Top of Page
 

(ISC)² Board of Directors

One of the many things that makes the (ISC)² community special is we have members who seek out challenges. We see that every day in our (ISC)² Board of Directors.

Elected by fellow members, our board members are (ISC)² certified like you. These leading information security professionals represent a wide range of organizations around the world. As our board members, they’re responsible for:

  • Providing strategic direction, governance and oversight for(ISC)²
  • Developing policies and procedures
  • Granting certifications
  • Enforcing the (ISC)² Code of Ethics
  • Get to Know Our Board Members Get to Know Our Board Members
    Wim Remes

    Wim Remes, Chair, CISSP (Belgium) 

    Wim is the founder of and principal consultant at NRJ Security, based in Belgium. He leverages 15+ years of security leadership experience to advise clients on reducing their risk posture by solving complex security problems and by building resiliency into their organizations.

    Wim delivers expert guidance on reducing the high cost of IT security failures, both financially and in terms of brand reputation combining his deep expertise in network security, identity management, policy design, risk assessment and penetration testing to develop innovative approaches to enterprise security.

    Before starting NRJ Security, Wim was active as Manager Global Services EMEA at Rapid7. Previously, he has worked as managing consultant at IOActive, as manager of Information Security for Ernst and Young and as a security consultant for Bull, where he gained valuable experience building security programs for enterprise class clients.

    Wim has been engaged in various infosec community initiatives such as the co-development of the Penetration Testing Execution Standard (PTES), InfosecMentors and organizing the BruCON security conference.

    Wim has been a featured speaker at international conferences such as Excaliburcon (China), Black Hat Europe, Source Boston, Source Barcelona and SecZone (Colombia).

    Wim also was a member of the (ISC)² Board of Directors from 2012 until 2014. He served as the chairperson in 2014.

    Jennifer Minella

    Jennifer Minella, Vice Chair, CISSP (USA)
    (ISC)² Board Business Practices Committee Chair
    (ISC)² Board Nominations Committee Chair

    Jennifer is currently Vice President of Engineering and Consulting CISO with Carolina Advanced Digital, Inc. With more than 15 years of experience working in the technology industry, Jennifer's most recent focus is in specialized areas of infrastructure security, including:

    • Network access control (NAC) and 802.1X
    • Wireless security technologies
    • Industrial security 
    • SCADA
    Jennifer has provided strategic security consulting for government agencies, educational institutions and Fortune 100 and 500 corporations. 

    In addition to consulting and client project implementations, Jennifer is an author, contributor and trusted media resource for information security topics. 

    Jennifer was a contributing author of the (ISC)² Official CISSP Courseware v9 and a co-author of Low Tech Hacking. She is also a consulting faculty member of IANS Research, contributing author of technology publications and a trusted technical advisor to editors and journalists across the U.S.

     

     

     

    Allison Miller

    Allison Miller,  Treasurer, CISSP (USA)
    (ISC)² Board Audit and Compensation Committee Chair

    Allison has more than 15 years of experience across the business and technology aspects of information security, with technical expertise in platform security, risk management and fraud prevention. 

    Allison currently works in product management at Google, mitigating risks to the Google Ads platform. 

    Previously, Allison was the Chief Operations Officer/Head of Business Operations for Electronic Arts' digital platform including payment operations and the risk/anti-fraud teams. 

    Prior to that, Allison was Chief Security Officer and Head of Risk Management for the social network Tagged.com; led PayPal's Account Risk & Security team; and was Director of Product/Technology Risk at Visa International. 

    Allison is a proven innovator and thought-leader in the security industry. She regularly presents research on risk analytics, cybersecurity and economics to both industry and government audiences. She is known for her expertise in designing, implementing and optimizing performance on real-time risk prevention and detection systems running at internet-scale. 

    Allison has presented internationally at events including the ITWeb Security Summit, Black Hat Briefings, SOURCE Conferences, Nordic Security Conference, BruCon, USENIX/Metricon, SIRAcon, BayThreat and RSA. 

    Allison is currently President of the Society of Information Risk Analysts (SIRA).

    Dr. Kevin Charest

    Dr. Kevin Charest, Secretary, CISSP (USA)
    (ISC)² Board Ethics Committee Co-Chair

    Kevin serves as the DSVP and Chief Information Security Officer for Health Care Service Corporation (HCSC) IT Security and Cyber Defense Operations for UnitedHealth Group. He is responsible for all facets of IT security for the largest member-owned healthcare company in the United States. 

    Prior to joining HCSC, Kevin led global cyber defense operations for UnitedHealth Group — the largest healthcare company in the world. He also served as the chief information security officer for the Department of Health and Services (HHS). 

    Prior to joining the U.S. federal government, Kevin served in several entrepreneurial and senior executive positions in the private sector. His leadership in technology applications, innovation, and security were instrumental to the development of numerous products and services. 

    As the board secretary for (ISC)², Kevin works across multiple industries and platforms focused on information sharing for cyber defense improvement. 

    Kevin holds a Ph.D. in Cybersecurity from Capella University. He also holds a master's degree in Business Administration from the University of West Georgia and a bachelor's degree in Computer Science from the University of Central Arkansas. 

    Kevin is a veteran of the U.S. Marine Corps and U.S. Army.

    Flemming Faber

    Flemming Faber, CISSP (Denmark)
    (ISC)² Board Ethics Committee Co-Chair
    (ISC)² Board Succession Planning Committee Co-Chair

    Flemming has been working with information security since 1994. He is a Senior Advisor in the Network Security Division in the Danish Centre for Cyber Security under The Ministry of Defence and is responsible for policy, strategy and international cooperation. 

    Since obtaining the CISSP in 1999, Flemming has worked as a security consultant and information security manager in international consultancy-firms: Ramboll Management, ICL and Protect Data. 

    In 2003, Flemming joined the The Danish National IT and Telecom Agency, a Danish government agency where he was head of the IT-security division until 2009. He was in charge of the information security strategy in relation to:

    • The general Danish eGovernment initiatives.
    • The Danish government’s information security awareness campaigns
    • Privacy initiatives 
    • The development of information security standards for Danish government agencies
    Flemming was the main architect behind the establishment of the Danish GovCERT in 2009. Since 2006 he has been the Danish government's representative on the board of ENISA, the European Network and Information Security Agency. 

    From 1999 to 2009, Flemming worked with the (ISC)² international workshop, reviewing CISSP exam questions. He also served as exam supervisor in Europe from 1999 to 2006.
     

     

    Art Friedman

    Arthur R. Friedman, CISSP (USA)
    (ISC)² Board Awards Committee Co-Chair

    Arthur has 37 years of diversified technical, national policy, management and teaching experience in the cybersecurity field. He currently supports the Committee on National Security Systems as a senior Cybersecurity Strategist. 

    Arthur has held various technical and management positions at the National Security Agency supporting the Nuclear Command and Control mission, the development of tools and capabilities in the area of computer network defense, and systems security engineering. 

    Additionally, Arthur was detailed to the Office of the Secretary of Defense providing policy and strategic guidance for the Department’s Information Assurance Research and Technology program. 

    He also worked in the private sector for The MITRE Corporation and Booz, Allen and Hamilton as a systems security engineer. 

    Additionally, he is a Certified Information Systems Security Professional and served on both the (ISC)² Government Advisory Council for Cybersecurity and a judge for the Government Information Security Leadership Awards (GISLA) for the past 13 years. 

    Arthur is an adjunct faculty member teaching Network Security and Cybersecurity classes for Towson University. 

    He has an undergraduate degree in Mathematics from Hofstra University and graduate degrees in Business Administration from Boston University and National Security Policy from the United States Army War College. 

    Arthur retired from the U.S. Army Reserves as a Colonel with his last assignment with the United States Strategic Command responsible for planning and executing non-kinetic/cyber operations at the strategic level. 

    Arthur lives in Maryland and spends his free time sailing on the Chesapeake Bay with his wife.

    Sia Honig

    Sai Honig, CISSP, CCSP (New Zealand)
    (ISC)² Board Awards Committee Co-Chair

    Originally from the United States, Sai now resides in New Zealand. 

    Sai is a multipotentialite who has worked in differing roles in various industries. She has experience in governance, audit and operations of IT. Her industrial experience includes manufacturing, healthcare, and education. 

    Sai has volunteered for Grameen Foundation assisting their global efforts in microfinance and alternative methods of assisting those to access capital in order to improve their lives, their families and their communities. 

    Sai’s proudest moment was when her volunteer efforts were recognized with The President’s Volunteer Service Award in May 2013. 

    Moving to New Zealand in 2014, Sai has worked in a hospital system serving a mostly rural community. One project she was involved with is the implementation of a cloud-based virtual health service. 
    Sai’s interest in cloud technologies has led to her contributing a chapter on cloud governance in “The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues” and participation in writing various white papers.  

    Sai will be working as a security consultant for cloud-based accounting software company, Xero, in Wellington, New Zealand.

    Steve Hernandez

    Steven Hernandez, CISSP, CAP, SSCP, CSSLP (USA)
    (ISC)² Board By-Laws Committee Chair
    (ISC)² Board Scheme Committee Co-Chair

    Steven has worked in the information security field for the past 17 years in a variety of contexts. He has worked on the front lines in operations centers and led research teams attempting to balance security, privacy and other mission considerations. He has experience in international manufacturing, healthcare, non-profits and government at the federal, state and local levels. 

    The greatest strength that Steven brings to the Board is the culmination of his experience in organizational strategy, cybersecurity and business operations. 

    Steven has had the opportunity to contribute to tactical, day-to-day security operations, as well as to guide and influence broad security initiatives, such as the U.S. government's FedRAMP program across large organizations with international presence. 

    Steven believes that the best security performance and most comprehensive solutions come from collaborative efforts where we combine the right processes, implement the appropriate technology and train people to solve our most complex problems. 

    He has volunteered and served (ISC)² for the better part of the past decade. After becoming a member of (ISC)² he was invited, and volunteered, to write exams, serve on the U.S. Government Advisory Board for Cybersecurity (GAB), judge for the Government Information Security Leadership Awards (GISLA) and contribute to its Executive Writers Bureau over the span of almost a decade. 

    Steven is the lead author and editor of the third edition of the (ISC)² Official Guide to the CISSP CBK and the (ISC)² Official Guide to the HCISPP CBK. He also has several published works about information assurance with international collaboration.

    Meng Chow Kang

    Meng-Chow Kang, PhD, CISSP (Singapore)
    (ISC)² Board Succession Planning Committee Co-Chair

    Meng-Chow has been a practicing information security professional for more than 25 years. 

    His field experience spans from technical to management in various information security and risk management roles and organizations, including the Singapore government, major multi-nationals financial institutions, and global security and technology providers. 

    Over the years, Meng-Chow’s experience includes a wide spectrum of information security domains, including:

    • Policies development and study
    • Awareness and competency training
    • Security architecture design, development and implementation
    • Security testing
    • Security products research and development
    • Third-parties security management
    • Joint-venture and business partnership security plan and implementation, Incident investigation
    • Security operations management
    • Security standards development
    • ISO/IEC 27001 certification implementation and maintenance
    • Teaching the CISSP Common Body of Knowledge and courses on information security management
    Along with his practice, Meng-Chow has been conducting research on information security management. One of the outcomes was the publication of the book, "Responsive Security — Be Ready to Be Secure", by CRC Press in October 2013.
     

     

    David Kennedy

    David Kennedy, CISSP (USA)
    (ISC)² Board Strategy Committee Co-Chair

    David is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. 

    David was the former CSO for Diebold Incorporated where he ran the entire infosec program. 

    David is a co-author of the book "Metasploit: The Penetration Testers Guide,” the creator of the Social-Engineer Toolkit (SET), Artillery, and a number of popular open source tools. 

    He has been interviewed by several news entities including CNN, Fox News, MSNBC, CNBC, BBC World News and Katie Couric. He is the co-host of the social-engineer podcast and on a number of additional podcasts. 

    David has testified before the U.S. Congress on two occasions about the security around government websites. 

    David is one of the founding authors of the Penetration Testing Execution Standard (PTES), a framework designed to fix the penetration testing industry. He is also the co-founder of DerbyCon, a large-scale conference in Louisville, Kentucky. 

    Prior to the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.

    Greg Thompson

    Greg Thompson, CISSP (Canada)
    (ISC)² Board Foundation Committee Chair
    (ISC)² Board Strategy Committee Chair

    Greg is a Security and Risk executive with extensive industry experience in industries ranging from Telecommunications to the Financial Services Industry. He has held various executive Risk Management and Information Security positions including:

    • Head of Global IS Security and CISO for Manulife Financial Corporation (2000-2003)
    • VP Enterprise Security & Deputy CISO, Scotiabank (2008-2015)
    • And presently as VP Global Operational Risk, Scotiabank
    Greg has been actively involved as a volunteer with (ISC)² for more than 10 years, first serving as a member of the North American Advisory Board and as a contributing member of the Executive Writer’s Bureau. 

    This is Greg’s second term on the (ISC)² Board of Directors. He previously served between 2011 and 2014. 

    Greg also currently serves as Trustee for the Center for Internet Safety and Education (formerly the (ISC)² Foundation). 

    He is based in Toronto, Canada and is married with three children.

     

     

     

    Zach Tudor

    Zachary Tudor, CISSP (USA)
    (ISC)² Board Scheme Committee Co-Chair

    Zachary (Zach) is the Associate Laboratory Director of Idaho National Laboratory’s (INL) National and Homeland Security’s (N&HS) organization. It’s a major center for national security technology development and demonstration, employing 550 scientists and engineers across $300M in programs for the: 

    • Department of Defense (DOD)
    • Department of Homeland Security (DHS)
    • The Intelligence Community
    N&HS is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection, Defense Systems and Homeland Security missions that include:
    • Safeguarding and securing vulnerable nuclear material
    • Enhancing the overall security and resilience of the nation’s infrastructure
    • Providing protective system solutions and heavy manufacturing of armor for national defense
    Zach has more than 30 years of experience in IT and cyber security management, operations and incident response. 

    Past positions include Program Director in the Computer Science Laboratory at SRI International, support to the Control Systems Security Program (CSSP) and the ICS-CERT at DHS, on-site deputy, program manager for the NRO’s world-wide operational network, information security manager for OSD CIO’s Enterprise Operations Support Team and security management support for the Centers for Medicare and Medicaid Services. 

    Zach holds an M.S. in Information Systems from George Mason University concentrating in cyber security.
     

     

    Prof. Hiroshi Yasuda

    Prof. Hiroshi Yasuda, Dr.E, CISSP (Japan) 

    Hiroshi received the B.E., M.E. and Dr.E. from the University of Tokyo, Japan in 1967, 1969 and 1972 respectively. Then, he joined the Electrical Communication Laboratories of NTT in 1972. 

    After that, Hiroshi served 25 years (1972-1997) as the Vice President, Director of NTT Information and Communication Systems Laboratories at Yokosuka. He left NTT and joined The University of Tokyo. 

    Hiroshi acted as the Director of The Center for Collaborative Research (CCR) for two years (2003-2005). He is now a professor in Tokyo Denki University. His study area is applied information technology. 

    Hiroshi has been involved in works on Video Coding, Image Processing, Tele-presence, B-ISDN Network and Services, Internet and Computer Communication Applications. 

    Hiroshi has started research on DRM (Digital Rights Management), Network Security and “Kansei” (more human) communication. He is now advocating collaboration between Industries and Academia.

Corporate Governance

(ISC)²’s governance framework guides how our Board of Directors and our management oversee our nonprofit corporation. This framework is outlined in our governing documents, including the (ISC)2 Bylaws.

The (ISC)² Amended and Restated Bylaws establish fundamental principles about our members’ rights, Board operations and key governance policies.

(ISC)² Annual and Special Meeting Minutes

(ISC)² Board of Directors Frequently Asked Questions

  • Duties and Powers of the Board Duties and Powers of the Board
    Q:

    What are the duties and powers of the (ISC)² Board of Directors?

    A:

    The (ISC)² Board of Directors represents our membership as a whole. Our Bylaws govern the responsibilities and activities of the organization. 

    Our Bylaws clearly state: The Board of Directors shall have the powers and duties of a board of directors pursuant to the laws of the Commonwealth of Massachusetts, and shall be responsible for the policy and governance of the Corporation. The Board shall hire, direct and oversee the CEO.

    In addition, the (ISC)² Board of Directors: 

    • Works with management to ensure that policy and strategy are set, documented and clearly understood by both the board and management.
    • Ensures that (ISC)² management is performing to a level that allows them to deliver on their objectives.
    • Ensures that the assets of the corporation are being used wisely and strategic initiatives are adequately resourced.
  • Responsibilities of the Board Responsibilities of the Board
    Q:

    What are the responsibilities of the (ISC)² Board?

    A:

    The (ISC)² Board of Directors:

    • Provides overall corporate governance
    • Issues certifications to qualified candidates who have met all the necessary credential requirements
    • Reviews and approve proposed new credentials or changes to existing credentials
    • Participates on various committees, such as the Nominating Committee, Ethics Committee, Scheme Committee, Strategic Planning Committee and Scholarship Committee
    • Acts as evangelists and advocates for the organization and the (ISC)² mission
    • Adheres to the (ISC)² Code of Ethics and all other (ISC)² policies.
  • Term of Office for Board Members Term of Office for Board Members
    Q:

    What is the term of office and how many terms can a Board member serve?

    A:

    Our member-elected directors serve three-year terms. Our board-appointed directors serve terms that are up to three years in length. 

    Each director serves until his or her successor is duly appointed or elected. 

    The terms are staggered. Only one-third of our directors stand for election each year. This is a best practice for nonprofit organizations. It provides continuity of leadership and stewardship. 

    A director may serve up to six years in any 10-year period. 

  • Compensation for the Board Compensation for the Board
    Q:

    Do Board members get paid?

    A:
    Our board members are volunteers. They aren’t paid for their time and effort. 

    (ISC)² does pay their travel expenses to attend mandatory board meetings and committee meetings.
  • Nominating Candidates for the Board Nominating Candidates for the Board
    Q:

    What is the (ISC)² Board’s nomination process?

    A:

    Early in the year, the (ISC)² Board of Directors begins looking for potential candidates. First, the Board asks various advisory councils and committees for suitable nominations. 

    Then, the Nominations Committee spends time vetting the candidates against various criteria. (See Board election process.) This process ensures that candidates:

    • Have demonstrated their abilities.
    • Have the desire to provide their time and energies to (ISC)² over an extended period of time.
    • Are likely to be productive board members.
    Q:

    Is the membership notified when and how to recommend candidates for the Board or prepare a petition for candidacy?

    A:

    Yes, (ISC)² notifies its members of petition procedures and deadlines every year. 

    If you’re submitting a petition with names to go on the official ballot, it must be received at least 60 days before the election. This gives board members the time to ensure that candidates are qualified and agree to serve if elected. If these criteria are met, the candidates’ names appear on the official ballot. 

    For information about the rules, procedures and timeline for the annual election, check out our Board of Directors election details.

  • Meetings Open to Members Meetings Open to Members
    Q:

    Are there regular meetings that (ISC)² members may attend?

    A:
    (ISC)² holds a meeting that’s open to all members at least once a year. Usually, it happens along with the first board meeting of the year — typically, in Florida, USA. 

    Members are notified of the meeting at least 60 days in advance of the meeting. 
  • Members Can Influence Change Members Can Influence Change
    Q:

    How can (ISC)² members influence change for the organization?

    A:
    The best way is to share your input with your local chapter. Your chapter can raise your feedback or issue with the respective (ISC)² regional office. 

    The regional offices all report through the chief operating officer (COO). The COO will address the issue, if appropriate. Or, the COO may escalate it to the chief executive officer, if needed.