Top of Page

Board Elections

You Control the Future

(ISC)² Board ElectionsThe (ISC)² Board Election is conducted over the course of two weeks each year. All members in good standing as of the date specified in the yearly election notice are eligible to vote in the election.

The Board puts forth several recommended candidates each year, and members in good standing as of the date specified may petition to have their names added to the ballot.

The results have been announced. Congratulations to our new board members!

About Board Elections

  • Board Candidates Board Candidates
    Gabriel Bergel Headshot
    Gabriel Bergel, CISSP (Chile)

    Gabriel Bergel currently holds several positions within the field of cybersecurity, including Head of Consulting in Telefonica Cyber & Club Tech in Chile, Director in Fundación Nativos Digitales, Director of Public Policies at Whilolab and Cofounder and CEO of 8.8 Computer Security Conference. He also serves as Coordinator of the Industrial Cybersecurity Center (CCI) and Host of the #8punto8 radio program of (first radio program of Cybersecurity in Chile).

    Gabriel has a master’s degree in cybersecurity from IMF Business School and Camilo José Cela University in Spain. He has 19 years of experience in a variety of areas of cybersecurity, working as a consultant, project manager, security engineer, CISO, CSO and others. He regularly presents in courses, conferences, workshops and forums around the world.

    Tom Gamali Headshot
    Tom Gamali, CISSP (United Arab Emirates)

    Tom Gamali currently holds the position as Group Chief Information Security Officer for the Abdul latif Jameel, a large, diversified group founded in KSA more than 75 years ago, operating now across five continents within the automotive, finance, energy, medical and real estate sectors. He has more than twenty years experience in technology and security having worked for blue chip companies operating in the U.S. and Europe, with recent experiences within the financial services sector in the Arabian Gulf region. Tom achieved his CISSP in 2002 and has been recognized as one of the first cyber professionals operating in the Arabian Gulf, establishing the first big four practice in 2003 and becoming one of the first CISOs appointed in 2005.

    Tom holds a BEng (Electronic Engineering), MSC in Advanced Manufacturing Systems and certificates in Artificial Intelligence and Machine Learning from the Sloan School of Management (MIT). He has a broad technical background built over years of operational experience and is also highly experienced in areas relating to corporate governance, regulatory compliance, digital transformation and digital risk management.

    One of Tom’s key areas of focus is supporting and advising various diverse boards, regulators and technology providers regarding cyber and technology risks to ensuring adequate and governance and support is provided down through the organization to all stakeholders.

    Tom is a truly dedicated cybersecurity professional and enjoys supporting his fellow professionals whenever possible. He is a co-founder of the Kuwait (ISC)² Chapter, the Arabian Gulf’s longest running chapter and has also helped ensure its succession for years to come through active participation of its members. He has served for six years as an (ISC)² EMEA Advisory Council member supporting events within the region helping to ensure that the members get the most out of their certifications, (ISC)² and our community.

    Rachel Guinto Headshot
    Rachel Guinto, CISSP (Canada)

    Rachel Guinto is a seasoned risk and cyber security professional located in Canada. Her diverse experience spans two decades encompassing roles in operations, governance and risk management. Her career across multiple areas of information security started several years after graduating from the University of Toronto with a Bachelor of Arts in political science. She took an unconventional path to cybersecurity starting first in the production department of a print advertising company followed by editorial roles at a tourism magazine. As the internet quickly gained in popularity, Rachel adapted and pivoted to the digital world as a web content producer for the financial portal of an organization's women focused website.

    Unfortunately, due to the collapse of the dotcom era, the website was cancelled and departments downsized. With extra time on her hands, Rachel continued to pursue opportunities in the digital space and enrolled in an accelerated program at Centennial College for Applied Arts and Science, earning a diploma in computer programming. The program required completion of an internship and as luck would have it, she landed a role in the information security department of a Canadian bank. This internship led to Rachel's first full-time position since transitioning to a new career path. From there, her journey expanded over time across many security domains including roles in access management, assessment and assurance, hardening validation and vulnerability management.

    After several years as a security advisor for internal projects, Rachel navigated multiple management roles at two Canadian banks leading teams in customer identity, cryptographic infrastructure operations and architecture, metrics reporting, application development and support, and enterprise security standards and regulatory management. These diverse experiences led to her appointment as a CISO with a provincial government agency, followed by a role at Manulife in the second line of defense where she is currently the AVP of Information Risk Management.

    Rachel is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM), and active in the industry and community. She is a member of the Advisory Council of York University’s Cloud Computing Strategy, and the standards review committee of the CIO Strategy Council. Rachel volunteers her time with (ISC)² having presented the Cyber Safety and Education material to parents and students, and participates in CISSP exam development. She is also often a speaker and panelist at various IT and security conferences, and post-secondary institutions. Somewhere in between all these engagements, Rachel also manages a household of three active children and an energetic labradoodle.

    Dan Houser Headshot
    Dan Houser, CISSP-ISSAP, ISSMP, CSSLP (United States)

    Dan Houser is Senior Principal Technologist for a Global NGO/nonprofit where he develops and executes strategy for the information security program. He brings six years of prior service on the (ISC)² Board of Directors (2009-2014) including serving as treasurer and chair of many committees. With a passion for strategy, privacy and international execution, Dan has lead multiple initiatives for Fortune 500 firms launching new companies and divisions in Southeast Asia. A published author known for innovation in security, Dan is a frequent speaker at international conferences and serves on the RSA program committee.

    As an experienced board member, Dan has served as consultant to multiple boards, training boards' leadership and coaching struggling boards back to successful operations and execution on mission. Dan holds an MBA, CISSP-ISSAP, ISSMP, CSSLP, CISA, CISM and CGEIT credentials. He helped create and launch three (ISC)² certifications: CISSP-ISSAP, CISSP-ISSMP and HCISPP. He is also the co-author of the CISSP-ISSAP Common Body of Knowledge (cryptography).

    Dan's vision for (ISC)² is to continue the strong work at focusing on delivering and improving membership value, while driving renewed engagement in EMEA, Asia and South America, improve product portfolio management, and forge relationships with governments to achieve a balanced approach to licensure in the information security field. Improving ethics, diversity and inclusion in the workforce will be necessary to meet the challenges of market demand and the future of our profession, and (ISC)² must be a voice for change. As an experienced board member who believes in servant leadership, Dan has accepted nomination and seeks to be a change agent for the betterment of our profession and the (ISC)² organization.

    SC Leung Headshot
    SC Leung, CISSP, CCSP (Hong Kong)

    SC Leung is currently the Head of the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT). He has more than 25 years of working experience serving banking, internet solution provider, telecommunication and consultancy industries.

    He is currently a member of the (ISC)² Board of Director and the Chair of the Bylaws Committee. He is also the member of the Boards of Internet Society Hong Kong Chapter and Cloud Security Alliance Hong Kong and Macau Chapter. SC has extensive experience in setting business strategy of organisation, building strategic partnership and liaison with government.

    With strong international and local links, SC coordinates with CERTs, ISACs, APNIC and international security agencies to exchange information security intelligence and security incidents in his capacity as the Head of HKCERT. He had served in the APAC Advisory Council of (ISC)² and has good connections with chapters in the APAC region. SC has been a speaker in various international/regional conferences of (ISC)², FIRST, APCERT, National CSIRT Meeting, APECTEL, CyberTech Conference in Israel, CNCERT/CC of China, CDIC of Thailand and the National University of Singapore.

    SC holds information security designations CISSP, CCSP, CISA and CBCP. He was the Honouree of (ISC)² Asia Pacific Information Security Leader Achievement Award in 2007 and the (ISC)² CEO Award in 2013. SC has been invited to serve in advisory groups of cloud security and e-healthcare record service of the Hong Kong SAR Government.

    SC has extensive experience in CERT and security consulting, including IT/OT, Industry 4.0 and ICS. He considers (ISC)² having a role to play in advancing cyber security in less developed regions as well as expanding its influence to professionals who are in OT field and digital transformation change management.

    SC likes to work with other members of the Board to contribute in these areas:

    1. Enhance (ISC)² to be a thought leader and strong advocator of global cyber security capability development, leveraging comparative research of government strategies in cyber security capability building and to engage developing economies in cyber security to grow the influence of (ISC)².
    2. Grow (ISC)² global market and enhance chapter development
    3. Enhance continued development of members to tackle fast changing environment such as digital transformation, future skills in 5G, IoT, cloud, IT/OT convergence, balanced technical and management skills.
    4. Consider leveraging the Professional Development Institute to engage and train up OT professionals who have keen interest and large demand in cyber security
    5. Enhance (ISC)² Board documentation of process and cross-committee collaboration

    Lori Ross O’Neil Headshot
    Lori Ross O’Neil, CISSP (United States)

    Lori Ross O’Neil is a Senior Cyber Security Researcher at the Pacific Northwest National Laboratory for the U.S. Department of Energy. Lori, and her teams, deliver novel cyber solutions in the mission to protect national critical infrastructure. Lori seeks out opportunities to partner and grow a global cyber workforce at all levels with a focus on under-represented groups and those seeking to add cybersecurity to their professions. She is truly honored to serve (ISC)² as a current member of the Board of Directors.

    With more than 20 years in cyber, Lori innovatively leads multi-million-dollar technical research projects. She and her teams perform cyber research and development in collaboration with domestic and international government agencies, academia and industry. Prior to coming to PNNL, Lori worked at NASA as an aerospace engineer, supporting the Space Shuttle and other flight test programs. She and her family are supporters of STEM through aviation, by sharing their experiences building three full-size experimental airplanes which have received international awards. Lori regularly volunteers with a focus on cybersecurity for all ages including speaking on cybersecurity topics, chairing cybersecurity events and mentoring.

    James Packer Headshot
    James Packer, CISSP, CCSP (Switzerland)

    James Packer is a proud and dedicated advocate for (ISC)² members. His volunteering has been centered around providing members and Security professionals with value and opportunities, predominantly in the Chapters domain.

    James founded the (ISC)² London Chapter with a mission focused towards listening to security professionals and building a Chapter for the members. He went on to provide guidance and support to Chapters across the UK and EMEA, something he still does today.

    In recent years, James has been chairing the global Chapter Advisory Committee, as well as contributing to other (ISC)² advisory groups, including the DEI Taskforce and EMEA advisory committee.

    Professionally James has 14 years of leadership and experience working around the world in industries including Education, Professional Services, Financial Services, M&A and Insurance.

    James is currently Head of Information Security at Education First in Zurich, having moved from KPMG in the UK. James' areas of specialisation include Security Strategy, Cloud Security, Incident Management, Security Awareness and Culture, Risk Management and Technical Security Training.

    James is an avid mentor of fellow Security professionals and also enjoys helping the younger generation to better understand the Cyber world through presentations at schools and colleges.

    James has received the 2019 (ISC)² ISLA EMEA Senior Information Security Professional Award, the Unsung Heroes Award in 2019 and the 2020 (ISC)² CEO Award.

    James was also a Finalist in the SC Awards Europe 2020, the Cyber Security Awards 2020 and the UK National Cyber Awards 2020."

    Kostas Papadatos Headshot
    Kostas Papadatos, CISSP-ISSMP (Greece)

    Kostas Papadatos is a Cybersecurity Executive and Entrepreneur with more than twenty-five years of experience in the field of cybersecurity. He has extensive executive background combined with strong information security expertise (in both management and technical areas) and cross-industry exposure in multiple sectors including financial, telecoms, manufacturing, lottery, healthcare, transportation, retail, government, army etc.

    Kostas has a rich mix of senior level experience in business development, sales, operations, finance, project management and people management. He is diversely experienced from business plan development and fundraising to startup establishment, organic growth of a company, mergers and acquisitions, as well as the sale of a company. Kostas has a consistent, international track record in leading and delivering demanding cybersecurity projects including risk analyses, security manuals and business continuity plan development, security architectures design and implementation, technical security and& compliance audits and penetration tests.

    He is the Founder and Managing Director of a cybersecurity consulting firm, Cyber Noesis, and a founding member of DPO Academy (education organization). He was the founder of the (ISC)² Hellenic Chapter and served as president from 2013-2019, as well as head of chapter’s Internal Audit Comitee from 2019 to 2021. In the past, he was a founding member of another cybersecurity firm (ENCODE) and has also worked for other major organizations holding executive positions (Adacom, DQS Hellas, Space Hellas).

    Kostas holds an MSc in Information Security from Royal Holloway (University of London) and several industry certifications including CISSP-ISSMP, CISM, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, Certified DPO, Lead SCADA Security Manager, PMP and MBCI.

    During his career, Kostas has been a keynote or invited speaker at numerous national and international conferences and the author of many information security-related articles in specialised magazines and journals.

  • Board Election FAQs Board Election FAQs

    How does the (ISC)² Board of Directors election process work?


    The election takes place for two weeks every year. All members in good standing as of the date specified in the election notice and of the date of the election may vote. The Board puts forth several recommended candidates each year, and members in good standing as of the date specified in the election notice may petition to have their names added to the ballot.


    Who is eligible to vote in the Board election?


    (ISC)² credential holders in good standing as of 11 May 2021 and the date of the election can participate in the Board of Directors election process.


    Why are only some Board positions available for election?


    Board members are elected to three-year terms, and those terms are staggered so that only one-third of the members stand for election each year. This is consistent with common practices for nonprofit organizations, providing continuity of leadership and stewardship.


    Why doesn't the Board place a call for nominations?


    Early in the year, the Board begins looking for potential candidates for the Board. This review begins by asking for suitable nominations from its various advisory boards and committees. This search typically yields approximately 25 potential candidates. The Nominations Committee then spends time vetting the candidates against various criteria listed below. This nomination and vetting process ensures that candidates have demonstrated their ability and desire to provide their time and energies to the organization over an extended period of time and are likely to be productive Board members.


    What does the Board look for in candidates it puts forth on its endorsed slate?


    When assembling the endorsed slate every election year, the Board is looking for a balance of experience and particular personal characteristics. Prospective Board candidates must:

    • Have an established record of leadership in the field of information systems security.
    • Have experience in a managing or directing strategic program across an enterprise.
    • Have earned the respect and trust of peers in the subject of information security.
    • Have an established record of advancing the field of information security.
    • Have not been a salaried employee of (ISC)² or its affiliates.
    • Possess the ability to: listen, analyze, think clearly and creatively, and work well with people both individually and in a group.
    • Have the willingness to prepare for and attend four or more in-person board meetings, weekly teleconferences and committee meetings, ask questions, take responsibility and follow through on a given assignment, and read and understand financial statements.
    • Create opportunities for (ISC)².
    • Have a commitment from his or her employer to support the time off from work required to support this commitment.
    • Have a willingness to cultivate and recruit future Board members and other volunteers.
    • Possess honesty, sensitivity to and tolerance of differing views, and a desire to serve as a member of a team.
    • Be friendly, responsive, and patient in dealings with fellow Board members, and possess a sense of humor.
    • Adhere to the (ISC)² Code of Ethics.
    • Promote the agreed collective Board opinion above their own personal views.
    • Advocate for the organization. Work for change or acceptance where organizational views do not mirror those of the Board member.
    • Refrain from bringing the organization into disrepute through personal actions or words.
    • Qualify for eligibility based on the current (ISC)² Bylaws.

    What selection criteria does the Board Nominations Committee use?


    The primary criteria used by the Nominations Committee are a matching of potential candidates to the ‘Experience and Personal Characteristics’ described above. The Committee will not nominate anyone whom the members feel, or know from experience, cannot meet these requirements. Above all, the Board is concerned with how well the membership will be served through the work and responsibilities of their proposed nominees.


    Can (ISC)² members nominate others for Board election?


    Yes. As detailed in the (ISC)² Bylaws, the name of any qualified person who agrees to serve if elected may be submitted by a signed, written petition, of at least 500 members in good standing as of the date of the election announcement, to the Board at least 60 days in advance of the start of the election.


    Why do the Bylaws set 500 members in good standing as the requisite number for the petition process?


    When the membership ratified the current Bylaws, they determined one percent was seen as a low enough number that could reasonably be achieved by any member, particularly given that signatures could be electronic and the numerous mediums that are available, both official and unofficial, for gathering those signatures. The Bylaws set a number that would not be so small as to make the process so easy as to be perfunctory and not accurately reflect the size of the organization but at the same time not so large as to be an impediment.


    Does (ISC)² notify the membership when and how to recommend Board member candidates or prepare a petition for candidacy?


    While (ISC)² is not required to notify the membership of any deadline pertaining to the petition process according to its Bylaws, (ISC)² notifies its members of petition procedures and deadlines every year. The Bylaws provide that petitions for names to go on the official ballot must be received no later than sixty (60) days prior to the election in time for the Board to ensure that they are otherwise qualified and agree to serve if elected and to place them on the official ballot. Eligible members may vote for any qualified candidate who agrees to serve.


    What are the instructions for submitting petitions* to nominate a Board candidate?


    To submit a petition, follow these steps:

    • No later than the deadline, submit a written or electronic petition to (ISC)², containing the signatures of no less than 500 (ISC)² members who are in good standing.
    • For electronic petitions, the candidate must submit an e-mail that contains (a) original encapsulated emails from supporters using their e-mail address of record and providing their (ISC)² member ID number; and, (b) an Excel spreadsheet listing of all such names with corresponding email address of record and (ISC)² member ID number.
    • All petitions will be verified to ensure that they meet all of the requirements. If yours does not, we will notify you as soon as possible, giving you the opportunity to resolve the matters that prevented your first submission from being accepted and submit a corrected petition.
    • If someone else nominates you, you may decline the nomination.

    *NOTE: (ISC)² does not endorse petitions. It is up to petitioners to promote their own petition and encourage other members to visit the site and "sign" their petition. (ISC)² will, however, send one email message per election year to all members on behalf of any candidate providing a link to more information about that candidate.


    Other than receiving the required number of petition signatures, what determines if a candidate is qualified?


    The minimum qualifications, as set forth in the Bylaws, are that the candidate be a member in good standing, have sufficient command of the English language, meet the term limits requirement, and agree to serve if elected. Members may vote for anyone who meets this minimum qualification. See the question titled, "What does the Board look for in candidates?" for more details on candidate qualifications.


    Where should I go if I have any questions about the Board of Directors election?

  • Board Election Timeline Board Election Timeline

    10 June 2021

    Board slate of nominees & electronic petition procedures announced

    10 July 2021, 5:00 p.m. EDT

    Deadline to submit petitions to ballot

    1 September 2021

    Announcement of instructions for electronic voting

    8 September 2021, 8:00 a.m. EDT

    Electronic voting begins

    22 September 2021, 5:00 p.m. EDT

    Electronic voting ends
  • Voting Instructions Voting Instructions

    We encourage all of our members to participate in the election process as your vote helps set the direction of the organization over the next year.

    • Voting is done electronically via the members-only side of the (ISC)² website. You can only cast one ballot; there will be NO voting in person.
    • You will be required to sign in by entering your email address and password.
    • To record your vote, beginning 8 September 2021, you can access the the election application online at
    • Click the Vote Now link in the banner at the top of the page.
    • Background information for each candidate is available by clicking the bio link next to that candidate’s name.
    • To cast your ballot, check off or write in up to four candidates. No more than one vote per candidate will be counted.
    • If you elect to cast a write-in vote, please ensure the name matches the candidate’s name of record. Variations in spelling that create doubt as to who you are voting for will NOT BE COUNTED. (e.g. James E. Brown vs. Jimmy Brown vs. J. Brown vs. James Borwn)

    As a reminder, eligibility to vote in the election requires you must be in good standing as of the date of the election announcement, 15 May 2021, and the date of this notice. If you have any issues, please email

Don't Miss Out

Keep in Touch
Always get news, events and enrichment opportunities that give you a professional edge. Stay in touch and on track with new (ISC)² communications. Easily customize your subscriptions to receive exactly what you need at