My (ISC)2 Report Card

It has been 8 months since I managed to get myself on to the (ISC)2 Board of Directors and I'm overdue for a report card. While I have been working away like a mad man, not to mention a new day job with Akamai and a new kid on the way, I have neglected to report back. Since I managed to get elected to the board learned a great deal. With the looming election run on the horizon for any possible candidates I thought it best if I would share my perspectives on the board.

First and foremost I wish I had someone sit me down and walk through what to really expect from working on the board of an international not for profit organization. I went in with a head of steam and was hell bent on changing the world. Much to the surprise of the incumbents I was quiet for the first couple of board meetings. Rather than show up with a flaming sword of justice I opted to learn the workings of the board and see what it really was that I had gotten myself into. Now, bear in mind this is an organization that has been through some tumultuous times since its inception in 1989. During my very first board meeting in January this became crystal clear with the resignation of the (ISC)2 counsel. While these meetings can sometimes be contentious this is, in fact, a good thing. This helps drive discussion. The board is a hive mind that has the role of providing governance for an organization the employs roughly 90 people in support of a global membership of approximately 90,000. No small feat at the end of the day. The board has a fiduciary duty to provide strategic governance to the organization. I would personally add to that a need for greater level of transparency with the membership.

So, what have I learned in this first few months? Well, this is definitely bigger than a bread box. To be able to work with my fellow board members to help improve the value proposition for the members is a role that I do in fact enjoy. I wasn't sure that I would be able to say that when I first started my campaign almost a year ago. A great deal of good work is underway and not all of it can be discussed as it is protected under attorney client privilege for the time being. But, these things will reveal themselves as we move forward. I have been working hard to instill defined repeatable processes. There are also multiple things that (ISC)2 does that I wasn't completely aware of such as the (ISC)2 Foundation. The reason for this is that I had opted out of my (ISC)2 emails at some point in the past. As a result I wasn't getting updates nor was I aware of a lot of the things that were going on. 

In the last few days I have been asked the following questions many times, "Was it worth it?" and "What can we do to help?". The answer is, yes to both. OK, yes to one and hold that thought for the other. Being a member of the board isn't a light undertaking to be fair. That being said, not an impossible task either. You would need to be able to commit the time to do the job. This requires attending board meetings on a quarterly basis and participating in various committees. For the sake of clarity, the board doesn't set the day to day tasking for the organization. We provide governance for the organization and only have one direct report. That person being the the executive director which, in this case is Hord Tipton.

If you are interesting in running for one of the open board spots there are a couple of options. One is the petition process which I went through last year. This is a process wherein you need to gather 500 signatures from (ISC)2 members in good standing. To do so you will need to get an email from each member with their endorsement and member number. This email must come from the address that the (ISC)2 has on file for them. You will need to be able to provide these emails to (ISC)2 as evidence. This exercise should get you onto the ballot. Next step will be getting the votes in the election. As a petitioner I found this as painful process and not for the faint of heart. There should be a better way to have this done and hopefully that will happen for the election cycle next year. The other option that is available is the write-in for the ballots. This is where you can add a candidate name to the ballot that was either not part of the nominations or the petitioning process. The salient point here is that it has to be the persons name as it is found on file with (ISC)2.

Here are dates that you need to keep in mind if you plan to run:

  • 18 August 2013 - Board slate of nominees & electronic petition procedures announced
  • 17 September 2013, 5:00 p.m. EDT - Deadline to submit petitions to ballot
  • 9 November 2013 - Announcement of instructions for electronic voting
  • 16 November 2013, 8:00 a.m. EST - Electronic voting begins
  • 30 November 2013, 5:00 p.m. EST - Electronic voting ends

As to the question, "What can we do to help?" the easy answer here is GET OUT AND VOTE! Sorry for shouting but as this is a democratic process if you don't participate...well, you see where I'm going. This is an org that I believe can be improved upon. Like anything of this size it won't turn on a dime.    

(Image used under CC from R'Iyeh Imaging)

Copyright © 2013 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline