Top of Page

Board Elections

You Control the Future

(ISC)² Board ElectionsThe (ISC)² Board Election is conducted over the course of two weeks each year. All members in good standing as of the date specified in the yearly election notice are eligible to vote in the election.

The Board puts forth several recommended candidates each year, and members in good standing as of the date specified may petition to have their names added to the ballot.

The 2020 election has closed. Thank you for voting! Results are available on the (ISC)² blog.

About Board Elections

  • Board Candidates Board Candidates
    Biljana Cerin

    Biljana Cerin, CISSP (Croatia)
    Biljana Cerin is the Director of Ostendo Consulting, an information security governance, risk management and consulting services company founded 2011 in London, U.K. and Zagreb, Croatia. Biljana has over 20 years’ professional experience in leading successful information security projects for clients in financial, telecommunication, government, oil and gas, energy, biotechnology, higher education, and IT services sectors worldwide, such as Fortune 500 biotech Amgen, Stanford University Hospital and Clinics, MGM Resorts International, Merck and other leading world, regional and domestic companies.

    She strives towards engaging young professionals, especially women, in information security field during early stages of their careers and establishing a stronger connection between the professional community and educational institutions. In 2019. she was selected to the Top 50 Women of Influence in Cybersecurity in Europe, by the SC Magazine UK, and in 2020. she was selected to the US Department of State premiere IVLP program to participate in collaboration and strengthening of the cyber security community initiatives worldwide.

    Biljana is also the President of the Cybersecurity Association at the Vice president of the IT association at the Croatian Chamber of Economy. She is a frequent speaker at leading international information security conferences, and the bearer of CISSP, CIPP/E, CISA, CISM, CGEIT, CBCP and PMP professional certifications.

    Tony Cole

    Tony Cole, CISSP, SSCP (United States)
    Tony Cole is a cybersecurity expert with more than 30 years’ experience, a bachelor’s degree in computer networking and holds the CISSP and SSCP certifications. Today, he serves as Attivo Networks Chief Technology Officer. Prior to joining Attivo Networks, Tony served in a number of executive roles at FireEye, McAfee and Symantec. He is retired from the U.S. Army and was an early advisor to Wall Street on the cybersecurity market. Tony is on the Advisory Board for Bayshore Networks and TDI Security. He also serves on the NASA Advisory Council and is a former president of ISSA-DC.

    Thomas Kristmar

    Thomas Kristmar, CISSP (Denmark)
    Thomas Kristmar is an experienced manager and has started up several organizations including the first national GovCERT, the first joint Government and Military CSIRT at the Danish Centre for Cyber Security and the first national Cyber Threat Assessment Unit based on all-source intelligence access. Thus, Thomas has a strong acumen for the cybersecurity needs from both Government and Business. Thomas got his CISSP in 2002 and was among the first 10,000 to get the certification. He is currently Senior Manager at KPMG.

    Thomas is a Master of Political Science from Aarhus University, Denmark and holds CISSP and CISA certifications. He is a "Recognized Reviewer" at Elsevier as a reviewer for the Academic Journal Computers & Security and speaker at cyber security conferences. Thomas is currently appointed cyber security expert to the Danish Eastern High Court and appointed member of the Danish Governments National Cyber Security Council.

    Eiji Kuwana

    Eiji Kuwana, CISSP (Japan)
    Eiji Kuwana, Ph.D., CISSP, is the senior executive vice president and chief information security officer (CISO) of NTT TechnoCross Corporation of the NTT Group, a global leader in information and communications technology. Eiji joined NTT Laboratories in 1984 and has since held positions of increasing responsibility in research, engineering, and management. He led the cybersecurity business and contributed to enhancement of cybersecurity workforce in Japan as the executive vice president and CISO of NTT Advanced Technology Corporation from 2016 to 2020. Eiji led the NTT research and development efforts for cloud and cyber security technologies and also led the R&D team as the Executive Vice President and Chief Operating Officer of NTT Innovation Institute, Inc. the Silicon Valley-based R&D arm from 2013 to 2015. He was in charge of formulating strategic plans for various innovative R&D projects as the senior vice president and director of the NTT Information Sharing Platform Laboratories and the NTT Secure Platform Laboratories from 2010 to 2013. He demonstrated leadership as director of the institute, worked to strengthen NTT-CERT, actively worked to strengthen ties with cybersecurity organizations such as FIRST, and developed it into a leading CSIRT organization in Japan.

    He is a member of expert panel on evaluation for Science and Technology Policy, Council for Science, Technology and Innovation (CSTI,), Cabinet Office of JAPAN since 2017, and has contributed to Japan's R & D policy and its evaluation from a professional standpoint. Specifically, he is in a position to present opinions on the evaluation of nationally important R & D projects led by government ministries and agencies, the evaluation of the National Institutes’ activities, and has expressed opinions on the importance of cybersecurity.

    He has been an (ISC)² APAC Advisory Council member since 2019 and been a member on (ISC) ²’s Global Achievement Awards Committee since 2020. He has also been making various efforts to develop cyber security professionals in Japan. He served as the supervisor of translation projects such as Official (ISC) 2 Guide to the CISSP CBK (Fourth Edition) in 2018 and CISSP Official Practice Tests in 2019. In particular, for the Official (ISC)² Guide to the CISSP CBK, which was published in Japanese in 2005 and remained unpublished for 12 years, he led as the supervisor to the Japanese translation of its fourth edition in 2018.

    Eiji has published more than 40 scholarly works on the subjects of computer networks and software engineering. He also served as a technical program committee member for conferences produced by the Association of Computing Machinery (ACM) the Institute of Electrical and Electronics Engineers (IEEE), and the Information Processing Society of Japan, such as ACM DIS’95, ACM CSCW’96, IEEE CoopIS’95, ICPAD’96, and APCHI’96 – ’98.

    Eiji received his B.E. and M.E. degrees in Computer Science from the University of Electro-Communications in Tokyo in 1982, and 1984, respectively, and earned his Ph.D. in Computer Science from the University of Tsukuba in 2000. He was a visiting research scientist at the University of Michigan from 1991 to 1992.

    Samara Moore

    Samara Moore, CISSP (United States)
    Samara Moore, AWS Security Assurance Senior Manager and Global Energy Specialist, leads the security and compliance program for regulated industries and public sector in the Americas region. As a thought leader and seasoned cybersecurity practitioner, she has focused her career on implementing and sustaining programs to effectively manage cyber risks and align security measures with business and IT strategies. Prior to joining AWS, Samara managed enterprise security programs for regulated and non-regulated environments for a major energy provider. She also managing security programs within the federal government for over ten years, including as a former Director of Critical Infrastructure Cybersecurity for the WH National Security Council and Sr. Cybersecurity Advisor at the Energy Department. Samara has worked in security consulting, operations and policy, and led development of frameworks such as the Electricity Sector Cybersecurity Capability Maturity Model and supported development of the NIST Cyber Security Framework.

    Jill Slay

    Jill Slay, CISSP (Australia)
    Professor Jill Slay has established an international research reputation in cybersecurity (particularly Digital Forensics, Cyber Intelligence and Cyberwarfare) and has worked in collaboration with the Australian Federal and State governments and with many industry partners. Jill was a prior Board Member of (ISC)² and is currently a member of the (ISC)² Asia Pacific Advisory Council. She has been a Director of the Oceania Cyber Security Centre, the Australian Victorian Government's Cyber Research Centre for the last two years and has many years of experience of governance through University Boards and Committees and government collaboration.

    Jill is currently the University of South Australia SmartSat Professorial Chair in Cybersecurity and also leads the Cybersecurity and Resilience Theme of the SmartSat Australian Co-operative Research Centre (CRC). Her work thus focuses on the context of satellite cybersecurity and resilience. She has been an Affiliate Faculty member with Professor Corey Schou at Idaho State University for nearly twenty years. She has published more than 140 outputs in information assurance, critical infrastructure protection, security and forensic computing. She has completed the supervision of 20 Ph.D.s and many master’s and Honours theses and has been awarded over AUD 5 million in research income.

    Jill was in 2017-2019 Director of Cyber Resilience Initiatives for the Australian Computer Society (ACS) and led ACS work on the development of Professional Standards in Cyber Security with (ISC)² and ISACA. Jill works closely with the Australian Defence industry and several smaller cybersecurity start-ups in cyber risk and resilience research, development and training.

    Jill was made a Member of the Order of Australia (AM) for service to the information technology industry through contributions in the areas of forensic computer science, security, protection of infrastructure and cyber-terrorism. She is a Fellow of ACS and a Fellow of (ISC)² both for her service to the information security industry.

    Lisa Young

    Lisa Young, CISSP (United States)
    Lisa Young is Vice President, Cyber Risk Engineering of Axio and collaborates with organizations to build resilience capabilities with a specific focus on cybersecurity and operational risk management program design and implementation.

    Previously, Lisa was a senior engineer at CERT at the SEI of Carnegie Mellon University, where she was a member of the Cyber Risk and Resilience Management Team. In this role, Lisa was responsible for applied research in risk and resilience management, including teaching courses on CERT-RMM, the OCTAVE® risk-based assessment method, and the Measuring What Matters: Security Metrics Workshop based on the G-Q-I-M methodology.

    Lisa managed many high-profile engagements during her tenure at CERT, including the successful implementation of an enterprise risk management initiative for a FORTUNE 500 organization and improvements in the vendor risk assessment process for a large European financial institution. Lisa co-authored the CERT Resilience Management Model (CERT-RMM) and the OCTAVE Allegro Risk Assessment Method.

    Lisa has earned a Bachelor of Arts degree in Business Administration from the University of South Florida and a Master of Science in Cybersecurity Public Policy from the University of Maryland University College. Lisa also maintains the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) certifications, and the CERT Resilience Management Model Lead Appraiser and instructor credentials.

  • Board Election FAQs Board Election FAQs

    How does the (ISC)² Board of Directors election process work?


    The election takes place for two weeks every year. All members in good standing as of the date specified in the election notice and of the date of the election may vote. The Board puts forth several recommended candidates each year, and members in good standing as of the date specified in the election notice may petition to have their names added to the ballot.


    Who is eligible to vote in the Board election?


    (ISC)² credential holders in good standing as of 18 May 2020 and the date of the election can participate in the Board of Directors election process.


    Why are only some Board positions available for election?


    Board members are elected to three-year terms, and those terms are staggered so that only one-third of the members stand for election each year. This is consistent with common practices for nonprofit organizations, providing continuity of leadership and stewardship.


    Why doesn't the Board place a call for nominations?


    Early in the year, the Board begins looking for potential candidates for the Board. This review begins by asking for suitable nominations from its various advisory boards and committees. This search typically yields approximately 25 potential candidates. The Nominations Committee then spends time vetting the candidates against various criteria listed below. This nomination and vetting process ensures that candidates have demonstrated their ability and desire to provide their time and energies to the organization over an extended period of time and are likely to be productive Board members.


    What does the Board look for in candidates it puts forth on its endorsed slate?


    When assembling the endorsed slate every election year, the Board is looking for a balance of experience and particular personal characteristics. Prospective Board candidates must:

    • Have an established record of leadership in the field of information systems security.
    • Have experience in a managing or directing strategic program across an enterprise.
    • Have earned the respect and trust of peers in the subject of information security.
    • Have an established record of advancing the field of information security.
    • Have not been a salaried employee of (ISC)² or its affiliates.
    • Possess the ability to: listen, analyze, think clearly and creatively, and work well with people both individually and in a group.
    • Have the willingness to prepare for and attend four or more in-person board meetings, weekly teleconferences and committee meetings, ask questions, take responsibility and follow through on a given assignment, and read and understand financial statements.
    • Create opportunities for (ISC)².
    • Have a commitment from his or her employer to support the time off from work required to support this commitment.
    • Have a willingness to cultivate and recruit future Board members and other volunteers.
    • Possess honesty, sensitivity to and tolerance of differing views, and a desire to serve as a member of a team.
    • Be friendly, responsive, and patient in dealings with fellow Board members, and possess a sense of humor.
    • Adhere to the (ISC)² Code of Ethics.
    • Promote the agreed collective Board opinion above their own personal views.
    • Advocate for the organization. Work for change or acceptance where organizational views do not mirror those of the Board member.
    • Refrain from bringing the organization into disrepute through personal actions or words.
    • Qualify for eligibility based on the current (ISC)² Bylaws.

    What selection criteria does the Board Nominations Committee use?


    The primary criteria used by the Nominations Committee are a matching of potential candidates to the ‘Experience and Personal Characteristics’ described above. The Committee will not nominate anyone whom the members feel, or know from experience, cannot meet these requirements. Above all, the Board is concerned with how well the membership will be served through the work and responsibilities of their proposed nominees.


    Can (ISC)² members nominate others for Board election?


    Yes. As detailed in the (ISC)² Bylaws, the name of any qualified person who agrees to serve if elected may be submitted by a signed, written petition, of at least 500 members in good standing as of the date of the election announcement, to the Board at least 60 days in advance of the start of the election.


    Why do the Bylaws set 500 members in good standing as the requisite number for the petition process?


    When the membership ratified the current Bylaws, they determined one percent was seen as a low enough number that could reasonably be achieved by any member, particularly given that signatures could be electronic and the numerous mediums that are available, both official and unofficial, for gathering those signatures. The Bylaws set a number that would not be so small as to make the process so easy as to be perfunctory and not accurately reflect the size of the organization but at the same time not so large as to be an impediment.


    Does (ISC)² notify the membership when and how to recommend Board member candidates or prepare a petition for candidacy?


    While (ISC)² is not required to notify the membership of any deadline pertaining to the petition process according to its Bylaws, (ISC)² notifies its members of petition procedures and deadlines every year. The Bylaws provide that petitions for names to go on the official ballot must be received no later than sixty (60) days prior to the election in time for the Board to ensure that they are otherwise qualified and agree to serve if elected and to place them on the official ballot. Eligible members may vote for any qualified candidate who agrees to serve.


    What are the instructions for submitting petitions* to nominate a Board candidate?


    To submit a petition, follow these steps:

    • No later than the deadline, submit a written or electronic petition to (ISC)², containing the signatures of no less than 500 (ISC)² members who are in good standing.
    • For electronic petitions, the candidate must submit an e-mail that contains (a) original encapsulated emails from supporters using their e-mail address of record and providing their (ISC)² member ID number; and, (b) an Excel spreadsheet listing of all such names with corresponding email address of record and (ISC)² member ID number.
    • All petitions will be verified to ensure that they meet all of the requirements. If yours does not, we will notify you as soon as possible, giving you the opportunity to resolve the matters that prevented your first submission from being accepted and submit a corrected petition.
    • If someone else nominates you, you may decline the nomination.

    *NOTE: (ISC)² does not endorse petitions. It is up to petitioners to promote their own petition and encourage other members to visit the site and "sign" their petition. (ISC)² will, however, send one email message per election year to all members on behalf of any candidate providing a link to more information about that candidate.


    Other than receiving the required number of petition signatures, what determines if a candidate is qualified?


    The minimum qualifications, as set forth in the Bylaws, are that the candidate be a member in good standing, have sufficient command of the English language, meet the term limits requirement, and agree to serve if elected. Members may vote for anyone who meets this minimum qualification. See the question titled, "What does the Board look for in candidates?" for more details on candidate qualifications.


    Where should I go if I have any questions about the Board of Directors election?

  • Board Election Timeline Board Election Timeline

    14 June 2020

    Board slate of nominees and electronic petition procedures announced

    14 July 2020, 5:00 P.M. EDT

    Deadline to submit petitions to ballot

    08 September 2020

    Announcement of instructions for electronic voting

    15 September 2020, 8:00 A.M. EDT

    Electronic voting begins

    29 September 2020, 5:00 P.M. EDT

    Electronic voting ends
  • Voting Instructions Voting Instructions

    (ISC)² Annual Election Voting Instructions

    It is that time of year and we encourage all of our members to participate in the election process beginning 15 September 2020. Your vote helps set the direction of the organization over the next year.

    1. Voting is done electronically via the secure side of the (ISC)² website at can only cast one ballot; there will be NO voting in person.
    2. You will be required to log in by entering your User ID and password.
    3. To record your vote beginning 15 September 2020, please launch the election application online at
    4. Click the Vote Now link in the banner at the top of the page.
    5. Background information for each candidate is available by clicking the bio link next to that candidate’s name.
    6. To cast your ballot, check off or write in up to four candidates. No more than one vote per candidate will be counted.
    7. If you elect to cast a write-in vote, please ensure the name matches the candidate’s name of record. Variations in spelling that create doubt as to who you are voting for will NOT BE COUNTED! (e.g. James E. Brown vs. Jimmy Brown vs. J. Brown vs. James Borwn)

    Prior to the start of the election, visit the board candidate slate to find out more about the candidates. You may also join the (ISC)² Candidates Forum on the (ISC)² Community page where you may ask the candidates questions. 

    As a reminder, eligibility to vote in the election requires a member to be in good standing as of the date of the election announcement, 15 May 2020, and the date of this notice. If you have any problems with the election, please email


Don't Miss Out

Keep in Touch
Always get news, events and enrichment opportunities that give you a professional edge. Stay in touch and on track with new (ISC)² communications. Easily customize your subscriptions to receive exactly what you need at