Announced earlier this year, ISC2 is facilitating development of a Code of Professional Conduct for the cybersecurity profession. A first draft of the Code was shared with ISC2 members to receive their feedback via the ISC2 member Dashboard. Now that this comment phase has concluded, ISC2 is pursuing independent validation from additional sources in academia, industry and other guiding bodies.

It is anticipated that a final version of the Code of Professional Conduct will be released this fall, after being reviewed by the ISC2 Board of Directors and the ISC2 Professional Conduct (Ethics) Committee.

As we approach this milestone release, ISC2 is excited to share the perspectives of some of the subject matter experts (SMEs) who – as members of the guiding Task Force – helped develop the first draft of the Code of Professional Conduct. These members include:

  • Jen Blacker, CISSP
  • Jerrad Dahlager, CISSP
  • Bogdan Nedelcu, CGRC, SSCP, CC
  • Christian Peter, CISSP, CCSP, CGRC
  • Jamie Pezzella, CISSP
  • Srija Reddy Allam, CISSP, CCSP
  • Panos Vlachos, CCSP

Volunteering with ISC2

We asked this group of volunteers why they chose to participate and help guide this project. Many were first-time volunteers with ISC2 and were excited about the opportunity to give back to their professional community.

“I've never volunteered for ISC2 before. I just earned my CISSP in September and am going for my ISSEP in May. I wanted to use my skills that I fought so hard for. I needed to use them for something bigger than work,” said Jen Blacker, CISSP.

“I volunteered for the ISC2 Code of Professional Conduct Task Force because I firmly believe that our profession needs clear, evolving ethical guidance that keeps pace with technology. Throughout my career, I've encountered situations where professionals faced difficult decisions without adequate ethical frameworks to guide them. By contributing to this Task Force, I aim to help create a resource that provides clarity during challenging moments and elevates the professional standards of our industry as a whole. The rapid pace of AI acceleration makes this work even more critical now. Additionally, I love giving back to the ISC2 community, which has supported my professional growth over the years,” said Jerrad Dahlager, CISSP.

“I have worked in software development for over 17 years, taking on various roles across the industry. After earning my CISSP certification, I finally felt confident that I had something valuable to contribute back to the community. This is my first time volunteering with ISC2, and it feels like a natural step in my professional journey. Throughout my career, I’ve been fortunate to learn from generous mentors and peers who freely shared their knowledge, advice, and support. Now, I believe it's my turn to give back—by supporting others, sharing my experience, and helping advance the profession as a whole,” said- Christian Peter, CISSP, CCSP, CGRC.

“I volunteered for this Task Force because I care deeply about the direction cybersecurity is taking and want to contribute to building a stronger, more ethical foundation for the future. As the only woman on my professional team, I feel a responsibility to represent diverse voices and experiences. This is a meaningful opportunity for me to help shape positive change, learn from others, and support a more inclusive and accountable cybersecurity community,” said Srija Reddy Allam, CISSP, CCSP.

"Volunteering in the Code Task Force allows me to contribute meaningfully, gain exposure to cybersecurity areas I’m less familiar with – through breakout sessions and brainstorming discussions – and leave my mark on the evolution of our profession by participating in drafting the new Code of Conduct.,” said Panos Vlachos, CCSP.

Facing Conduct or Ethical Dilemmas in Cybersecurity

We also asked these Task Force members how professional conduct or ethical dilemmas in cybersecurity can differ from other professions, as well as what professions could be looked to as similar and potential help guide the process. With the CISSP 30th anniversary having only recently taken place, cybersecurity is ultimately a relatively new profession compared to being a doctor, lawyer or even a locksmith.

“With over seven years of experience as an associate professor, I’ve had the opportunity to observe and navigate ethical considerations in both academia and cybersecurity. While every profession faces ethical dilemmas, cybersecurity stands apart in the immediacy and scale of its impact. Decisions made behind a screen—whether about data privacy, system integrity, or responsible disclosure—can have global consequences in real time. In contrast, ethical issues in academia, though significant, often unfold over longer timelines and affect more localized communities. That said, both fields share a deep reliance on trust, accountability and a strong code of professional conduct. In many ways, I see cybersecurity evolving into a discipline where ethical literacy is just as essential as technical expertise,” Nedelcu explained.

“We have a high responsibility like any other profession, with great responsibility to use our skills for the greater good and to guard the security of those entrusted to us,” said Jamie Pezzella, CISSP.

“Cybersecurity presents unique ethical challenges because it operates at the intersection of technical capabilities, privacy concerns, and security imperatives. Unlike many professions, our work often involves authorized access to sensitive systems and data that could be misused or compromised,” Dahlager noted.

“A useful comparison I made during a recent guest lecture on Ethics in Cybersecurity is to that of a locksmith. Locksmiths possess specialized tools and knowledge that allow them to open almost any lock—without the required key—but they do not misuse their skills because of their ethical codes, professional standards and the law. Similarly, cybersecurity professionals have the means, knowledge and access to sensitive systems and information, yet they uphold strict ethical principles to ensure their expertise is used responsibly,” Vlachos explained.

Eventual Use of Code of Professional Conduct

We also asked these volunteers how they hope that ISC2 members, as well as their non-member colleagues in the cybersecurity profession, would eventually use the Code of Professional Conduct.

“In a field as dynamic and high stakes as cybersecurity, having a clear, well-articulated Code helps professionals navigate complexity with integrity and confidence. I envision it empowering members to make ethically-sound decisions, foster trust with stakeholders and uphold the reputation of our profession. Ultimately, it should be a living document—respected, referenced and reflected in our actions” Nedelcu said.

“I hope ISC2 members and cybersecurity professionals will use the final Code of Professional Conduct as both a guide and a mirror– something to inform their daily decisions and also reflect on their role in shaping a safer cyber world. In a fast-moving field like cybersecurity, where not every situation has a clear rulebook, the Code can serve to navigate gray areas with integrity. I also hope it becomes a shared foundation across the profession encouraging accountability, fostering trust, and reinforcing that how we work is just as important as what we do,” Allam said.

Future Conduct and Ethical Developments

The development of this Code of Professional Conduct is only the first step. ISC2 plans to continue its work in this space and asked the Task Force members what they’d like to see in the future. 

“Beyond the Code itself, we have been developing resources to help professionals apply these principles in practice. These include case studies that demonstrate how the Code's principles apply to real-world scenarios, decision frameworks for navigating common ethical dilemmas, and educational materials that can be integrated into training programs,” Dahlager added.

“One of the exciting directions we've discussed involves ambassador programs that would help bring ethical principles to life within the ISC2 community. These programs could empower members to serve as local champions of professional conduct, helping others navigate real-world challenges and encouraging open conversations around ethics. The idea is to create a more accessible and supportive environment – where guidance doesn’t just come from documents, but from peers actively engaged in promoting best practices,” Nedelcu said.

“We are discussing the development of a decision-making framework designed to help cybersecurity professionals navigate complex ethical dilemmas with greater clarity and confidence. As emerging technologies – particularly AI – become more integrated into cybersecurity and organizational workflows, we are drafting guidelines on ethical implementation and integration,” Vlachos concluded.

For more information on the ISC2 Code of Ethics, which all certified members and Associates of ISC2 must abide by as a condition of being credentialed, visit https://www.isc2.org/ethics

Related Insights