Top of Page

(ISC)² Board of Directors

One of the many things that makes the (ISC)² community special is we have members who seek out challenges. We see that every day in our (ISC)² Board of Directors.

Elected by fellow members, our board members are (ISC)² certified like you. These leading information security professionals represent a wide range of organizations around the world. As our board members, they’re responsible for:

  • Providing strategic direction, governance and oversight for (ISC)²
  • Developing policies and procedures
  • Granting certifications
  • Enforcing the (ISC)² Code of Ethics
  • Get to Know Our Board Members Get to Know Our Board Members
    Zach Tudor

    Zachary Tudor, CISSP (U.S.)

    Zachary (Zach) is the Associate Laboratory Director of Idaho National Laboratory’s (INL) National and Homeland Security’s (N&HS) organization. It’s a major center for national security technology development and demonstration, employing 550 scientists and engineers across $300M in programs for the: 

    • Department of Defense (DOD)
    • Department of Homeland Security (DHS)
    • The Intelligence Community
    N&HS is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection, Defense Systems and Homeland Security missions that include:
    • Safeguarding and securing vulnerable nuclear material
    • Enhancing the overall security and resilience of the nation’s infrastructure
    • Providing protective system solutions and heavy manufacturing of armor for national defense
    Zach has more than 30 years of experience in IT and cyber security management, operations and incident response. 

    Past positions include Program Director in the Computer Science Laboratory at SRI International, support to the Control Systems Security Program (CSSP) and the ICS-CERT at DHS, on-site deputy, program manager for the NRO’s world-wide operational network, information security manager for OSD CIO’s Enterprise Operations Support Team and security management support for the Centers for Medicare and Medicaid Services. 

    Zach holds an M.S. in Information Systems from George Mason University concentrating in cyber security.


    Lori Ross O’Neil, CISSP

    Lori Ross O’Neil, CISSP (U.S.)
    Vice Chairperson
    (ISC)² Board Business Practices Committee Chair

    Lori is a Cyber Security Project Manager at the Pacific Northwest National Laboratory. In her current role with PNNL, Lori manages multimillion-dollar energy cybersecurity research projects where her teams work in partnership with government agencies and industry to perform research and development to deliver "first of a kind" solutions in the mission to protect the United States national critical infrastructure.

    She has more than 20 years of experience in cybersecurity and information technology, the last 10 years of which has focused on operational security of Industrial Control Systems (ICS) with a focus on the U.S. energy sector. She previously held various technical positions with the National Aeronautics and Space Administration (NASA), focused on orbital vehicle missions and the manufacture of the last U.S. Space Shuttle.

    Yiannis Pavlosoglou

    Yiannis Pavlosoglou, CISSP (Greece)
    (ISC)² Ethics Committee Chair

    Yiannis Pavlosoglou is a knowledgeable principal in information security management with proven history in the financial services industry. Yiannis has practiced Operational Resilience, NIST, CERT RMM, Ethical Hacking, Coding, and Process Excellence. He is a strong professional in governance with experience of providing quarterly updates to U.K. boards and regulators.

    David Melnick, CISSP (USA)

    David Melnick, CISSP (U.S.)
    (ISC)² Board Audit Committee Chair

    David Melnick, Vice President Web Isolation at Proofpoint and previous founder and CEO of WebLife, has almost 25 years of experience in technology and security. David has worked extensively with both U.S. and global companies advising them on setting strategy, developing risk-based priorities, and operationalizing effective governance of highly sensitive and regulated data. David’s experience includes implementing security technology and addressing privacy regulatory requirements including Global, U.S. Federal and U.S. State privacy requirements. 

    David has authored several books through McGraw Hill Publishing and Macmillan Publishing including PDA Security: Incorporating Handhelds into your Enterprise. Currently his books have been translated into four languages including Japanese, Chinese and Italian. David is a Certified Information Privacy Professional (CIPP/E CIPP/US), a Certified Information Systems Auditor (CISA), a Certified Information Systems Security Professional (CISSP).

    Gabriel Bergel, CISSP

    Gabriel Bergel, CISSP (Chile)

    Gabriel Bergel currently holds several positions within the field of cybersecurity, including Chief Security Ambassador of ElevenPaths (Telefonica) for Chile & Brazil, Director of Public Policies at Whilolab and Cofounder and Organizer of 8.8 Computer Security Conference. He also serves as Coordinator of the Industrial Cybersecurity Center (CCI), Professor of the Master in Cybersecurity of the Adolfo Ibáñez University and Host of the #8punto8 radio program of (first radio program of Cybersecurity in Chile).

    Gabriel has a master’s degree in cybersecurity from IMF Business School and Camilo José Cela University in Spain. He has more than 16 years of experience in a variety of areas of cybersecurity, working as a consultant, project manager, security engineer, CISO and others. He regularly presents in courses, conferences, workshops and forums around the world.

    Biljana Cerin, CISSP (Croatia)

    Biljana Cerin, CISSP (Croatia)

    Biljana Cerin is the Director of Ostendo Consulting, an information security governance, risk management and consulting services company founded 2011 in London, U.K. and Zagreb, Croatia. Biljana has over 20 years’ professional experience in leading successful information security projects for clients in financial, telecommunication, government, oil and gas, energy, biotechnology, higher education, and IT services sectors worldwide, such as Fortune 500 biotech Amgen, Stanford University Hospital and Clinics, MGM Resorts International, Merck and other leading world, regional and domestic companies.

    She strives towards engaging young professionals, especially women, in information security field during early stages of their careers and establishing a stronger connection between the professional community and educational institutions. In 2019. she was selected to the Top 50 Women of Influence in Cybersecurity in Europe, by the SC Magazine UK, and in 2020. she was selected to the US Department of State premiere IVLP program to participate in collaboration and strengthening of the cyber security community initiatives worldwide.

    Biljana is also the President of the Cybersecurity Association at the Vice president of the IT association at the Croatian Chamber of Economy. She is a frequent speaker at leading international information security conferences, and the bearer of CISSP, CIPP/E, CISA, CISM, CGEIT, CBCP and PMP professional certifications.

    Aloysius Cheang, CISSP (Singapore)

    Aloysius Cheang, CISSP (United Arab Emirates)

    Aloysius Cheang is a senior corporate executive with extensive experience running global businesses. In his line of work, he has built and led large multi-cultural, multi-disciplinary team spread across five continents and four major time zones in highly heterogeneous and demanding environments. 

    Along with serving on the (ISC)² Board, Aloysius serves as a Board Director and EVP APAC for U.K.-based cyber leadership think tank, the Centre for Strategic Cyberspace + International Studies. He is also a Director with AC3Labs in Singapore and co-founder of Taiwan-based IoT and blockchain security startups, iSyncGroup Inc and Doqubiz Inc. Aloysius was most recently co-founder and managing director for Cloud Security Alliance APAC.

    As a globally recognized cybersecurity expert, Aloysius's professional perspective is highly valued by major media such as the BBC, Times, Wall Street Journal, Xinhua News, SCMP, The Hindu, China Times, Straits Times and CNA.

    Art Friedman

    Arthur R. Friedman, CISSP (U.S.)
    (ISC)² Board Nominations Committee Chair

    Arthur Friedman has 40 years of diversified technical, national policy, management and teaching experience in the cybersecurity field. He currently supports the Committee on National Security Systems and the National Security Council as a senior Cybersecurity Strategist. He has held various technical and management positions at the National Security Agency supporting the computer network defense mission.

    Arthur also worked in the private sector for The MITRE Corporation and Booz Allen and Hamilton as a systems security engineer. Additionally, he is a Certified Information Systems Security Professional (CISSP) and currently services on the (ISC)² Board of Directors as the Treasurer, and previously served on both the (ISC)² Government Advisory Council and a judge for the Information Security Leadership Awards® - U.S. Government for 13 years.

    Arthur is an adjunct faculty member teaching Network Security and Cybersecurity classes for Towson University. He has an undergraduate degree in Mathematics from Hofstra University and graduate degrees in Business Administration from Boston University and National Security Policy from the United States Army War College.

    He retired from the U.S. Army Reserves as a Colonel with his last assignment with the United States Strategic Command responsible for planning and executing non-kinetic/cyber operations at the strategic level.

    Arthur lives in Maryland and spends his free time sailing on the Chesapeake Bay with his wife.

    Eiji Kuwana

    Eiji Kuwana, CISSP (Japan)

    Dr. Eiji Kuwana, CISSP is the senior executive vice president, CISO and CDO of NTT TechnoCross Corporation of the NTT Group, a global leader in information and communications technology. He is also a member of expert panel for Science and Technology Policy, Council for Science, Technology and Innovation, Cabinet Office of Japan from 2017.

    Eiji has engaged the NTT research and development efforts for cloud and cybersecurity technologies over the years. He also led a number of large-scale IT system development projects at NTT Group.

    Eiji has published more than 40 scholarly works on the subjects of computer networks, software engineering and multimedia technologies. He also served as a technical program committee member for conferences produced by the Association of Computing Machinery (ACM), the Institute of Electrical and Electronics Engineers (IEEE), and the Information Processing Society of Japan.

    Eiji received his B.E. and M.E. degrees in Computer Science from the University of Electro-Communications in Tokyo in 1982 and 1984, respectively. Also, he earned his Ph.D. in Computer Science from the University of Tsukuba in 2000. He was a visiting research scientist at the University of Michigan from 1991 to 1992.

    SC Leung, CISSP

    SC Leung, CISSP, CCSP (Hong Kong)
    (ISC)² Board By-Laws Committee Chair

    SC Leung is currently the Centre Manager of the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT). He has more than 25 years of working experience serving banking, Internet solution provider, telecommunication and consultancy industries.

    SC was a member of the Asia-Pacific Advisory Council of (ISC)². He was the Founding Chairperson of the Professional Information Security Association which subsequently hosts the (ISC)² Hong Kong Chapter.

    SC Leung holds information security designations CISSP, CCSP, CISA and CBCP. He received the (ISC)² President Award in 2013 and was an Honoree of the Asia Pacific Information Security Leader Achievement Award, by (ISC)² in 2007.

    Samara Moore, CISSP (United States)

    Samara Moore, CISSP (U.S.)

    Samara Moore is a Senior Manager and Global Energy Specialist at Amazon Web Services (AWS). Samara leads the security assurance program for global regulated industries and the U.S. public sector. As a thought leader and seasoned cybersecurity practitioner, she has focused her career on implementing and sustaining programs to effectively manage cyber risks and align security measures with business and IT strategies.

    Prior to joining AWS, Samara managed enterprise security programs for regulated and non-regulated environments for a major energy provider. She also managed security programs within the federal government for more than 10 years, including as a Director of Critical Infrastructure Cybersecurity for the WH National Security Council and Sr. Cybersecurity Advisor at the Energy Department. Samara has worked in security consulting, operations and policy, and led development of frameworks such as the Electricity Sector Cybersecurity Capability Maturity Model and supported development of the NIST Cyber Security Framework. She also serves as an advisor/board member for several nonprofit cybersecurity organizations.

    Samara has an undergraduate degree in Accounting and Information Systems from Virginia Tech and graduate degree in Engineering Management and System Engineering (Information Security Management) from George Washington University.

    Jill Slay, CISSP (Australia)

    Jill Slay, CISSP (Australia)
    (ISC)² Board Awards Committee Chair

    Jill Slay is the University of South Australia SmartSat Professorial Chair in Cybersecurity and leads the Cybersecurity and Resilience Theme of the Australian SmartSat Co-operative Research Centre. She has an international research reputation in cybersecurity (particularly digital forensics, cyber intelligence and cyberwarfare).

    From 2017-2019, Jill was Director of Cyber Resilience Initiatives for the Australian Computer Society (ACS) and led ACS work on the development of Professional Standards in Cyber Security for the Department of Prime Minister and Cabinet. She has published more than 140 outputs and supervised more than 20 Ph.Ds in information assurance, critical infrastructure protection, security and forensic computing and more recently in LEO satellite cybersecurity. Her current research foci include Satellite Cyber Security and Cyber Dependency and Resilience of Critical Infrastructure. She is a Member of the Order of Australia (AM), Fellow of the Australian Computer Society and a Fellow of (ISC)², for all for her service in information security.

    Lisa Young, CISSP (United States)

    Lisa Young, CISSP (U.S.)

    Lisa Young is a cybersecurity executive and trusted advisor to public and private sector organizations in the areas of integrated risk management, operational resilience, quantitative risk analysis, boards of directors’ cyber risk reporting, and security metrics development. She is a prominent cybersecurity veteran, having worked in government, military, industry, research, and academia. Lisa is currently employed as Vice President of Cyber Risk at Axio Global, Inc., an integrated risk management SaaS platform provider. She holds a Master of Public Policy with a cybersecurity concentration and a B.A. in Business Administration.

Corporate Governance

(ISC)²’s governance framework guides how our Board of Directors and our management oversee our nonprofit corporation. This framework is outlined in our governing documents, including the (ISC)² Bylaws.

The (ISC)² Amended and Restated Bylaws establish fundamental principles about our members’ rights, Board operations and key governance policies.

(ISC)² Board of Directors Frequently Asked Questions

  • Duties and Powers of the Board Duties and Powers of the Board

    What are the duties and powers of the (ISC)² Board of Directors?


    The (ISC)² Board of Directors represents our membership as a whole. Our Bylaws govern the responsibilities and activities of the organization. 

    Our Bylaws clearly state: The Board of Directors shall have the powers and duties of a board of directors pursuant to the laws of the Commonwealth of Massachusetts, and shall be responsible for the policy and governance of the Corporation. The Board shall hire, direct and oversee the CEO.

    In addition, the (ISC)² Board of Directors: 

    • Works with management to ensure that policy and strategy are set, documented and clearly understood by both the board and management.
    • Ensures that (ISC)² management is performing to a level that allows them to deliver on their objectives.
    • Ensures that the assets of the corporation are being used wisely and strategic initiatives are adequately resourced.
  • Responsibilities of the Board Responsibilities of the Board

    What are the responsibilities of the (ISC)² Board?


    The (ISC)² Board of Directors:

    • Provides overall corporate governance
    • Issues certifications to qualified candidates who have met all the necessary credential requirements
    • Reviews and approve proposed new credentials or changes to existing credentials
    • Participates on various committees, such as the Nominating Committee, Ethics Committee, Scheme Committee, Strategic Planning Committee and Scholarship Committee
    • Acts as evangelists and advocates for the organization and the (ISC)² mission
    • Adheres to the (ISC)² Code of Ethics and all other (ISC)² policies.
  • Term of Office for Board Members Term of Office for Board Members

    What is the term of office and how many terms can a Board member serve?


    Our member-elected directors serve three-year terms. Our board-appointed directors serve terms that are up to three years in length. 

    Each director serves until his or her successor is duly appointed or elected. 

    The terms are staggered. Only one-third of our directors stand for election each year. This is a best practice for nonprofit organizations. It provides continuity of leadership and stewardship. 

    A director may serve up to six years in any 10-year period. 

  • Compensation for the Board Compensation for the Board

    Do Board members get paid?

    Our board members are volunteers. They aren’t paid for their time and effort. 

    (ISC)² does pay their travel expenses to attend mandatory board meetings and committee meetings.
  • Nominating Candidates for the Board Nominating Candidates for the Board

    What is the (ISC)² Board’s nomination process?


    Early in the year, the (ISC)² Board of Directors begins looking for potential candidates. First, the Board asks various advisory councils and committees for suitable nominations. 

    Then, the Nominations Committee spends time vetting the candidates against various criteria. (See Board election process.) This process ensures that candidates:

    • Have demonstrated their abilities.
    • Have the desire to provide their time and energies to (ISC)² over an extended period of time.
    • Are likely to be productive board members.

    Is the membership notified when and how to recommend candidates for the Board or prepare a petition for candidacy?


    Yes, (ISC)² notifies its members of petition procedures and deadlines every year. 

    If you’re submitting a petition with names to go on the official ballot, it must be received at least 60 days before the election. This gives board members the time to ensure that candidates are qualified and agree to serve if elected. If these criteria are met, the candidates’ names appear on the official ballot. 

    For information about the rules, procedures and timeline for the annual election, check out our Board of Directors election details.

  • Meetings Open to Members Meetings Open to Members

    Are there regular meetings that (ISC)² members may attend?

    (ISC)² holds a meeting that’s open to all members at least once a year. Usually, it happens along with the first board meeting of the year — typically, in Florida, USA. 

    Members are notified of the meeting at least 60 days in advance of the meeting. 
  • Members Can Influence Change Members Can Influence Change

    How can (ISC)² members influence change for the organization?

    The best way is to share your input with your local chapter. Your chapter can raise your feedback or issue with the respective (ISC)² regional office. 

    The regional offices all report through the chief operating officer (COO). The COO will address the issue, if appropriate. Or, the COO may escalate it to the chief executive officer, if needed.