Top of Page

Board Elections

You Control the Future

(ISC)² Board Elections The (ISC)² Board Election is conducted over the course of two weeks each year. All members in good standing as of the date specified in the yearly election notice are eligible to vote in the election.

The 2022 candidate slate was selected from an open call for nominations held earlier this year. ALL (ISC)² Members had the opportunity to nominate themselves to serve on the Board of Directors.

Voting has closed. Results will be announced soon.

About Board Elections

  • Board Candidates Board Candidates
    Laurie-Ann Bourdain

    Laurie-Anne Bourdain, CISSP – Belgium
    Laurie-Anne is Data Protection Officer, Risk Officer & (information Security, Risk Management and Data Protection) Awareness Manager at Isabel Group, a Belgian Fintech active in the BeNeFraLux (Belgium, Netherlands, France & Luxembourg area) for more than 25 years. 

    In her Data Protection role, Laurie-Anne ensures all activities of the group are done in compliance with data protection laws, such as the GDPR and ePrivacy Directive, follows up on new laws and regulation development, and provides pragmatic advice on development of new solutions, on acquisitions and day-to-day handling of personal data. 

    In her risk officer role, Laurie-Anne developed and implemented an Enterprise Risk Management framework, ensures that all companies of the group, departments and projects follows the best practices of risk management and support the organisation in the identification of risks (via multiple workshops). 

    Finally, in her Awareness Manager role, Laurie-Anne design, on a yearly basis, a risk-based awareness plan that covers the topics of information security, risk management, data protection and anti-fraud/anti-money laundering; she also creates most of the content to be delivered through this annual plan.

    In addition, Laurie-Anne is involved in several activities, both locally in Belgium (such as with the Belgian Cyber Security Coalition, where she co-chairs the GRC focus group or as a trainer for the Cyber Security Awareness and Culture Manager certifying training) and internationally with (ISC)² where she is part of the UK & Europe Event Planning Committee, with the Center for Cyber Safety and Education, and as an exam development volunteer; and with the IAPP where she chairs the CIPP/E exam development board. 

    Laurie-Anne has 14 years of experience in information security and risk management and 6 years of experience in data protection. She mostly focused on Governance, Risk and Compliance (GRC), awareness and training, and internal advice activities along her career. 

    She previously was a consultant within EY where she led the privacy practice for Belgium (non-banking sector) and Senior Privacy Manager at Sony Europe Electronics; in both positions she helped companies implementing the requirements of GDPR: from identification of personal data to design of documentation and handling of data subjects’ requests. 

    She also was a non-financial risk officer and information technology process manager (in both positions specialised in security and compliance domains) at ING Belgium, working closely with ING corporate to develop group wide Information Security policies, guidelines and GRC tooling.

    Edward Farrell

    Edward Farrell, SSCP, CISSP – Australia
    Edward Farrell is a security consultant with 12 years of experience in cybersecurity and 17 years in technology. He is the director of Mercury Information Security Services, an independent cyber security practice he has conducted or overseen the delivery of over 700 security assessment activities and incident responses in the past 7 years. Concurrent to his professional work Edward is an active member of Australia's cybersecurity community, where he regularly delivers talks on his research and insights into industry, including vulnerability research against building management systems. He has been an industry fellow at the Australian Defence Force Academy in Canberra since 2017 where he delivers an array of training and postgraduate courses. Edward is also a member of the CREST advisory board for penetration testing, and a member of the Australian regional board for CREST.

    His industry certifications include the CISSP, SSCP, Security+, CREST CRT and CISA. He is also a qualified CERT IV instructor and a graduate of the Australian Institute of Company Directors (AICD).

    Outside of his work in industry, Edward is a member of the Australian Army Reserve and a 20-year veteran of the Surf Life Saving Movement.

    Nalneesh Gaur, CISSP-ISSAP – United States
    Nalneesh Gaur is a PwC Partner and the global head of PwC's Pharmaceutical Cybersecurity and Privacy practice.

    Nalneesh works with executives of global corporation in defining their Cybersecurity program, investment priorities and governance models. He has developed multiple board level Cybersecurity strategies for global pharmaceutical services companies. These strategies have enabled his clients to mature their cybersecurity program while achieving business alignment.

    Nalneesh is a Certified Information Systems Security Professional (CISSP). He writes on the topic of Cybersecurity for the World Economic Forum Agenda.

    Guy Ngambeket, CISSP – United Arab Emirates

    Guy is a Senior Manager at Kearney, a Global Strategy and Management consulting firm. He focuses on Cybersecurity topics and coordinates the offering within the firm, both globally and in the middle east where he is based.

    He has 14 years of experience in cybersecurity and digital in top tier firms and drove several strategic cybersecurity studies in Africa, Europe, North America, and Middle East. He also authored and co-authored several articles in cybersecurity and digital.

    He is a computer science Engineer and MBA from London Business School.

    Yiannis Pavlosoglou, CISSP – Greece
    Yiannis Pavlosoglou is the founder & CEO of Kiberna, specializing in cyber risk engineering. As a cybersecurity executive with over 20 years’ experience, he has a proven record in the financial services industry and has helped several companies, including two of his own, succeed in Europe and the U.K. Yiannis has effectively held the position of Chief Information Security Officer (CISO) in both government and industry and has served for several years as a Non-Executive Director on the Board of a 501(c) 6 non-profit organization headquartered in the U.S.

  • Board Election Timeline Board Election Timeline
    • May 12 – Board nominations are open to eligible (ISC)² members
    • June 12 – Nomination period closes
    • August 03 – Publish slate of selected Board nominees
    • September 02 – Petition period closes
    • October 25 – Voting instructions are distributed to eligible (ISC)² members
    • November 01– Voting opens
    • November 14 – Voting closes
  • Board Election FAQs Board Election FAQs

    How does the (ISC)² Board of Directors election process work?


    The election takes place for two weeks every year. All members in good standing as of the date specified in the election notice and of the date of the election may vote. The Board will put forth candidates to fill the open Board positions. Members in good standing as of the date specified in the election notice may petition to have their names added to the ballot. During the election itself, (ISC)² members will be able to vote affirmatively to support the election of the candidates presented by the Board.


    Who is eligible to vote in the Board election?


    Certified (ISC)² members in good standing as of 26 May 2022, and remain in good standing through the date of the election can participate in the Board of Directors election process. “In good standing” is defined as being up to date with all AMF requirements and having no open ethical investigations.


    What does the Board look for in candidates?


    When assembling the endorsed slate every election year, the Board is looking for a balance of experience and particular personal characteristics. Ideal candidates should: 

    • Have an established record of leadership in the field of information systems security. 
    • Have experience in a managing or directing strategic program across an enterprise. 
    • Have earned the respect and trust of peers in the subject of information security. 
    • Have an established record of advancing the field of information security. 
    • Have not been a salaried employee of (ISC)² or its affiliates. 
    • Possess the ability to: listen, analyze, think clearly and creatively, and work well with people both individually and in a group. 
    • Have the willingness to prepare for and attend four or more in-person Board meetings, weekly teleconferences and committee meetings, ask questions, take responsibility and follow through on a given assignment, and read and understand financial statements. 
    • Create opportunities for (ISC)². 
    • Have a commitment from their employer to support the time off from work required to support this commitment. 
    • Have a willingness to cultivate and recruit future Board members and other volunteers. 
    • Possess honesty, sensitivity to and tolerance of differing views, and a desire to serve as a member of a team. 
    • Be friendly, responsive, and patient in dealings with fellow Board members, and possess a sense of humor. 
    • Adhere to the (ISC)² Code of Ethics. 
    • Promote the agreed collective Board opinion above their own personal views. 
    • Advocate for the organization.  
    • Work for change or acceptance where organizational views do not mirror those of the Board member. 
    • Refrain from bringing the organization into disrepute through personal actions or words. 
    • Qualify for eligibility based on the current (ISC)² Bylaws. 

    What selection criteria does the Board Nominations Committee use?


    The primary criteria used by the Nominations Committee are a matching of potential candidates to the ‘Experience and Personal Characteristics’ described above. The Committee will not nominate anyone whom the members feel, or know from experience, cannot meet these requirements. Above all, the Board is concerned with how well the membership will be served through the work and responsibilities of their proposed nominees.


    Can (ISC)² members nominate others for Board election?


    No. Following the update to the nomination process in 2022, (ISC)² members may only nominate themselves for consideration for the Board. If you know a member you think should serve, please pass along the link to the nominations portal.


    Why do the Bylaws set 500 members in good standing as the requisite number for the petition process?


    When the membership ratified the current Bylaws, they determined one percent was seen as a low enough number that could reasonably be achieved by any member, particularly given that signatures could be electronic and the numerous mediums that are available, both official and unofficial, for gathering those signatures. The Bylaws set a number that would not be so small as to make the process so easy as to be perfunctory and not accurately reflect the size of the organization but at the same time not so large as to be an impediment.


    What are the instructions for submitting petitions* to nominate a Board candidate?


    To submit a petition, follow these steps: 

    • No later than the deadline, submit a written or electronic petition to (ISC)², containing the signatures of no less than 500 (ISC)² members who are in good standing. 
    • For electronic petitions, the candidate must submit an email that contains (a) original encapsulated emails from supporters using their email address of record and providing their (ISC)² member ID number; and, (b) an Excel spreadsheet listing of all such names with corresponding email address of record and (ISC)² member ID number. 
    • All petitions will be verified to ensure that they meet all requirements. If yours does not, you will be notified as soon as possible, giving you the opportunity to resolve the matters that prevented your first submission from being accepted and submit a corrected petition. 
    • If someone else nominates you, you may decline the nomination. 

    Other than receiving the required number of petition signatures, what determines if a candidate is qualified?


    The minimum qualifications, as set forth in the Bylaws, are that the candidate be a member in good standing, have sufficient command of the English language, meet the term limits requirement, and agree to serve if elected. Members may vote for anyone who meets this minimum qualification.


    Who should I contact if I have other questions about the Board election?


    Please reach out to

  • Voting Instructions Voting Instructions
    • Voting is done electronically via the members-only side of; no voting in-person
    • You may cast one ballot
    • To record your vote, beginning November 1, 2022, sign in and visit your member dashboard
    • Click the “Vote for Board Election” link in the banner at the top of the page to visit the election portal
    • Electronic balloting will begin on November 1 at 8:00 a.m. ET and close on November 14 at 5:00 p.m. ET