A bid for the (ISC)2 board of directors: Beyond campaign promises

It’s been roughly two weeks since I started my petition as a write-in candidate for the (ISC)2 Board of Directors (BoD) elections. And what a two weeks it has been.

As you may be aware, (ISC)2 is the organization best known for their CISSP (Certified Information Systems Security Professionals) certificate. A certificate that has been regarded as the golden standard in information security by some and called out in its flaws by many others.

(ISC)2 has a BoD election on a yearly basis where several candidates are endorsed by the current board and other members can be included on the ballot if they collect 500 signatures. This year I’ve decided to be a write-in candidate. I will collect 500 signatures and be on the ballot in November.

In the past two weeks, I’ve received the support of over 360 people and I’ve been asked several very good questions from a good part of them. Obviously, I’ve put forward my platform but I want to move beyond the “election propaganda’ and besides the what, I feel I need to address the how I want to achieve this.

Increase collaboration with the information security community

More than anything, I am anchored in the information security community. I believe that in everything that I do the metaphor “nanos gigantium humeris insidentes” (dwarfs standing on the shoulders of giants) is paramount.

Looking back at the 14 years I’ve been professionally active, I have learned from people that have taken the time to teach me things I would otherwise have been unable to grasp. Incidentally, the information security community (while sometimes perceived as “a little weird’) is especially focused on sharing information and knowledge, one of the primary objectives I also find in (ISC)2.

As I understand that the perception about our community is more than a little botched, my first goal is to address this misconception together with my fellow board members. I will then take the lead in initiatives that will increase the collaboration with our community.

On Twitter, one person remarked that he could not endorse a candidate that (paraphrasing) “wants to bring hackers into the profession”. Let me make this clear: If I am elected, I will not bring hackers into the profession. They are already there in great numbers.

A review of the certification requirements for the CISSP

At this moment I am not convinced that the certification still serves it’s primary objective: proving the skill and knowledge of the certified professional. It has, in my humble opinion, developed into a tool for HR selection and a selling proposition for security services. I believe we first have to listen to the membership on their opinion of the certification and based on that information take the necessary steps to prepare the certification to stand up against other well-established certifications. One of my plans is motivated by my intention to prioritize knowledge sharing.

A CISSP candidate could write a paper on a specific subject from the CBK. The papers would be made available to the public in a searchable archive and the candidate could be rewarded for his effort. I believe this can work and will have an immediate effect on the perception around the certification.

Internationalize (ISC)2 vision

With more than 97000 members, (ISC)2 has a very big opportunity to play a role in solving the information security issues we see on a global level. By reaching out across borders (and across organizations) and becoming more inclusive, we are in a unique position to help address problems like international cybercrime, the impact of regulatory requirements on information security budgets, cloud computing security. For this, everybody within and outside the organization is my ally.

One of the most striking questions I’ve received so far is “Why you?”

This one is not easy to answer as I never feel something is about me. I am empowered by others and privileged to be able to do what I love so much in a wonderful community. So, in that regard: instead of making this about me, let’s make sure that your voice is heard. I am ready, with your support.

If you think about supporting me, please take the time to read my platform and follow the instructions posted there.