Top of Page
 

(ISC)² Board of Directors and Bylaws

One of the many things that makes the (ISC)² community special is we have members who seek out challenges. We see that every day in our (ISC)² Board of Directors.

Elected by fellow members, our board members are (ISC)² certified like you. These leading information security professionals represent a wide range of organizations around the world. As our board members, they’re responsible for:

  • Providing strategic direction, governance and oversight for (ISC)²
  • Developing policies and procedures
  • Granting certifications
  • Enforcing the (ISC)² Code of Ethics
  • Get to Know Our Board Members Get to Know Our Board Members

    Yiannis Pavlosoglou, CISSP (Greece)
    Chairperson

    Yiannis Pavlosoglou is the founder & CEO of Kiberna, specializing in cyber risk engineering. As a cybersecurity executive with over 20 years’ experience, he has a proven record in the financial services industry and has helped several companies, including two of his own, succeed in Europe and the U.K. Yiannis has effectively held the position of Chief Information Security Officer (CISO) in both government and industry and has served for several years as a Non-Executive Director on the Board of a 501(c) 6 non-profit organization headquartered in the U.S.

    Jill Slay, CISSP (Australia)

    Jill Slay, CISSP (Australia)
    Vice Chairperson

    Professor Jill Slay is the University of South Australia SmartSat Co-operative Research Centre Professorial Chair in Cybersecurity based in Adelaide, South Australia. She received her Engineering degree from the University of Herts, U.K. and her Ph.D. from Curtin University of Technology in Perth, Western Australia. She has an international research reputation in cybersecurity (particularly digital forensics, cyber intelligence and cyberwarfare). Jill’s work focuses on the context of helping to develop a national technical agenda in satellite cybersecurity and resilience with Australian Defence Industry.

    She is ranked as being in the top 2% of scientists in the world in ICT Networking and Telecommunications sub field (in 2019) as an early adopter of AI and Machine Learning in Cyber Security and Real Time Forensics. Jill applies these techniques to satellite security. Previous appointments have included Optus Chair in Cybersecurity at La Trobe University, Australia and Founding Director of the Australian Centre for Cyber Security at the Australian Defence Force Academy. She is a Member of the Order of Australia (AM) and a Fellow of (ISC)² awarded for her service in information security.

    James Packer, CISSP, CCSP

    James Packer, CISSP, CCSP (United Kingdom)
    Secretary

    Professionally, James Packer has more than 15 years of experience working around the world in industries including education, professional services, financial services, M&A and insurance.

    James is a proud and dedicated advocate for (ISC)² members and fellow information security professionals. Serving as a volunteer with the association for many years, James has contributed to the Chapter program, DEI initiatives, advisory committees and presented at numerous conferences.

    James founded the (ISC)² London Chapter with a mission of creating a down to earth, collaborative forum where all ideas and views are welcomed and considered; James progressed to provide guidance and support to Chapters around the world.

    James is an avid mentor of security professionals and enjoys helping the younger generation better understand the cyber world through presentations at schools and colleges. He also participates in several law enforcement prevention programs in the U.K. to provide a positive perspective of cybersecurity to young offenders.

    Dan Houser, CISSP-ISSAP, ISSMP, CCSP, CSSLP

    Dan Houser, CISSP-ISSAP, ISSMP, CCSP, CSSLP (United States)
    Treasurer

    Dan Houser is Group Manager within the security advisory practice of a global firm, providing vCISO, business strategy alignment, secure supply chain and identity strategy. He brings six years of prior service on the (ISC)² Board of Directors (2009-2014) including serving as treasurer and chair of many committees. With a passion for strategy, privacy and international execution, Dan has led multiple initiatives for Fortune 500 firms launching new companies and divisions in Southeast Asia. A published author known for innovation in security, Dan is a frequent speaker at international conferences and serves on the RSA program committee.

    As an experienced board member, Dan has served as consultant to multiple boards, training boards' leadership and coaching struggling boards back to successful operations and execution on mission. Dan holds an MBA, CISSP-ISSAP, ISSMP, CCSP, CSSLP, CISA, CISM and CGEIT credentials. He helped create and launch three (ISC)² certifications: CISSP-ISSAP, CISSP-ISSMP and HCISPP. He is also the co-author of the CISSP-ISSAP Common Body of Knowledge (cryptography).

    Dan's vision for (ISC)² is to continue the strong work at focusing on delivering and improving membership value, while driving renewed engagement in EMEA, Asia and South America, improve product portfolio management, and forge relationships with governments to achieve a balanced approach to licensure in the information security field. Improving ethics, diversity and inclusion in the workforce will be necessary to meet the challenges of market demand and the future of our profession, and (ISC)² must be a voice for change. As an experienced board member who believes in servant leadership, Dan strives to contribute to the betterment of our profession and the (ISC)² organization.

    Laurie-Ann Bourdain
    Laurie-Anne Bourdain, CISSP (Belgium)

    Laurie-Anne Bourdain is the Data Protection Officer, Risk Officer & (information Security, Risk Management and Data Protection) Awareness Manager at Isabel Group, a Belgian Fintech active in the BeNeFraLux (Belgium, Netherlands, France and Luxembourg area).

    Laurie-Anne has 15 years of experience in information security and risk management and six years of experience in data protection. She mostly focused on Governance, Risk and Compliance (GRC), awareness and training, and internal advice activities along her career.

    Laurie-Anne is involved in several organizations, both in Belgium – including with the Belgian Cyber Security Coalition where she co-chairs the GRC focus group, as a trainer for the Cyber Security Awareness and Culture Manager certifying training, as a founding member of the Belgium Chapter of Women4Cyber – and internationally with (ISC)² where she is a member of the U.K. & Europe Event Planning Committee, supports the Center for Cyber Safety and Education, has served as an exam development volunteer, and with the IAPP where she chairs the CIPP/E exam development board.

    Laurie-Anne is an international public speaker, often speaking at conferences specialized in information security or data protection, as well as more generalist conferences.

    Edward Farrell
    Edward Farrell, CISSP, SSCP (Australia)

    Edward Farrell is an Australian Cyber Security professional with nearly two decades of experience. Having gained his SSCP in 2007, Edward went on to gain his CISSP in 2010 and build an extensive career in the penetration testing and cybersecurity consulting industry in Australia. He has served as an industry fellow at the Australian Defence Force Academy since 2017, and as an (ISC)² trainer since 2019. In addition to his work within (ISC)², Edward is a member of the CREST advisory board for penetration testing, and has contributed to training and education in Australia and around the world.

    Edward’s motivation and objectives as a board member are to contribute to improving the path of how we raise, train and sustain our cybersecurity workforce. This includes avenues to inculcate talent, consolidate learning post certification as well as structured workforces to enable mentorship and pedagogical approaches to learning.

    In addition to his education, Edward is the director of Mercury Information Security Services Pty. Ltd., an Australian cybersecurity practice he established in 2015. He is a member of the Royal Australian Army as a reservist, a graduate of the Australian Institute of Company Directors, and a 20-year veteran of the Australian Surf Life Saving movement where he has worked as an instructor and jet ski operator.

    Nalneesh Gaur, CISSP-ISSAP (United States)

    Nalneesh Gaur is a PwC Partner and the global head of PwC's Pharmaceutical Cybersecurity and Privacy practice. Nalneesh has been an (ISC)² member for more than two decades.

    Nalneesh works with executives of global corporation in defining their cybersecurity program, investment priorities and governance models. He has developed multiple board level cybersecurity strategies for global pharmaceutical services companies. These strategies have enabled his clients to mature their cybersecurity program while achieving business alignment.

    He writes on the topic of cybersecurity for the World Economic Forum Agenda.

    Rachel Guinto, CISSP
    Rachel Guinto, CISSP (Canada)

    Rachel Guinto is a seasoned risk and cybersecurity professional located in Canada. Her diverse experience spans two decades encompassing roles in operations, governance and risk management. Her career across multiple areas of information security started several years after graduating from the University of Toronto with a Bachelor of Arts in political science.

    Rachel navigated multiple operational, governance and management roles at two Canadian banks leading teams in customer identity, cryptographic infrastructure operations and architecture, metrics reporting, application development and support, and enterprise security standards and regulatory management. These diverse experiences led to her appointment as a CISO with a provincial government agency, followed by a role at Manulife as Associate Vice President (AVP) of Information Risk Management and now Vice President of Cyber Security at First West Credit Union.

    Rachel is a CISSP, a Certified Information Security Manager (CISM), and active in the industry and community. She is a member of the Advisory Council of York University’s Cloud Computing Strategy, and the standards review committee of the CIO Strategy Council. Rachel volunteers her time with (ISC)² having presented the Cyber Safety and Education material to parents and students and has participated in CISSP exam development. She is also often a speaker and panelist at various IT and security conferences, and post-secondary institutions. Somewhere in between all these engagements, Rachel also manages a household of three active children and an energetic labradoodle.

    Eiji Kuwana, CISSP
    Eiji Kuwana, CISSP (Japan)

    Dr. Eiji Kuwana is the President and Chief Executive Officer of NTT TechnoCross Corporation of the NTT Group, a global leader in information and communications technology.

    Eiji has engaged the NTT research and development efforts for cloud and cyber security technologies over the years. He led a number of large-scale IT system development projects at NTT Group. He was also a member of expert panel for Science and Technology Policy, Council for Science, Technology and Innovation, Cabinet Office of Japan.

    Eiji has published more than 40 scholarly works on the subjects of computer networks, software engineering, and multimedia technologies. He also served as a technical program committee member for conferences produced by the Association of Computing Machinery (ACM), the Institute of Electrical and Electronics Engineers (IEEE), and the Information Processing Society of Japan.

    Eiji received his B.E. and M.E. degrees in Computer Science from the University of Electro-Communications in Tokyo in 1982 and 1984, respectively. Also he earned his Ph.D. in Computer Science from the University of Tsukuba in 2000. He was a visiting research scientist at the University of Michigan from 1991 to 1992.

    Samara Moore, CISSP
    Samara Moore, CISSP (United States)

    Samara Moore is a Senior Manager and Global Energy Specialist at Amazon Web Services (AWS). Samara leads the security assurance program for global regulated industries and the U.S. public sector. As a thought leader and seasoned cybersecurity practitioner, she has focused her career on implementing and sustaining programs to effectively manage cyber risks and align security measures with business and IT strategies.

    Prior to joining AWS, Samara managed enterprise security programs for regulated and non-regulated environments for a major energy provider. She also managed security programs within the federal government for more than 10 years, including as a Director of Critical Infrastructure Cybersecurity for the WH National Security Council and Sr. Cybersecurity Advisor at the Energy Department. Samara has worked in security consulting, operations and policy, and led development of frameworks such as the Electricity Sector Cybersecurity Capability Maturity Model and supported development of the NIST Cyber Security Framework. She also serves as an advisor/board member for several nonprofit cybersecurity organizations.

    Samara has an undergraduate degree in Accounting and Information Systems from Virginia Tech and graduate degree in Engineering Management and System Engineering (Information Security Management) from George Washington University.

    Guy Ngambeket, CISSP (Qatar)

    Guy Ngambeket is a Senior Manager at Kearney, a Global Strategy and Management consulting firm, with 14 years of experience. He focuses on cybersecurity topics and coordinates the offering within the firm, both globally and in the Middle East where he is based. Guy is passionate about digital and technology and has spent his career advising clients in Africa, Europe, North America and the Middle East on various strategies, and supporting them in their implementation.

    He also works in the tech startup field, advising founders and investors, and loves discussing about strategies for developing countries to improve the overall wellbeing of their population. One of Guy’s ambitions is to increase the use of analytics in cybersecurity and embark more non cyber professionals into the cyber safe mindset, especially by bringing cybersecurity closer to their culture.

    Guy has authored and co-authored in the past several articles in cybersecurity and digital. He is a computer science Engineer and MBA from London Business School and holds PMP, CGEIT, CISM, CISA, ITIL and PSM credentials.

    Lori Ross O’Neil, CISSP
    Lori Ross O’Neil, CISSP (United States)

    Lori Ross O’Neil is a Cyber Security Project Manager at the Pacific Northwest National Laboratory. In her current role with PNNL, Lori manages multimillion-dollar energy cybersecurity research projects where her teams work in partnership with government agencies and industry to perform research and development to deliver "first of a kind" solutions in the mission to protect the United States national critical infrastructure.

    She has more than 20 years of experience in cybersecurity and information technology, the last 10 years of which has focused on operational security of Industrial Control Systems (ICS) with a focus on the U.S. energy sector. She previously held various technical positions with the National Aeronautics and Space Administration (NASA), focused on orbital vehicle missions and the manufacture of the last U.S. Space Shuttle.

    Lisa Young Headshot
    Lisa Young, CISSP (United States)

    Lisa Young, CISA, CISM, CISSP, is an operational risk and security metrics professional with a passion for solving problems with data. She is a prominent cybersecurity veteran, having worked in government, military, industry and academia. Lisa is a Security Metrics Engineer at Netflix working across infosec to demonstrate the business value of GRC and Enterprise Resilience. Along with serving on the (ISC)² Board, Lisa also serves on the Board of Directors at the Society for Information Risk Analysts (SIRA).

    She holds a Master of Public Policy with a cybersecurity concentration from the University of Maryland and a B.A. in Business Administration from University of South Florida.

Corporate Governance

(ISC)²’s governance framework guides how our Board of Directors and our management oversee our nonprofit corporation. This framework is outlined in our governing documents, including the (ISC)² Bylaws.

The (ISC)² Amended and Restated Bylaws establish fundamental principles about our members’ rights, Board operations and key governance policies.
  • (ISC)² Board of Directors Frequently Asked Questions (ISC)² Board of Directors Frequently Asked Questions
    Q:

    What are the duties and powers of the (ISC)² Board of Directors?

    A:

    The (ISC)² Board of Directors represents our membership as a whole. Our Bylaws govern the responsibilities and activities of the organization.

    Our Bylaws clearly state: The Board of Directors shall have the powers and duties of a board of directors pursuant to the laws of the Commonwealth of Massachusetts, and shall be responsible for the policy and governance of the Corporation. The Board shall hire, direct and oversee the CEO.

    In addition, the (ISC)² Board of Directors:

    • Works with management to ensure that policy and strategy are set, documented and clearly understood by both the board and management.
    • Ensures that (ISC)² management is performing to a level that allows them to deliver on their objectives.
    • Ensures that the assets of the corporation are being used wisely and strategic initiatives are adequately resourced.
    Q:

    What are the responsibilities of the (ISC)² Board?

    A:

    The (ISC)² Board of Directors:

    • Provides overall corporate governance
    • Issues certifications to qualified candidates who have met all the necessary credential requirements
    • Reviews and approve proposed new credentials or changes to existing credentials
    • Participates on various committees, such as the Nominating Committee, Ethics Committee, Scheme Committee, Strategic Planning Committee and Scholarship Committee
    • Acts as evangelists and advocates for the organization and the (ISC)² mission
    • Adheres to the (ISC)² Code of Ethics and all other (ISC)² policies.
    Q:

    What is the term of office and how many terms can a Board member serve?

    A:

    Our member-elected directors serve three-year terms. Our board-appointed directors serve terms that are up to three years in length.

    Each director serves until his or her successor is duly appointed or elected.

    The terms are staggered. Only one-third of our directors stand for election each year. This is a best practice for nonprofit organizations. It provides continuity of leadership and stewardship.

    A director may serve up to six years in any 10-year period.

    Q:

    Do Board members get paid?

    A:

    Our board members are volunteers. They aren’t paid for their time and effort.

    (ISC)² does pay their travel expenses to attend mandatory board meetings and committee meetings.

    Q:

    What is the (ISC)² Board’s nomination process?

    A:

    The (ISC)² Board of Directors has an open call for nominations from all certified (ISC)² members in good standing from May 12-June 12, 2022. Members can self-nominate for consideration by the Board as a potential candidate. Following the close of nominations, the Nomination Committee will review all qualified candidates against various criteria. This process ensures that candidates:

    • Have demonstrated their abilities.
    • Have the desire to provide their expertise and energies to (ISC)² over an extended period of time.
    • Are likely to be productive Board members.

    Those selected by the Board of Directors for election by the membership will be notified individually. The slate of candidates will be announced to the membership on August 3 (90 days before the election).

    Q:

    Are there regular meetings that (ISC)² members may attend?

    A:

    (ISC)² holds a meeting that’s open to all members at least once a year. Usually, it happens along with the first board meeting of the year — typically, in Florida, USA.

    Members are notified of the meeting at least 60 days in advance of the meeting.

Ok