the program’s Enterprise Security Governance day.

Volunteer Experience

I have served and continue to serve in support roles in various civic, academic and social organizations. Some examples include: Carnegie Mellon Admissions Council (CMAC) – volunteer to meet with prospective students to answer questions and provide my assessment to admissions. MD5 Mentor at austinhack.md5.net/home – continued collaboration to help other security startups bring their ideas to market to support humanitarian relief and disaster response. Various volunteer activities in my local church and children’s school.

Geoff Harris, CISSP
Country/Region: UK
(ISC)² Certified Since: 2007
LinkedIn: https://uk.linkedin.com/in/geoff-harris-2351701

Experience in Business Strategy

I have served in the following board of directors or executive management positions for the last 26 years:

ISSA International Board, Director 2011 – Present
Alderbridge Consulting Limited, CEO 1997 – Present
Global Village Communication UK, Managing Director 1996 – 1997
KNX Ltd, Technical Director 1995 – 1996
Tunstall Telecom Ltd, Research & Development Manager 1991 – 1995.

In each of the above positions, I have had a key role in managing the business and strategic planning.

Education

In addition to the above positions, I have been a member of the UK’s Institute of Directors for over 15 years and received formal director training and business leadership coaching. As an electronic engineering graduate, I followed a professional development program endorsed by the IEE/Engineering Council and became formally recognized as a chartered engineer. I became a formally approved member of the UK Government’s CESG CLAS scheme from 2002 – 2015, allowing me to provide information assurance for Her Majesty’s government of the United Kingdom. Since then, I have gained further certification status of ITPC – Certified Infosec Competency (Government Practitioner) and CESG Certified Professional (CCP) – Security & Information Risk Advisor (SIRA). I am also an ISSA Fellow.

Industry Board Experience

I am currently a member of the (ISC)² Europe, Middle East & Africa Advisory Council and have served as an (ISC)² adviser for over six years. I was one of the founding members of ISSA-UK in 2003 and the ISSA-UK President from 2007-2010. I grew the UK chapter to become the second largest in the world at that time with over 400 active members. I was elected as a director on the international board of ISSA in 2011, 2013 and 2015, and am currently serving my 3rd successive two-year term. I led and chaired the first ISSA European Conference in London in 2013 and continue to focus on ISSA’s growth in Europe as well as provide overall strategic global direction. This includes strategic alliance and professional development programs.

Skills & Expertise

In addition to general strategic board guidance for (ISC)2, the area in which I can contribute specifically relates to the development of the information security profession. As CEO of Alderbridge (providing specialist information security consulting and recruitment services), we have worked with over 40,000 professionals since its formation in 1997 and contributed to the 2013 Global Information Security Workforce Study by Frost & Sullivan. In 2013, I co-authored a report commissioned by UK Government through e-skills UK, “Career Analysis into Cyber Security: New & Evolving Occupations.” I have also spoken on this subject at many events across Europe, Middle East, Africa and North America.

Goals & Objectives

Cybersecurity has evolved and developed into a highly critical profession. Governments around the world have recognized the importance and need for cybersecurity. They recognize the need for specialist skills and certified professionals. I would like to help (ISC)² continue to be the leading certification organization and to ensure that it evolves to meet the needs of governments, organizations and individuals globally. With my experience as a practitioner and leader together with my global industry knowledge, I believe that I can provide key contributions and strategic guidance to continue (ISC)²’s success. As well as being a day-to-day hands on cybersecurity practitioner, I have presented and chaired numerous cybersecurity-related events across the world, written press articles on this subject matter and contributed to the UK House of Lords reports on cybersecurity.

(ISC)² Strategic Contributions

As stated above, this is a critically important time for the cybersecurity profession. Governments around the world have recognized the importance of cybersecurity. They recognize the need for specialist skills and certified professionals. Governments are creating certification programs and mapping out their cybersecurity needs for the future. I would like to see (ISC)² build on its success to date by being at the center stage of these programs across the globe as well as serving and developing existing (ISC)² members to meet the evolving future certification needs of the profession.

Regional & Cultural Perspectives

My experience as a day-to-day hands-on cybersecurity practitioner is largely UK based, which is a key population of (ISC)² members outside of U.S. as Along with my vast knowledge and contact with UK members, my perspective is largely that of Europe and the U.S. I have attended, presented and chaired numerous cybersecurity-related events across Europe, Africa, the Middle East and the U.S. I have an extremely good understanding of cybersecurity requirements and drivers across these regions.

Professional Recognition

I have been a speaker, conference chairman and provided input to numerous information security events and industry bodies around the world including:

ISSA
(ISC)²
Information Assurance Advisory Council (IAAC), EURIM/Digital Policy Alliance
House of Commons & House of Lords, joint author of three white papers and two consultation responses made to House of Lords, key government projects including the 2010 House of Lords report on Protecting Europe against large-scale cyber-attacks
Guardian - Info Security in the Public Sector Conference 2009-2010
Cyber Defence 2008 -2013 Conference Chairman
Europe Chief Information Security Officer (CISO) Summit presentations 2009-2015
Middle East Chief Information Security Officer (CISO) Summit chairman 2013-2014
Oil & Gas Cyber Security Conference 2015
Cyber Crime Africa Co-Chairman 2015
ASIS International Conference
RSA Europe Conference
InfoProtect & participation in e-Crime Reduction Partnership & various UK government/business roundtables.

Information Security Experience

I am the CEO of Alderbridge, providing specialist information security consulting and resourcing services. Throughout the last 20 years, I have directly provided information security professional consultancy services to UK government, telecommunications, finance, media and commercial sector organizations including:

Vanquis Bank
General Dynamics Land Force Protection
Workingham Borough Council
John Lewis Partnership
Health Management Ltd
The National Gallery
Egton Medical Information Systems
Sodexo Justice Services
British Transport Police
Mitchell Fox Group
Nissan, SCC
IBM
AQL
Callcredit Information Group
Department for Work & Pensions
Anglo Irish Bank
Durham County Council
Serco
Besso Group
British Telecom
Close Brothers Group plc
The MCPS-PRS Alliance
UK Police Forces
Mowlem plc
K2 Group Ltd
Visa International
The Highways Agency
Merido
Barron McCann
Nabarro Nathanson
The Institute of Directors
The National Children’s Home
Leeds Co-Operative Society
The Britannia Building Society
Lloyds TSB Bank
Halifax Building Society & Abbey National Building Society

With a background in secure military communications systems, my experience spans over 30 years in the research, design, development and deployment of secure communications systems in addition to information security professional consultancy services.

Leadership/Management Experience

As discussed above, I have served in the following positions for the last 26 years:

ISSA International Board
Director 2011 – Present Alderbridge Consulting Limited
CEO 1997 – Present Global Village Communication UK
Managing Director 1996 – 1997 KNX Ltd
Technical Director 1995 – 1996 Tunstall Telecom Ltd
Research & Development Manager 1991 – 1995
One of the founding members of the ISSA UK Chapter in 2003 and President from 2007-2010

In each of the above positions, I have had a key leadership role with extensive management experience.

Volunteer Experience

As discussed above, I have served as a volunteer in the following positions: I am currently a member of the (ISC)² Europe, Middle East & Africa Advisory Council and have served as an (ISC)² adviser for over four years. I was elected as a director on the International Board of ISSA in 2011, 2013 and 2015 and am currently serving my 3rd successive two-year term. I led and chaired the first ISSA European Conference in London in 2013 and continue to focus on ISSA’s growth in Europe as well as provide overall strategic global direction. This includes strategic alliance and professional development programs.

Steven Hernandez CISSP, SSCP, CAP, CSSLP
Country/Region: USA
(ISC)² Certified Since: 2006

Experience in Business Strategy

Over the past decade, I have managed strategic and operational units throughout the U.S. government. I presently serve as a CISO in a US government agency that employees over 200,000 people and encompasses a trillion-dollar budget. Strategic planning is at the core of my daily activities. Having also served in the roles of chief technology officer (CTO), chief information officer (CIO), senior official for privacy (SOP) and other CXX titles, I have crafted strategies at the organization, operational division and product levels. I have led multi-disciplinary teams in developing strategies to improve program outcomes, cut spending, foster greater growth and program adoption, re-organize entire business units and work to transform business models to agile and modern approaches. While on the board with (ISC)2, I have chaired the strategy committee and led the team who developed the formal policies and procedures the board uses to formulate executive strategy. The outputs of the strategy policy and procedure produce the annual updates for the organization's strategic plan and also formulate the performance and budget objectives of the organization for the upcoming years.

Education

I bring a combination of technical "hands-on" education and formal education through my diversified educational background. The following lists my educational progression and relevant credentials or certifications:

Master of Business Administration, Idaho State University, 2007
Bachelor of Business Administration, Idaho State University, 2005
Associates of Applied Sciences in Electronic Systems, Idaho State University (2001)
Certificate of Technology in Lasers and Electro-Optics, Idaho State University (2001)
Certified Authorization Professional (CAP)
Systems Security Certified Practitioner (SSCP)
Committee on National Security Systems (CNSS)
NSTISSI-4011 (National Training Standard for Information Systems Security (INFOSEC) Professionals)
CNSSI-4012 (National Information Assurance Training Standard for Senior Systems Managers)
CNSSI-4013 (National Information Assurance Training Standard For System Administrators (SA)
CNSSI-4014 (Information Assurance Training Standard for Information Systems Security Officers)
NSTISSI-4015 (National Training Standard for Systems Certifiers)
CNSSI-4016 (National Information Assurance Training Standard For Risk Analysts)
Certified Secure Software Lifecycle Professional (CSSLP)
ISACA Certified Information Systems Auditor (CISA)
Security +
US Government Contracting Officer's Representative (COTR/COR)
ITIL

Industry Board Experience

I have worked on the (ISC)² Board of Directors now for almost three years. I have chaired several committees including Strategy, Scheme, Bylaws and Business Practices. Additionally, I have been an active participate in the Audit, Center and product development. Throughout my work with the board, we provided the necessary governance to modernize a legacy infrastructure, prioritize and understand our credential performance, greatly enhance the transparency of the organization's operations to our membership, provide additional member value through strategic and operational partnerships, modernize our testing and continuing education standards and grow our membership base into new markets. As a board member, I have also handled numerous governance issues, including reviewing alleged misconduct by other board members, managing urgent and critical ratifications of emergency board actions and providing council and advice for increased operational oversight. Through my work with the (ISC)² U.S. Government Advisory Council (GAC), Government Information Security Leadership Awards (GISLA) and the Executive Writer's Bureau, I have led teams of judges, writers and peers in working groups, research and writing projects and programmatic evaluations. I am often called on to present and represent (ISC)² and the GAC's position on information assurance topics to audiences of senior industry leaders. When I served on the regional Board of Directors for the Southeastern Idaho American Red Cross, I was responsible for all aspects of technology use and adoption. My suggestions saved tens of thousands of dollars over the strategic course of the organization's growth. Additionally, I ensured information security was intrinsically part of every IT change we made.

Skills & Expertise

I am a senior executive bringing a broad experience and capability portfolio to any board I serve. Some high levels of my expertise include, but are not limited to:

Senior executive leader with full oversight of strategic risk management, IT planning, business leadership and productivity enhancing transformation for the largest civilian Inspector General’s Office in the United States.
Seasoned risk manager in a one-trillion-dollar organization with global reach in over fifty countries.
Strategically engaged in technology workforce development through leadership in several private organizations, including the largest credentialing body of IT professionals.
Government leader in executing a series of “firsts” in government cloud-computing security.
Expert policy developer and regulatory compliance implementer through the development of IT systems, workforce, process and governance.
Leverage 18+ years of progressive leadership in information technology (IT) and cybersecurity to drive business development and retention to customer-focused success.
Provide transformative vision enterprise-wide via decisive and insightful executive leadership, guiding daily operations and policy implementation through strategic thinking and decision making.
Known for seamlessly coordinating with internal organizations and third-party partners.
Build and lead high-performance teams to manage, implement and streamline complex organizational performance designs.
Foster virtual team collaboration using relationship building and communication improvement.

Goals & Objectives

Our members come first! We must continue our "member focus" without diminishing our credentialing or outreach activities. This means the continued development of chapters around the word and ensuring those striving to start chapters have sufficient resources to do so. Additionally, (ISC)² has a tremendous opportunity to help shape and encourage security in developing economies and those undergoing rapid change. I want to ensure we do not miss these opportunities to make the world's "cyber domain" a safer place for all.

Ensure (ISC)² controls and markets the image and reputation of its credentials. As an MBA, I have spent considerable time understanding why markets react either favorably or poorly to a promotion, product or service. As a community, we still have to work to do to ensure that industry, academia, government and any organization who wants the "gold standard" in information assurance can differentiate and choose a credential to fit their needs. I've had many people tell me, I hired someone with credential "X" and they couldn't do "Y." However, when pressed to explain the exact skills needed for the job, it was evident that they really needed a different credential that reflected a more appropriate skill set for the task. Through proper marketing, communication and education, we can better address this issue.

Transparency is a keystone of any members-based, not-for-profit organization. Therefore, if elected by the membership, one of my goals will be to ensure (ISC)²'s transparency and reporting to its members is beyond reproach. Coming from an audit, MBA and consulting background, I understand how to improve and mature existing organizational processes to enhance transparency measures. As a member of (ISC)², you deserve to know the impact your volunteering, time, intellectual contributions and financial support are having on the organization and its mission.
Outreach is crucial for our organization to grow and maximize its impact. As information security professionals, we have a common creed in our ethics that mandate we promote the best information security we can at any given moment. As an organization, I believe (ISC)² has merely scratched the surface of its potential impact through its numerous programs such as scholarships for soldiers and bright students, safe and secure online initiative and the development of new industry specific credentials such as HCISPP and secure cloud computing. While expanding the breadth of credentials is important, so is ensuring we have a credential for every aspect of the information security professional's lifecycle. From those just starting out in the industry to experienced veterans of the trade, we must ensure we have credentials that reflect the experience and expertise of our members. (ISC)² is uniquely positioned as a leader in the international community as well as a focal point of information security excellence. To this end, and to ensure an inclusive membership, (ISC)² must continue its education and awareness mission to not only the U.S., but internationally, particularly in developing economies.

(ISC)² Strategic Contributions

(ISC)² is only getting started. We have a tremendous potential to grow throughout the world and double or even triple our membership size and respective impact for our members in the next five years! Fundamentally, (ISC)² has done a great job in helping the global information technology market understand the need and shortage of qualified information assurance and security professionals. We have the opportunity to help build the paths and smooth the way to provide the necessary workforce and also help international markets understand how similar workforce shortages impact their ability to compete or operate efficiently. Furthermore, (ISC)² should continue its relentless focus on providing member benefits. (ISC)² is the gold standard in so many ways, yet some industries and some markets don't know about us. Market penetration is a strategy (ISC)² will seriously consider should I be elected. Instead of just attending security conferences, (ISC)² should be at HR conferences, IT conferences, industrial control conferences, banking conferences, etc. The benefit is bi-directional, markets benefit from a standardized and consistent way to help identify the capabilities they need, while (ISC)² members are exposed to even more opportunity, growth and success!

Regional & Cultural Perspectives

I grew up in the northwestern United States, but now live in the Washington, DC area of the U.S. I have worked in Asia, Europe and the U.K. I bring a profound and humble understanding of culture and how it not only influences the behavior of a board, but also how it influences the way a market may perceive an organization. From the start of my professional career I focused on organizational behavior, strategic planning and leveraging markets to achieve success. If an organization is to be successful in any culture or market they must first understand the fundamental aspects of what's important to that culture. It could be status, respect, perceived wealth, humility, power, influence, persistence, connections, etc. I have worked internationally for over the past decade and have extensive experience in understanding the cultural nuances of successful global organizations. I will continue to bring this experience to the (ISC)² board.

Professional Recognition

I am constantly giving back to the community that has given me so much! The following represents several of my works, honors and awards over the past decade:

AWARDS:

(ISC)² President’s Award for Outstanding Contributions to the Profession
Honorary Professor: California State University at San Bernardino

SPEAKING:

Leveraging People, Process and Technology to Manage Risk: National Defense University (2017)
Open Source, DevOps and Agile: Supply Chain Considerations ACT-IAC (2017)
Secure Design with OMB in Mind, ACT-IAC (2017)
Cloud, e-Discovery, Audits and Investigations: Federal Auditors Executive Committee (2011-2016)
Fraud, Assurance the Discovery in modern Cloud Environments: Association of Government Accountants (2015)
Big Data Analytics in Action: FCW Executive Briefings (2013)
Leading with Cybersecurity for Effective IT Transformation: Modern Gov Summit (2015)
Privacy and Security in Healthcare: AFCEA DC Heath Care Summit (2015)
Endpoint and Application protection: Federal News Radio (2016)
Enhancing Federal Network Visibility and Analytics: Federal News Radio (2016)
Reducing Risk in the Cloud: Federal News Radio (2014)
Investigations and Audits in the Cloud: CIGIE Computer Crimes Committee (2016)
Affiliate Faculty: Idaho State University
Guest Lecturer: George Washington University
Guest Lecturer: National Defense University

PUBLICATIONS

Official (ISC)² Guide to the HCISPP CBK ((ISC)2 Press) Sep 10, 2014
Information Assurance Handbook: Effective Computer Security and Risk Management Strategies Sep 8, 2014
Official (ISC)² Guide to the CISSP CBK, Third Edition ((ISC)² Press) May 31, 2013
The Official (ISC)² Guide to the SSCP CBK by Steven Hernandez (2016-06-10)
“Improving Information Security Risk Analysis Practices for Small- and Medium-Sized Enterprises: A Research Agenda.” The Journal of Issues in Informing Science and Information Technology, Volume 5, 2008
“A Tentative Proposal: Improving Information Assurance Risk Analysis Models for Small- and Medium Sized Organizations through Adoption of an Open Source Development Model.”

Information Security Experience

I believe that I can make a valuable contribution to the board's future projects and initiatives. I’m a senior executive leader with full oversight of strategic risk management, IT planning, business leadership and productivity enhancing transformation for the largest civilian Inspector General’s Office in the United States. I have strategically engaged in technology workforce development through leadership in several private organizations, including the largest credentialing body of IT professionals. These points coupled with my proven success in leading high performance executive teams providing strategic leadership, crisis management, information availability that sustained business operations, reduced operating costs, streamlined overall operational functions and simplification of the complexity of market relationships, while providing maximum membership benefit have made me a perfect fit to continue my work on the board should the membership see fit. In brief, I offer:

Over 18 years of progressive leadership in information technology (IT) and cybersecurity with the ability to drive business development and retention to customer-focused success.

Hands on management style with expertise in: client needs, efficiency, cutting-edge technology, training, policies and procedures, and strategic development.
Superior written and verbal communication skills; interpersonal skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
Excellent work ethic with ability to deliver goals independently or with diverse and globally focused teams.
Team player/ability to work collaboratively with others; a “diplomat” who can build consensus across a highly complex organization with diverse cultures, language groups and abilities.
Demonstrated ability to organize, prioritize, and work in a multi-tasking, high pressure environment while remaining current with changing technology, markets and priorities.
Outstanding problem solving and analytical skills with exceptional facilitation, collaborative, and coordination abilities.

Leadership/Management Experience

I have held the following positions relevant to leadership and management:

Member of the Board of Directors, (ISC)²
Member of the Government Advisory Board, (ISC)²
Chief Information Security Officer / Director, Information Assurance Division Office of Inspector General (OIG), U.S. Department of Health and Human Services (HHS) - Washington, DC
Acting Chief Services Engineering Officer / Acting Infrastructure Services Director Office of Inspector General (OIG), U.S. Department of Health and Human Services (HHS) - Washington, DC
Acting Chief Information Officer / Acting Assistant Inspector General Office of Inspector General (OIG), U.S. Department of Health and Human Services (HHS) - Washington, DC
Senior Official for Privacy / Information Security Branch Chief Office of Inspector General (OIG), U.S. Department of Health and Human Services (HHS) - Washington, DC
Supervisory Certification and Accreditation Team Lead United States Department of Education - Washington, DC

Volunteer Experience

I volunteer for the (ISC)² Board of Directors. Prior to the (ISC)² board, I volunteered for the (ISC)² U.S. Government Advisory Council, the U.S. Government Information Security Leadership Awards and the Executive Writer's Bureau. I have volunteered for the (ISC)² Foundation Board of Trustees and also volunteered for over a decade with (ISC)² for item writing and review. I volunteer my time to half a dozen universities teaching the next generation of information assurance professionals. Locally, I'm heavily involved in the local food bank, the local hospital charity and collegiate CCDC.

Tiffany Jones CISSP
Country/Region: USA
(ISC)² Certified Since: 2013
LinkedIn: https://www.linkedin.com/in/tiffany-jones-cissp-cipp-8b7315/

Experience in Business Strategy

I have the opportunity to manage as an Executive officer and Commanding Officer units/ships in the Coast Guard and at the White House (as Deputy Chief of Staff for Cyber and Infrastructure Protection). While in industry, I have led government programs and major parts of the business at Symantec (in addition to leading Government Affairs for a number of years there). From Oct 2013- Feb 2016 I was the Chief Revenue Officer at iSIGHT Partners running the entire business. Currently I run the Global Solution Providers Business Unit, OEM outbound business, and Alliance Operations for FireEye

Education

CIPP, CISSP, Pragmatic Marketing launch and product management certifications.

Industry Board Experience

I have previously served on the boards of: National Cyber Security Alliance (NCSA), United States Coast Guard Academy Alumni Association, IT Sector Coordinating Council, and currently serve on 2 company boards.

Skills & Expertise

I can bring broad expertise from my time working in the military, government, and IT security industry. I work weekly with both CISOs, C-suite execs, and major IT outsourcing providers as they try to tackle the issues we face in cyber security. I can inform the board and staff on needs and requirements, training gaps that may exist, and how better to position and market (ISC)² with my marketing expertise.

Goals & Objectives

I have been a huge proponent of (ISC)² ever since being introduced to the organization while I worked at the White House under Richard Clarke on the first Government Strategy for Cyber Security. I was responsible for training, education and awareness within the strategy and met with (ISC)² and several other bodies/orgs to gain input to the strategy. The mission of (ISC)² is hugely important and needs to continue. Now I am also a member and have a CISSP certification from this great organization. I would love to give back.

(ISC)² Strategic Contributions

I would need to get educated quickly on efforts and programs to date before I can provide solid recommendations on what needs to be improved.

Regional & Cultural Perspectives

I currently manage teams around the Americas, EMEA and APJ. I travel to those regions frequently and am knowledgeable on culture and IT security needs in each of those regions.

Professional Recognition

I am a regular speaker at conferences, including RSA Conference, Black Hat USA, and US Govt Bilaterals as a delegate, I am a regular speaker and trainer at the Deloitte University program for veterans and transitioning officers. I currently sit on the CSIS Commission for Cyber Security advising the next administration on recommendations for improving security. I was a nominee for the WIT awards in 2016.

Leadership/Management Experience

I have held numerous leadership and management positions throughout my career in the military, government, and industry. See Linked In profile.

Volunteer Experience

I volunteer with the National Cyber Security Alliance (NCSA) in schools, and am a volunteer Coast Guard Academy Partner/Ambassador to help recruit talent into the academy.

Gurdeep Kaur, CISSP, CISSP-ISSAP
Country/Region: USA
(ISC)² Certified Since: 2004

Experience in Business Strategy

As the first chief security architect for AIG, spearheaded the function for development of security architecture framework, with full alignment to the overall enterprise architecture. Created enterprise cloud security strategy and architecture, with focus on automation of security services for private and public cloud utilization. Collaborated with the Office of CIO and CISO to establish IT security and risk framework to support the Fed Readiness Program. As the security leader, own the responsibility to implement and continually enhance the firm’s IT security strategy utilizing a defense-in-depth approach to minimize the likelihood of cyber threats negatively impacting company’s business or reputation. Led security work stream for divestment of major entities including, AIG Private Bank in Switzerland, Consumer Finance Divisions in Taiwan, Hong Kong and India. (2008-2010)

After spending 12 glorious years at AIG, I assumed the position of Strategic Security Advisor at Rank Software Inc in May 2017. This role provides me a unique opportunity to share my experiences as a security insider, and help deliver an innovative, automation-focused security analytics solution to significantly improve the security posture of any organization, irrespective of the size and maturity of its security team.

Education

Received a bachelor’s degree in Electrical Engineering from the prestigious Delhi Technological University (DTU) in New Delhi, India
Recipient of 100% merit scholarship for the three-year Advanced Software Management Program at NIIT, New Delhi, India.
Completed Mini-MBA certificate course in Business Essentials at Rutgers University, New Jersey.
Hold professional certifications, namely CISSP-ISSAP, CISA, CCSK, ITIL, and PMP (inactive).

Industry Board Experience

Member of the Global Enterprise Advisory Board of the Cloud Security Alliance (CSA). This group is responsible for representing the point of view of large IT end-users, and to articulate the perspective of the consumers of cloud computing related to the topic of information security.

Member of (ISC)² North America Advisory Council. This group has been revamped so that the collective expertise and experience of its members can be effectively leveraged to better serve the (ISC)² member base, as well the broader community. Volunteered to participate in the review committee for North America’s Information Security Leadership Awards program.

I served as the Co-Founder, and president of the (ISC)² New Jersey Chapter from 2012-2015. I was able to build the chapter with the vision to serve the members in the entire state of New Jersey. Established long-lasting partnerships with New Jersey chapters of other like-minded security organizations like ISACA, Infraguard, OWASP and CSA. Volunteered to assist with the review of applicants for (ISC)² Foundation (now the Center for Cyber Safety and Education) scholarships for the advancement of security.

Skills & Expertise

An excellent communicator and highly energized self-starter, widely recognized as a security leader and business enabler, who always strives to work with the business and understand their requirements, while safeguarding the organization’s interests. Extremely passionate about giving back to the community. Always looking for opportunities to raise awareness about information security. Take a keen interest in motivating and mentoring the younger generation so they can become effective security leaders. I will bring along a wonderful combination of technical expertise, high emotional intelligence, proven collaborative and relationship management skills and a fabulous can-do attitude.

Goals & Objectives

I have been a member of (ISC)² since 2004, when I earned my CISSP certification. My active association with (ISC)² started in 2012 when I volunteered to start the chapter in New Jersey. That opportunity provided me a wonderful platform to bring together the group of people with similar interests and common objectives to make a difference by raising awareness about cybersecurity issues in the professional, educational and broader community. I was also nominated to the North America Advisory Council. I am interested in serving on the (ISC)² Board of Directors because it will provide me with a powerful platform to further enhance the programs and services offered by the most respected security certification organization in the world; and bridge the gap with respect to information security awareness and career opportunities. I will be able to leverage my experience at the grassroots level from the chapter leadership perspective. I will be able to contribute and influence the strategic direction of the (ISC)² chapter program, that would help to enhance the services provided to the general members. At the same time, I will be able to leverage my professional experience in strategy planning and leadership, to explore opportunities for establishing meaningful relationships with the corporate entities.

(ISC)² Strategic Contributions

I think there is lot of work that (ISC)² can do in terms of bridging the gap with respect to raising awareness about information security issues, providing training opportunities and helping to fill the vacancies in cybersecurity roles. (ISC)² needs to establish a strategic program for education/awareness, mentoring and coaching in information security, to help meet the growing demand for information security professionals and leaders.

Regional & Cultural Perspectives

I was born and brought up in New Delhi, India. I was the first female in my family to pursue a degree in Engineering! I am so proud to serve as the role model for the next generation; and my niece recently completed her degree in Engineering!! I was fortunate to work at the United Nations Organization in Delhi since it provided me with an invaluable experience to work with a talented team of people from various countries, with a common objective of facilitating the programs that would help make world a better place for everyone. My biggest assets are my positive attitude, persistence and resiliency.

Professional Recognition

I was so proud to be recognized with the (ISC)² President's Award in 2015, for my accomplishments at the (ISC)² NJ chapter.
Participated in panel discussions at (ISC)² Security Congress, RSA, CSA NJ chapter and (ISC)² NJ chapter events.
Published a paper on "Women in IT Security Project Management.”

Information Security Experience

Security strategy, vision and roadmap
Cloud Security Architecture
Technology Risk Management
Office 365 Security Architecture and Engineering
Active Directory Credential Theft Mitigation
Cyber Threat Management Divestitures
Security framework for Divestitures
Security Analytics driven by Artificial Intelligence and Machine Learning

Leadership/Management Experience

Provide leadership for the security strategy and architecture tower in my most recent role as the chief security architect. Led the security management initiatives as the business information security officer for the AIG Global Finance Division.

Volunteer Experience

Employee leader of the Asian Leadership Network (Employee Resource Group) at AIG.
Mentor for the Sikh American Chamber of Commerce (SACC).
Co-Founder/President of (ISC)² NJ chapter.

Thomas Kristmar CISSP
Country/Region: Denmark
(ISC)² Certified Since: 2002

Experience in Business Strategy

I’ve worked for a decade in the Danish government and for the last two years with cyberpolicy as head of the policy department of the Centre for Cyber Security. I’ve been leading and participating in the creation of the Danish national cyber and information security strategy. My focus has been on increasing the overall robustness of the Danish society and aligning multiple stakeholders from public and private sectors. I’ve been in charge of the Danish implementation of the network and information security (NIS) directive and member of the European Cooperation Group implementing the directive. As head of the Danish GovCERT, I’ve led the creation of the first legislative basis for the Danish GovCERT and thus providing a sound balance between the GovCERT’s possibility to perform network monitoring throughout government and the need to protect citizens’ privacy. The legislation was unanimously adopted by parliament in 2011.

Education

Master’s in Political Science

Industry Board Experience

I’ve been member of the European Network and Information Security Agency (ENISA) Management Board and prior to this, I’ve been an alternate member of the ENISA Management Board. I’m currently member of the Danish IT Society Board for Information Security and participate in arranging annual cyber security conferences and meetings for members of the Danish IT Society.

Skills & Expertise

I have a strong focus on using our cybersecurity skills in the protection of society. Cybersecurity professionals today have a unique opportunity to contribute to the robustness and resilience of society. My expertise is to translate cybersecurity problems and solutions into a political context with achievable policy goals.

Goals & Objectives

I want to drive the recognition of (ISC)²’s information security certifications to all parts of the world and protect the (ISC)² brand as a gold standard for information security certifications. Formal recognition in local legislation and standards of (ISC)² will improve the value of the certifications.

(ISC)² Strategic Contributions

I want to focus on two things: First to strengthen the overall recognition of (ISC)² certifications in all parts of the world, and in this capacity to ensure that the CBK is kept up to date and will reflect and address the needs of information security professionals in both government and private sectors. Secondly, I want to increase the member involvement with (ISC)² to ensure that the priorities of (ISC)² are aligned with the needs and requirements of our members. Using my experience from other volunteer organizations, I’d like to facilitate the discussion. Specifically, you could have virtual “town hall meetings” with the board in the different regions of the world to ensure a global dialogue. Here, members and the board can discuss regional priorities.

Regional & Cultural Perspectives

I’ve worked with cyberpolicy issues in Europe for a decade. I have a solid understanding of the cybersecurity priorities in Europe, such as the challenges to industry and government alike in terms of shortage of information security professionals and the need to embed cybersecurity knowledge into education. Additionally, I have a strong understanding of the European challenge to maintain a robust and resilient infrastructure.

Professional Recognition

Apart from CISSP, I also hold the CISA certification. I’ve represented the Danish Centre for Cyber Security for many national and international speaker engagements.

Information Security Experience

From 1st of April 2017 I am head of Information Security Incident Management Operations at the largest Nordic bank (Nordea). Prior to this, I worked in the Danish government at the Danish Centre for Cyber Security under the Ministry of Defence as head of Policy and Threat Assessments. At the Centre, I’ve also been head of the Network Security Department and led the incident response in government and private sectors from state sponsored attacks. In 2009, I led the creation of the Danish GovCERT as a section of the IT-Security Division in the Danish government. In the IT-Security Division, I participated in the government-wide security awareness campaigns and privacy initiatives. Before joining the IT and Telecom Agency, I was a security advisor at the Danish Security and Intelligence Service, focusing on system accreditation and information sharing on cyberattacks among partner security services. I’ve had my CISSP since 2002 and worked with information security since 1998.

Leadership/Management Experience

I’ve been a leader in various positions in government for over 10 years, latest as head of Policy and Threat Assessment and currently in the private sector as head of Information Security Incident Management.

Volunteer Experience

Reviewer for the ELSEVIER publication Computers and Security and member of the Danish IT Association Information Security Board.

About Board Elections

Board Election FAQs Board Election FAQs
Q:
How does the (ISC)² Board of Directors election process work?

A:

The election takes place for two weeks every year. All members in good standing as of the date specified in the election notice and of the date of the election may vote. The Board puts forth several recommended candidates each year, and members in good standing as of the date specified in the election notice may petition to have their names added to the ballot.

Q:
Who is eligible to vote in the Board election?

A:

(ISC)² credential holders in good standing as of as of 01 April 2017 and the date of the election 30 July 2017 can participate in the Board of Directors election process.

Q:
Why are only some Board positions available for election?

A:

Board members are elected to three-year terms, and those terms are staggered so that only one-third of the members stand for election each year. This is consistent with common practices for nonprofit organizations, providing continuity of leadership and stewardship.

Q:
Why doesn't the Board place a call for nominations?

A:

Early in the year, the Board begins looking for potential candidates for the Board. This review begins by asking for suitable nominations from its various advisory boards and committees. This search typically yields approximately 25 potential candidates. The Nominations Committee then spends time vetting the candidates against various criteria listed below. This nomination and vetting process ensures that candidates have demonstrated their ability and desire to provide their time and energies to the organization over an extended period of time and are likely to be productive Board members.
Q:
What does the Board look for in candidates it puts forth on its endorsed slate?

A:
When assembling the endorsed slate every election year, the Board is looking for a balance of experience and particular personal characteristics. Prospective Board candidates must:

Have an established record of leadership in the field of information systems security.

Have experience in a managing or directing strategic program across an enterprise.

Have earned the respect and trust of peers in the subject of information security.

Have an established record of advancing the field of information security.

Have not been a salaried employee of (ISC)² or its affiliates.

Possess the ability to: listen, analyze, think clearly and creatively, and work well with people both individually and in a group.

Have the willingness to prepare for and attend four or more in-person board meetings, weekly teleconferences and committee meetings, ask questions, take responsibility and follow through on a given assignment, and read and understand financial statements.

Create opportunities for (ISC)².

Have a commitment from his or her employer to support the time off from work required to support this commitment.

Have a willingness to cultivate and recruit future Board members and other volunteers.\

Possess honesty, sensitivity to and tolerance of differing views, and a desire to serve as a member of a team.

Be friendly, responsive, and patient in dealings with fellow Board members, and possess a sense of humor.

Adhere to the (ISC)² Code of Ethics.

Promote the agreed collective Board opinion above their own personal views.

Advocate for the organization. Work for change or acceptance where organizational views do not mirror those of the Board member.

Refrain from bringing the organization into disrepute through personal actions or words.

Qualify for eligibility based on the current (ISC)² Bylaws.
Q:
What selection criteria does the Board Nominations Committee use?

A:

The primary criteria used by the Nominations Committee are a matching of potential candidates to the ‘Experience and Personal Characteristics’ described above. The Committee will not nominate anyone whom the members feel, or know from experience, cannot meet these requirements. Above all, the Board is concerned with how well the membership will be served through the work and responsibilities of their proposed nominees.

Q:
Can (ISC)² members nominate others for Board election?

A:

Yes. As detailed in the (ISC)² Bylaws, the name of any qualified person who agrees to serve if elected may be submitted by a signed, written petition, of at least 500 members in good standing as of the date of the election announcement, to the Board at least 60 days in advance of the start of the election.

Q:
Why do the Bylaws set 500 members in good standing as the requisite number for the petition process?

A:

When the membership ratified the current Bylaws, they determined one percent was seen as a low enough number that could reasonably be achieved by any member, particularly given that signatures could be electronic and the numerous mediums that are available, both official and unofficial, for gathering those signatures. The Bylaws set a number that would not be so small as to make the process so easy as to be perfunctory and not accurately reflect the size of the organization but at the same time not so large as to be an impediment.

Q:
Does (ISC)² notify the membership when and how to recommend Board member candidates or prepare a petition for candidacy?

A:

While (ISC)² is not required to notify the membership of any deadline pertaining to the petition process according to its Bylaws, (ISC)² notifies its members of petition procedures and deadlines every year. The Bylaws provide that petitions for names to go on the official ballot must be received no later than sixty (60) days prior to the election in time for the Board to ensure that they are otherwise qualified and agree to serve if elected and to place them on the official ballot. Eligible members may vote for any qualified candidate who agrees to serve.
Q:
What are the instructions for submitting petitions* to nominate a Board candidate?

A:
To submit a petition, follow these steps:

No later than the deadline, submit a written or electronic petition to (ISC)², containing the signatures of no less than 500 (ISC)² members who are in good standing.

For electronic petitions, the candidate must submit an e-mail that contains (a) original encapsulated emails from supporters using their e-mail address of record and providing their (ISC)² member ID number; and, (b) an Excel spreadsheet listing of all such names with corresponding email address of record and (ISC)² member ID number.

All petitions will be verified to ensure that they meet all of the requirements. If yours does not, we will notify you as soon as possible, giving you the opportunity to resolve the matters that prevented your first submission from being accepted and submit a corrected petition.

If someone else nominates you, you may decline the nomination.

*NOTE: (ISC)² does not endorse petitions. It is up to petitioners to promote their own petition and encourage other members to visit the site and "sign" their petition. (ISC)² will, however, send one email message per election year to all members on behalf of any candidate providing a link to more information about that candidate.
Q:
Other than receiving the required number of petition signatures, what determines if a candidate is qualified?

A:

The minimum qualifications, as set forth in the Bylaws, are that the candidate be a member in good standing, have sufficient command of the English language, meet the term limits requirement, and agree to serve if elected. Members may vote for anyone who meets this minimum qualification. See the question titled, "What does the Board look for in candidates?" for more details on candidate qualifications.

Q:
Where should I go if I have questions any about the Board of Directors election?

A:

Contact bodelections@isc2.org.

Board Election Timeline Board Election Timeline

30 March 2017

Announcement of election

1 May 2017

Board slate of nominees and electronic petition procedures announced

31 May 2017, 5:00 p.m. EDT

Deadline to submit petitions to ballot

23 July 2017

Announcement of instructions for electronic voting

30 July 2017, 8:00 a.m. EST

Electronic voting begins

12 August 2017, 5:00 p.m. EST

Electronic voting ends

About Certifications

(ISC)² Certifications

About Training

Training Methods

Study Resources

Profile & Info

Benefits

CPEs & AMFs

News

Events

Webinars

Board Elections

You Control the Future

The (ISC)² Board Election is now closed! Thank you to all who voted!

Board Slate

About Board Elections

30 March 2017

1 May 2017

31 May 2017, 5:00 p.m. EDT

23 July 2017

30 July 2017, 8:00 a.m. EST

12 August 2017, 5:00 p.m. EST

About (ISC)²

Validate Your Expertise

About Certifications

(ISC)² Certifications

Associate of (ISC)²

World-Class Cybersecurity Training

About Training

Training Methods

Study Resources

Members Only

Profile & Info

Benefits

CPEs & AMFs

News & Events

News

Events

Webinars

Board Elections

You Control the Future

The (ISC)² Board Election is now closed! Thank you to all who voted!

Board Slate

About Board Elections

30 March 2017

1 May 2017

31 May 2017, 5:00 p.m. EDT

23 July 2017

30 July 2017, 8:00 a.m. EST

12 August 2017, 5:00 p.m. EST