Wim Remes' Bid for the ISC2 Board of Directors Ballot

[InfoSec News <alerts () infosecnews org>]

Forwarded from: Wim Remes <wim (at) remes-it.be>

=====
Change is hard work -- My bid for the (ISC)2 Board of Directors ballot
=====

(ISC)2, the institution best-known through the CISSP certification, has been 
the subject of a lot of discussions in the past years. Here on Infosec Island, 
via twitter or on personal blogs, (ISC)2 certifcation holders and the 
uncertified have written about the value of the certification, the process of 
obtaining it, (ISC)2's code of ethics and how the tech industry views the 
certification. While some opinions are clearly biased, I don't necessarily 
disagree with them.

I've always wondered how I, as a member of (ISC)2, can make the CISSP process 
better.  How can I bring back the true value of the certification, proving that 
the holder grasps the knowledge required to be called a security professional? 
How I can I influence the organization to develop a contemporary view of the 
information security community and the information security industry? How can I 
make the organization efficiently engage with that community?

I can't, unless I join them in a more effective capacity than a simple cert 
holder. Not by paying my Annual Maintenance Fees or gathering enough Education 
(CPE) points. Not by standing on my soapbox and calling them out on every move 
they make. Not by throwing my certification in the trashbin. Last year I 
entertained the thought of running for the ballot but I was too late to 
actually do it. This year I'm even more motivated and ready to make the ballot. 
Based on feedback from the information security community, I believe it's time 
to be the change I envisioned. I truly believe this is the way forward.

The process is lengthy and cumbersome. I need to convince 500 (ISC)2 
certification holders that I'm not running a major social engineering effort 
for my next Blackhat talk and have them send me their name, email address and 
certification number.  If I have 500 people backing me, I will make it on the 
ballot and cert holders will be able to vote for me starting November 16th.  If 
all that works out, I will be able to join the board and make a difference.

The question you should ask me and *any* prospective board member is; "If you 
are elected to the board, what do you want to accomplish?" ... Here is my 
personal response to that :

* From within the organization I want to make (ISC)2 step up their game and 
reach out to the information security community to actually collaborate with it 
instead of alienating it. For me personally, this community is a large part of 
what energizes me to keep doing what I love most. I think we need to leverage 
that energy to work on the problems that we are all facing. Together, whether 
or not we hold an (ISC)2 cert or not.

* I want to work with (ISC)2, it's leadership and it's membership to review the 
current status of the CISSP certification, how it is perceived by different 
audiences (the holders, HR people and those opting not to become certified) and 
improve the exams, the exam process and the long-term value of it. With more 
than 79,000 certification holders out there, it could be concluded that the 
certification is doing well.  However, if we don't focus solely on the numbers 
and look at the way the certification is perceived, the (ISC)2 needs serious 
improvement.  By focusing on promoting the cert to businesses as a measuring 
stick for security professionals, I believe we have done a great disservice to 
our members. The certification should, in the first place, have value for the 
holder. I want to focus on delivering that value.

* I want the ISC2 to drastically improve it's vision of international adoption. 
We need to step away from a US-focus and engage communities across continents. 
The challenges we face are the same. Currently, (ISC)2 is looking at continents 
as markets, which in a strict business context makes sense, but the 
organization remains a not-for-profit organization.  I believe that we need to 
leverage the knowledge from our membership to help solve some of the critical 
security challenges we are facing on a global scale. (ISC)2 is perfectly 
positioned to play that role and I'm convinced we can do this. I can envision 
the organization playing a ground-breaking role in resolving the problems posed 
by international cybercrime. With our international membership, we can help 
breaking down barriers, remove red tape and work on jurisdiction issues when 
tracking hackers.

Based on my research, I think it's very important to bring clarity to the 
members about what the organization does, beyond offering 4 certifications (+3 
concentrations for the CISSP). What happens to the income the ISC2 receives? 
How is it used to share information with its members? How are the funds used to 
contribute back to the community, particularlly on a global scale?  The board 
meeting archives of the past few years don't reveal a lot of details about 
this. I think, as a professional organization, certifying ethical and honest 
professionals, we are obliged to transparency and clarity on this subject as 
well.

As the title mentions, this is going to be hard work and I'm ready to help.

If you are a CISSP (or (ISC)2 certificate holder) in good standing, please 
visit http://blog.remes-it.be/petition.html and if you agree with my platform 
take the time to send me your name, email address and certificate number. With 
just 500 signatures, my name will be added to the ballot for the next Board of 
Directors vote. This will help me get into a position to help improve the 
organization.

I believe it is needs to be done, I believe it can be done and I believe it can 
be done now, with your support!

--

Wim Remes
Security Afficionado


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/