Next week, 90,377 certified infosec professionals across the world will begin the voting process to fill five seats on the (ISC)2 International Board. I’m honored and amazed to be one of the people on that digital ballot. I don’t really know how I ended up alongside this lot. This year’s candidates are very strong, and there are several incumbent members re-running with what I’m sure are invaluable experiences and insights. And then, there’s little ‘ol me up there; the only female on the ballot, but I’m completely accustomed to that. Here's everything I think you need to know about me as a candidate and a person, and toward the end there's even a big honkin' paragraph with everything you never wanted to know about JJ.

Next week, 90,377 certified infosec professionals across the world will begin the voting process to fill five seats on the (ISC)2 International Board. I’m honored and amazed to be one of the people on that digital ballot.

I don’t really know how I ended up alongside this lot. This year’s candidates are very strong, and there are several incumbent members re-running with what I’m sure are invaluable experiences and insights. And then, there’s little ‘ol me up there; the only female on the ballot, but I’m completely accustomed to that.

Here’s everything I think you need to know about me as a candidate and a person, and toward the end there’s even a big honkin’ paragraph with everything you never wanted to know about JJ.

Accepting the Nomination

Accepting the candidate nomination wasn’t an easy decision for me. The term of service is three years, and it’s not just a cushy title; as a board member, you’re required to attend meetings across the globe and contribute extensively to working groups and task groups within (ISC)2.

The nomination, evaluation and recommendation process for even being considered is a lengthy one. And, that’s before we even think about the voting process. My decision to run for the (ISC)2 board means giving up my current position on the ISSA Raleigh Chapter board for 2014, and beyond. If you know how much I love our ISSA Chapter and members, you’ll understand I didn’t make this decision lightly.

Candidate Profiles and Platforms

The candidate profiles are up on the members-only portion of the (ISC)2 site. If you’re logged in you can reach it at https://www.isc2.org/board-slate/Default.aspx. There are eight candidates and five open seats.

I’ve read through each of the bios and the section that is of most interest to me, personally, is how each candidate approached the response to the question posed “WHERE WOULD YOU LIKE TO LEAD (ISC)2 AS BOARD MEMBER?” To me, this is the most telling section, and these responses drive who I’ll vote for. My responses are on the bio site, and I’ve included them below with some additional notes and maybe even a bit of language not appropriate for the (ISC)2 site.

What can I do for (ISC)2  and members ?

First, I want to be completely transparent here. What I wrote in my candidate nomination response and what I wrote for the bio on the candidate web sites were different. They’re not contradictory, but I want to share both responses and explain the delta.

The nomination committee response reads: “There are some programs I’d like to see, but as I mentioned in an earlier section, I think it would be prudent to find out what I don’t know and get more familiar with the organization before making recommendations. Also as stated earlier, I think there’s room to improve the community’s perception of ISC2, and continue to grow it as THE organization for our industry. ISC2 has extensive initiatives and programs, and I wouldn’t doubt that many of the ideas I have (or will have) are things that are already implemented, or being considered.”

One thing I’ve learned in the past few years is that many of the complaints about ISC2 are unfounded and/or due to a lack of understanding (usually caused by a lack of communication). And so, sometimes it pays to just sit with your trap shut until you figure out what’s going on.

Or, as my Grandfather quoted Lincoln so many times, it is “better to remain silent and be thought a fool than to speak out and remove all doubt.”

Knowing that response would be considered a cop-out by most, and wanting to share what I believe I can help with, my public candidate profile (Jennifer Minella ,USA) dives in to some specific objectives. Here are those responses with more detailed personal notes and explanations.

I think (ISC)2 as an organization has some roadblocks and some negative perceptions that need to be cleared up for it to move forward and reach its full potential.

  • Reinvigorate the organization’s mission
    • First, what’s our goal? We need to figure out which road we want to take, and make a mission out of it. Share it, spread it, preach it, live it and make it come alive.
  • Clarify and communicate objectives and strategies to membership
    • Half the time, we (members) don’t know what the hell (ISC)2 is doing, or why they’re doing it. I think communication is key, and that communications should be two-way. Members vote for their leaders, and those chosen to lead should clearly define goals then make and communicate their decisions clearly, as one voice. What are we doing, and why? I think the board knows the answers to these, but that message needs to be unleashed from its bottle and spread far and wide.
  • Identify what the membership needs most and create projects to meet those needs
    • This is more of that two-way communication so sorely needed. In order to best serve the members, the board needs to know what the members need, what they want, how they want it, and when. To get that data, we need to find more meaningful ways of capturing interests and translating them to programs or action items. Members are chomping at the bit to offer ideas that could help grow the organization and realize more value, and those members are a wealth of collective brainpower and experience. Let’s tap in to it!
  • Foster local groups, including (ISC)2 and sister organizations
    • The rollout of local (ISC)2 chapters has been a little messy and confusing (at least in my region). I’d like to see a plan with some cohesion and leveraging of people and resources that already have strong communities built. I don’t know what this looks like, but I think we can get feedback and do some noodling for a solution that would service members better.
  • Lead short-term tactical groups to address emergent security issues quickly
    • I’ve witnessed a lot of ad-hoc meetings by industries to work together and quickly address a common threat or challenge. Often these groups are technically competitors when in the private sector, but they collaborate (unofficially) for common goals. I’d love to explore whether this is challenge (ISC)2 can help solve by connecting people and creating safe sharing environments.
  • Offer solutions for better transparency and tracking to address localized concerns in certain regions
    • This has been an area of contention for many, and was the topic of a panel we hosted at RSA USA earlier this year. The perception, especially in the USA, is that (ISC)2 is severely lacking in transparency. Members here have expectations to certain information related to certification granting and revocation. The laws and culture vary greatly from region to region. Privacy laws in some regions prohibit that type of information sharing, and I’m curious to explore whether we can solve this perception by segmenting regionally so that (ISC)2 can meet the expectations of its local members across the globe.

Working towards these goals, and accomplishing even a couple will create strength and cohesion amongst (ISC)2 members and bolster the value of (ISC)2 in the community.

In my time serving the ISSA Raleigh Chapter in North Carolina, USA, we had many of the same goals and successfully implemented strategies that increased membership twofold, improved meeting attendance threefold and strengthened the value of the organization through focus groups, free trainings, career support groups and outreach programs. My time with ISSA has been an invaluable learning experience.

While (ISC)2 offers a greater set of challenges, I’ve seen the amplitude of small changes as they propagate out across a membership, and it excites me to think of the good impact we can have on the many (ISC)2 members around the globe.

Timeline for voting:
November 8, 2013 – Announcement of instructions for electronic voting from (ISC)2
November 16, 2013, 8:00 am EST – Electronic voting begins
November 30, 2013, 5:00 pm EST – Electronic voting ends

Who am I really?

You can read my professional bio online at the candidate page, or LinkedIn https://www.linkedin.com/in/jenniferminella. But, that doesn’t really tell you who I am so I can do that here. Hello, my name is Jennifer! I’m 34. I live in central North Carolina, USA. I’m married to my best friend and partner in crime, who willingly puts up with all my craziness and occasionally ridiculous work travel, and we have two dogs. My friends call me “JJ” which confuses people because now my last name is Minella, not Jabbusch. Being a Southern girl, I love my family, motorcycles (I have a Ducati), cigars, and (legally licensed and responsibly used) firearms. I’m an ex- competitive American-style ballroom and Swing dancer. For a few years, I also competed in Shag. For my friends across the pond, that’s a DANCE here, not… the other thing. Reading is one of my favorite things to, and I’m happiest doing that near large bodies of water, namely oceans. Technically I’m a Libertarian. Inspiration comes to me in all forms, sometimes it’s the tri-color foam at the car wash and other times it’s readings from the Dalai Lama. I can be bribed with dark chocolate, so long as it’s 88% or higher cocoa. Thanks to my husband, Dave, I now LOVE (watching) motorcycle racing, there’s a photo of me with Mark Marquez at a party, Lorenzo is so nice but Rossi is my favorite. Dave is also to blame for my infatuation with rugby. I love it; I don’t even watch American football any more. My adult beverages of choice are Italian red wines, especially Montepulciano, but I’m also partial to a good gin martini or gin and tonic. Playing the devil’s advocate is my favorite game, and I can argue just about any point. My strongest opinions are about health and nutrition. I love meditation, yoga, Tai’Chi, qigong. I’ve decided the difference between being direct and being blunt is politeness, and I’m working to be more direct, and less blunt. I’ll let you know how that goes. I’m a Pisces, which is awesome because I really love fish; eating them, watching them, swimming with them. If you haven’t realized it already, goofiness is one of my traits. I embrace it, and make sure I never take myself too seriously. Both of my parents were military intelligence while in service. Yes, both of them. That sucks when you’re a kid; there’s no pulling one over on the parents. Organization is my super power. I use it in everything I do and can seem a bit obsessive compulsive at times. Wow, are you still reading? I think that about sums up the fun bits.

 

If you agree with my principles and objectives, then I ask for your vote starting next week!

I’ll be sharing more thoughts on the elections soon.

 

Questions?

If you have any questions you’d like to ask before you vote, please feel free to reach out to me directly, via http://securityuncorked.com/contact/ or if you want to share publicly, you can always post comments/questions here.

jj

Author, speaker, and recognized authority on network and wireless security architectures, Jennifer (JJ) Minella helps organizations solve technical problems and align teams.

View all posts

12 comments

  • I would suggest making available the lists you discover for and by the members.

    If you are elected good luck with organizing better communications between the membership, ISC2, and the Board.

    As you develop the polls, it might be interesting to publish the results of the responses; if we take the time to answer them, we would also be interested in seeing the data. I realize the analysis may be part of a bigger picture and would not expect to see that result for a while.

  • Re: Specific recommendations for improving communication

    I’ve talked a lot about “meaningful, two-way communication” as being a necessity. Sending press releases and member announcements by email is more of an alerting system than a communication method.

    Obviously with 90k+ members, the communication has to be structured, but not necessarily formal. I would envision something tiered that would include structured monitoring of online and in-person groups.

    That would include watching LinkedIN, twitter, Facebook, G+, forums (official ISC2-cert forums and maybe the top 1-2 unofficial forums per region). Plus, structured communication from chapters, regions, committee teams and any live gatherings at events; member receptions, conferences, social events.

    That sort of intelligence gathering should be for the purpose of keeping a pulse on the active membership, acknowledging where there are member pain points, and facilitating a way to gather enough input to identify trends and member needs.

    All this would be in addition to updates to the more structured feedback systems – member surveys and polls, as an example. Most surveys are constructed completely backwards, and trending data is not kept or analyzed. I think that’s an easy fix.

    Also, a more difficult program but possibly the highest ROI, may be to have more formalized regional groups and ways for each region to communicate more closely with members local to them, and then of course filter and feed key points from those interactions back up to the board.

    There are a lot of ways to improve communication. I’ve been overseeing communication in my organization for more than 10 years, and revamped the communication at our ISSA chapter in the past several years. By all accounts those efforts have proven very successful.
    -jj

  • The question was asked “You’ve talked a lot about “communication” but I don’t see any specific recommendations. How do you propose ISC2 fix communication with members?”

  • Each of your points speaks to (ISC)2 having extremely poor communication skills in every area. I completely agree. They may have great things going on internally. They may be the very best at what they do. They may have the most focused vision ever. None of that matters in the least if they are unable to communicate any of it to the world at large.

    While there should be continuity on any board, there is also a need for new people to bring in new ideas and even… communicate them!

    Now I have to start reading and decide which other 4 candidates I will vote for. ;)

    • Thanks Teresa!
      The board is a 15-member board, with 3-year terms, and a 1/3 rotation. So, this year, you’re electing the 5 new members for 2014-2017, serving with the other 2/3 of the board. They did a good job with that to ensure continuity. Also, the people I’m suggesting you to consider for the write-in campaign have an understanding of the organization and are already working closely with ISC2 initiatives.

      Let me know if I can answer any questions. I’d also strongly recommend reading over the resources compiled at JJ’s Complete Unofficial (ISC)2 Voter Guidebook
      http://securityuncorked.com/?p=1864
      -jj

  • Hi Chimp,
    That’s a great question. In my notes above, I briefly touched on two-way communication. I think communication is critical in all aspects of business and relationships, and ISC2 is severely lacking in MEANINGFUL communications. Sure, we get press releases and member updates, but there’s no soul, no face, no personality, and no tiered system in place (that I know of) for member requests to filter up to the directing board. We as members are screaming in the dark, and no one hears our cries. I think the local chapters may be the ISC2’s first major attempt at facilitating that, but I think we can do much better. After being involved in communications roles at ISSA over the years, I have some ideas I’d like to take with me to the board.
    -jj

  • First off, thank you for running. I can see that you don’t take the responsibility lightly and I appreciate you thinking this through.

    The question I have for you today is in relation to my personal benefits from being a member.

    As I don’t seem to figure out who this organisation is, I am doubting if this organisation knows who I (or any member for that matter) am.

    How do you think (ISC)2 should address this and what would your main action points be?

  • To respond fully, I’d need more information, specifically is the issue arising from candidates not having the 5-year professional requirement, or from incorrect/false information on the endorsement form?

    The CISSP requires this professional work experience:
    – 5 years professional experience
    – 4 years professional experience + an infosec degree
    – 4 years professional experience + another approved certification

    Professional experience must be in 2 or more of the CISSP domains. I think this could be where the waters get muddied. Historically many (but not all) of the infosec jobs have morphed from other IT roles. So, maybe someone was a network or sys admin or director/manager, and had some security responsibilities, but it was not their primary job function at the time. Does that count? Should it? Where do we draw the line? I don’t know the answer to that.

    So, if you’re saying this is the source of the problem, then maybe ISC2 needs to identify those professional requirements with more granularity – or maybe they have and we then need to figure out how to communicate and enforce it.

    On the other hand, I think we have to ask, is it really an issue? Is the issue solely in perception, or is the issue that we have unqualified professionals making mistakes or causing problems due to their lack of experience?

    If the problem is not related to this, then let me know please!
    -jj

  • This question was asked “As a Board Member how would you address the concerns of the CISSP and other ISC2 certifications being devalued in the public’s eye since individuals not having the required experience receiving the credential.”